-/** @file
- Defines TLS Library APIs.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __TLS_LIB_H__
-#define __TLS_LIB_H__
-
-/**
- Initializes the OpenSSL library.
-
- This function registers ciphers and digests used directly and indirectly
- by SSL/TLS, and initializes the readable error messages.
- This function must be called before any other action takes places.
-
-**/
-VOID
-EFIAPI
-TlsInitialize (
- VOID
- );
-
-/**
- Free an allocated SSL_CTX object.
-
- @param[in] TlsCtx Pointer to the SSL_CTX object to be released.
-
-**/
-VOID
-EFIAPI
-TlsCtxFree (
- IN VOID *TlsCtx
- );
-
-/**
- Creates a new SSL_CTX object as framework to establish TLS/SSL enabled
- connections.
-
- @param[in] MajorVer Major Version of TLS/SSL Protocol.
- @param[in] MinorVer Minor Version of TLS/SSL Protocol.
-
- @return Pointer to an allocated SSL_CTX object.
- If the creation failed, TlsCtxNew() returns NULL.
-
-**/
-VOID *
-EFIAPI
-TlsCtxNew (
- IN UINT8 MajorVer,
- IN UINT8 MinorVer
- );
-
-/**
- Free an allocated TLS object.
-
- This function removes the TLS object pointed to by Tls and frees up the
- allocated memory. If Tls is NULL, nothing is done.
-
- @param[in] Tls Pointer to the TLS object to be freed.
-
-**/
-VOID
-EFIAPI
-TlsFree (
- IN VOID *Tls
- );
-
-/**
- Create a new TLS object for a connection.
-
- This function creates a new TLS object for a connection. The new object
- inherits the setting of the underlying context TlsCtx: connection method,
- options, verification setting.
-
- @param[in] TlsCtx Pointer to the SSL_CTX object.
-
- @return Pointer to an allocated SSL object.
- If the creation failed, TlsNew() returns NULL.
-
-**/
-VOID *
-EFIAPI
-TlsNew (
- IN VOID *TlsCtx
- );
-
-/**
- Checks if the TLS handshake was done.
-
- This function will check if the specified TLS handshake was done.
-
- @param[in] Tls Pointer to the TLS object for handshake state checking.
-
- @retval TRUE The TLS handshake was done.
- @retval FALSE The TLS handshake was not done.
-
-**/
-BOOLEAN
-EFIAPI
-TlsInHandshake (
- IN VOID *Tls
- );
-
-/**
- Perform a TLS/SSL handshake.
-
- This function will perform a TLS/SSL handshake.
-
- @param[in] Tls Pointer to the TLS object for handshake operation.
- @param[in] BufferIn Pointer to the most recently received TLS Handshake packet.
- @param[in] BufferInSize Packet size in bytes for the most recently received TLS
- Handshake packet.
- @param[out] BufferOut Pointer to the buffer to hold the built packet.
- @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
- the buffer size provided by the caller. On output, it
- is the buffer size in fact needed to contain the
- packet.
-
- @retval EFI_SUCCESS The required TLS packet is built successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- Tls is NULL.
- BufferIn is NULL but BufferInSize is NOT 0.
- BufferInSize is 0 but BufferIn is NOT NULL.
- BufferOutSize is NULL.
- BufferOut is NULL if *BufferOutSize is not zero.
- @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
- @retval EFI_ABORTED Something wrong during handshake.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsDoHandshake (
- IN VOID *Tls,
- IN UINT8 *BufferIn, OPTIONAL
- IN UINTN BufferInSize, OPTIONAL
- OUT UINT8 *BufferOut, OPTIONAL
- IN OUT UINTN *BufferOutSize
- );
-
-/**
- Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero,
- TLS session has errors and the response packet needs to be Alert message based on error type.
-
- @param[in] Tls Pointer to the TLS object for state checking.
- @param[in] BufferIn Pointer to the most recently received TLS Alert packet.
- @param[in] BufferInSize Packet size in bytes for the most recently received TLS
- Alert packet.
- @param[out] BufferOut Pointer to the buffer to hold the built packet.
- @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
- the buffer size provided by the caller. On output, it
- is the buffer size in fact needed to contain the
- packet.
-
- @retval EFI_SUCCESS The required TLS packet is built successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- Tls is NULL.
- BufferIn is NULL but BufferInSize is NOT 0.
- BufferInSize is 0 but BufferIn is NOT NULL.
- BufferOutSize is NULL.
- BufferOut is NULL if *BufferOutSize is not zero.
- @retval EFI_ABORTED An error occurred.
- @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsHandleAlert (
- IN VOID *Tls,
- IN UINT8 *BufferIn, OPTIONAL
- IN UINTN BufferInSize, OPTIONAL
- OUT UINT8 *BufferOut, OPTIONAL
- IN OUT UINTN *BufferOutSize
- );
-
-/**
- Build the CloseNotify packet.
-
- @param[in] Tls Pointer to the TLS object for state checking.
- @param[in, out] Buffer Pointer to the buffer to hold the built packet.
- @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
- the buffer size provided by the caller. On output, it
- is the buffer size in fact needed to contain the
- packet.
-
- @retval EFI_SUCCESS The required TLS packet is built successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- Tls is NULL.
- BufferSize is NULL.
- Buffer is NULL if *BufferSize is not zero.
- @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCloseNotify (
- IN VOID *Tls,
- IN OUT UINT8 *Buffer,
- IN OUT UINTN *BufferSize
- );
-
-/**
- Attempts to read bytes from one TLS object and places the data in Buffer.
-
- This function will attempt to read BufferSize bytes from the TLS object
- and places the data in Buffer.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] Buffer Pointer to the buffer to store the data.
- @param[in] BufferSize The size of Buffer in bytes.
-
- @retval >0 The amount of data successfully read from the TLS object.
- @retval <=0 No data was successfully read.
-
-**/
-INTN
-EFIAPI
-TlsCtrlTrafficOut (
- IN VOID *Tls,
- IN OUT VOID *Buffer,
- IN UINTN BufferSize
- );
-
-/**
- Attempts to write data from the buffer to TLS object.
-
- This function will attempt to write BufferSize bytes data from the Buffer
- to the TLS object.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in] Buffer Pointer to the data buffer.
- @param[in] BufferSize The size of Buffer in bytes.
-
- @retval >0 The amount of data successfully written to the TLS object.
- @retval <=0 No data was successfully written.
-
-**/
-INTN
-EFIAPI
-TlsCtrlTrafficIn (
- IN VOID *Tls,
- IN VOID *Buffer,
- IN UINTN BufferSize
- );
-
-/**
- Attempts to read bytes from the specified TLS connection into the buffer.
-
- This function tries to read BufferSize bytes data from the specified TLS
- connection into the Buffer.
-
- @param[in] Tls Pointer to the TLS connection for data reading.
- @param[in,out] Buffer Pointer to the data buffer.
- @param[in] BufferSize The size of Buffer in bytes.
-
- @retval >0 The read operation was successful, and return value is the
- number of bytes actually read from the TLS connection.
- @retval <=0 The read operation was not successful.
-
-**/
-INTN
-EFIAPI
-TlsRead (
- IN VOID *Tls,
- IN OUT VOID *Buffer,
- IN UINTN BufferSize
- );
-
-/**
- Attempts to write data to a TLS connection.
-
- This function tries to write BufferSize bytes data from the Buffer into the
- specified TLS connection.
-
- @param[in] Tls Pointer to the TLS connection for data writing.
- @param[in] Buffer Pointer to the data buffer.
- @param[in] BufferSize The size of Buffer in bytes.
-
- @retval >0 The write operation was successful, and return value is the
- number of bytes actually written to the TLS connection.
- @retval <=0 The write operation was not successful.
-
-**/
-INTN
-EFIAPI
-TlsWrite (
- IN VOID *Tls,
- IN VOID *Buffer,
- IN UINTN BufferSize
- );
-
-/**
- Set a new TLS/SSL method for a particular TLS object.
-
- This function sets a new TLS/SSL method for a particular TLS object.
-
- @param[in] Tls Pointer to a TLS object.
- @param[in] MajorVer Major Version of TLS/SSL Protocol.
- @param[in] MinorVer Minor Version of TLS/SSL Protocol.
-
- @retval EFI_SUCCESS The TLS/SSL method was set successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetVersion (
- IN VOID *Tls,
- IN UINT8 MajorVer,
- IN UINT8 MinorVer
- );
-
-/**
- Set TLS object to work in client or server mode.
-
- This function prepares a TLS object to work in client or server mode.
-
- @param[in] Tls Pointer to a TLS object.
- @param[in] IsServer Work in server mode.
-
- @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetConnectionEnd (
- IN VOID *Tls,
- IN BOOLEAN IsServer
- );
-
-/**
- Set the ciphers list to be used by the TLS object.
-
- This function sets the ciphers for use by a specified TLS object.
-
- @param[in] Tls Pointer to a TLS object.
- @param[in] CipherId Pointer to a string that contains one or more
- ciphers separated by a colon.
- @param[in] CipherNum The number of cipher in the list.
-
- @retval EFI_SUCCESS The ciphers list was set successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Unsupported TLS cipher in the list.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetCipherList (
- IN VOID *Tls,
- IN UINT16 *CipherId,
- IN UINTN CipherNum
- );
-
-/**
- Set the compression method for TLS/SSL operations.
-
- This function handles TLS/SSL integrated compression methods.
-
- @param[in] CompMethod The compression method ID.
-
- @retval EFI_SUCCESS The compression method for the communication was
- set successfully.
- @retval EFI_UNSUPPORTED Unsupported compression method.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetCompressionMethod (
- IN UINT8 CompMethod
- );
-
-/**
- Set peer certificate verification mode for the TLS connection.
-
- This function sets the verification mode flags for the TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in] VerifyMode A set of logically or'ed verification mode flags.
-
-**/
-VOID
-EFIAPI
-TlsSetVerify (
- IN VOID *Tls,
- IN UINT32 VerifyMode
- );
-
-/**
- Sets a TLS/SSL session ID to be used during TLS/SSL connect.
-
- This function sets a session ID to be used when the TLS/SSL connection is
- to be established.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in] SessionId Session ID data used for session resumption.
- @param[in] SessionIdLen Length of Session ID in bytes.
-
- @retval EFI_SUCCESS Session ID was set successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED No available session for ID setting.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetSessionId (
- IN VOID *Tls,
- IN UINT8 *SessionId,
- IN UINT16 SessionIdLen
- );
-
-/**
- Adds the CA to the cert store when requesting Server or Client authentication.
-
- This function adds the CA certificate to the list of CAs when requesting
- Server or Client authentication for the chosen TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in] Data Pointer to the data buffer of a DER-encoded binary
- X.509 certificate or PEM-encoded X.509 certificate.
- @param[in] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.
- @retval EFI_ABORTED Invalid X.509 certificate.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetCaCertificate (
- IN VOID *Tls,
- IN VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Loads the local public certificate into the specified TLS object.
-
- This function loads the X.509 certificate into the specified TLS object
- for TLS negotiation.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in] Data Pointer to the data buffer of a DER-encoded binary
- X.509 certificate or PEM-encoded X.509 certificate.
- @param[in] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.
- @retval EFI_ABORTED Invalid X.509 certificate.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetHostPublicCert (
- IN VOID *Tls,
- IN VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Adds the local private key to the specified TLS object.
-
- This function adds the local private key (PEM-encoded RSA or PKCS#8 private
- key) into the specified TLS object for TLS negotiation.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in] Data Pointer to the data buffer of a PEM-encoded RSA
- or PKCS#8 private key.
- @param[in] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_UNSUPPORTED This function is not supported.
- @retval EFI_ABORTED Invalid private key data.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetHostPrivateKey (
- IN VOID *Tls,
- IN VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Adds the CA-supplied certificate revocation list for certificate validation.
-
- This function adds the CA-supplied certificate revocation list data for
- certificate validity checking.
-
- @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.
- @param[in] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_UNSUPPORTED This function is not supported.
- @retval EFI_ABORTED Invalid CRL data.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetCertRevocationList (
- IN VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Gets the protocol version used by the specified TLS connection.
-
- This function returns the protocol version used by the specified TLS
- connection.
-
- @param[in] Tls Pointer to the TLS object.
-
- @return The protocol version of the specified TLS connection.
-
-**/
-UINT16
-EFIAPI
-TlsGetVersion (
- IN VOID *Tls
- );
-
-/**
- Gets the connection end of the specified TLS connection.
-
- This function returns the connection end (as client or as server) used by
- the specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
-
- @return The connection end used by the specified TLS connection.
-
-**/
-UINT8
-EFIAPI
-TlsGetConnectionEnd (
- IN VOID *Tls
- );
-
-/**
- Gets the cipher suite used by the specified TLS connection.
-
- This function returns current cipher suite used by the specified
- TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] CipherId The cipher suite used by the TLS object.
-
- @retval EFI_SUCCESS The cipher suite was returned successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Unsupported cipher suite.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetCurrentCipher (
- IN VOID *Tls,
- IN OUT UINT16 *CipherId
- );
-
-/**
- Gets the compression methods used by the specified TLS connection.
-
- This function returns current integrated compression methods used by
- the specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] CompressionId The current compression method used by
- the TLS object.
-
- @retval EFI_SUCCESS The compression method was returned successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_ABORTED Invalid Compression method.
- @retval EFI_UNSUPPORTED This function is not supported.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetCurrentCompressionId (
- IN VOID *Tls,
- IN OUT UINT8 *CompressionId
- );
-
-/**
- Gets the verification mode currently set in the TLS connection.
-
- This function returns the peer verification mode currently set in the
- specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
-
- @return The verification mode set in the specified TLS connection.
-
-**/
-UINT32
-EFIAPI
-TlsGetVerify (
- IN VOID *Tls
- );
-
-/**
- Gets the session ID used by the specified TLS connection.
-
- This function returns the TLS/SSL session ID currently used by the
- specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] SessionId Buffer to contain the returned session ID.
- @param[in,out] SessionIdLen The length of Session ID in bytes.
-
- @retval EFI_SUCCESS The Session ID was returned successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetSessionId (
- IN VOID *Tls,
- IN OUT UINT8 *SessionId,
- IN OUT UINT16 *SessionIdLen
- );
-
-/**
- Gets the client random data used in the specified TLS connection.
-
- This function returns the TLS/SSL client random data currently used in
- the specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] ClientRandom Buffer to contain the returned client
- random data (32 bytes).
-
-**/
-VOID
-EFIAPI
-TlsGetClientRandom (
- IN VOID *Tls,
- IN OUT UINT8 *ClientRandom
- );
-
-/**
- Gets the server random data used in the specified TLS connection.
-
- This function returns the TLS/SSL server random data currently used in
- the specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] ServerRandom Buffer to contain the returned server
- random data (32 bytes).
-
-**/
-VOID
-EFIAPI
-TlsGetServerRandom (
- IN VOID *Tls,
- IN OUT UINT8 *ServerRandom
- );
-
-/**
- Gets the master key data used in the specified TLS connection.
-
- This function returns the TLS/SSL master key material currently used in
- the specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] KeyMaterial Buffer to contain the returned key material.
-
- @retval EFI_SUCCESS Key material was returned successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetKeyMaterial (
- IN VOID *Tls,
- IN OUT UINT8 *KeyMaterial
- );
-
-/**
- Gets the CA Certificate from the cert store.
-
- This function returns the CA certificate for the chosen
- TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[out] Data Pointer to the data buffer to receive the CA
- certificate data sent to the client.
- @param[in,out] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_UNSUPPORTED This function is not supported.
- @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetCaCertificate (
- IN VOID *Tls,
- OUT VOID *Data,
- IN OUT UINTN *DataSize
- );
-
-/**
- Gets the local public Certificate set in the specified TLS object.
-
- This function returns the local public certificate which was currently set
- in the specified TLS object.
-
- @param[in] Tls Pointer to the TLS object.
- @param[out] Data Pointer to the data buffer to receive the local
- public certificate.
- @param[in,out] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_NOT_FOUND The certificate is not found.
- @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetHostPublicCert (
- IN VOID *Tls,
- OUT VOID *Data,
- IN OUT UINTN *DataSize
- );
-
-/**
- Gets the local private key set in the specified TLS object.
-
- This function returns the local private key data which was currently set
- in the specified TLS object.
-
- @param[in] Tls Pointer to the TLS object.
- @param[out] Data Pointer to the data buffer to receive the local
- private key data.
- @param[in,out] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_UNSUPPORTED This function is not supported.
- @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetHostPrivateKey (
- IN VOID *Tls,
- OUT VOID *Data,
- IN OUT UINTN *DataSize
- );
-
-/**
- Gets the CA-supplied certificate revocation list data set in the specified
- TLS object.
-
- This function returns the CA-supplied certificate revocation list data which
- was currently set in the specified TLS object.
-
- @param[out] Data Pointer to the data buffer to receive the CRL data.
- @param[in,out] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_UNSUPPORTED This function is not supported.
- @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetCertRevocationList (
- OUT VOID *Data,
- IN OUT UINTN *DataSize
- );
-
-#endif // __TLS_LIB_H__
+/** @file\r
+ Defines TLS Library APIs.\r
+\r
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef __TLS_LIB_H__\r
+#define __TLS_LIB_H__\r
+\r
+/**\r
+ Initializes the OpenSSL library.\r
+\r
+ This function registers ciphers and digests used directly and indirectly\r
+ by SSL/TLS, and initializes the readable error messages.\r
+ This function must be called before any other action takes places.\r
+\r
+ @retval TRUE The OpenSSL library has been initialized.\r
+ @retval FALSE Failed to initialize the OpenSSL library.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+TlsInitialize (\r
+ VOID\r
+ );\r
+\r
+/**\r
+ Free an allocated SSL_CTX object.\r
+\r
+ @param[in] TlsCtx Pointer to the SSL_CTX object to be released.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+TlsCtxFree (\r
+ IN VOID *TlsCtx\r
+ );\r
+\r
+/**\r
+ Creates a new SSL_CTX object as framework to establish TLS/SSL enabled\r
+ connections.\r
+\r
+ @param[in] MajorVer Major Version of TLS/SSL Protocol.\r
+ @param[in] MinorVer Minor Version of TLS/SSL Protocol.\r
+\r
+ @return Pointer to an allocated SSL_CTX object.\r
+ If the creation failed, TlsCtxNew() returns NULL.\r
+\r
+**/\r
+VOID *\r
+EFIAPI\r
+TlsCtxNew (\r
+ IN UINT8 MajorVer,\r
+ IN UINT8 MinorVer\r
+ );\r
+\r
+/**\r
+ Free an allocated TLS object.\r
+\r
+ This function removes the TLS object pointed to by Tls and frees up the\r
+ allocated memory. If Tls is NULL, nothing is done.\r
+\r
+ @param[in] Tls Pointer to the TLS object to be freed.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+TlsFree (\r
+ IN VOID *Tls\r
+ );\r
+\r
+/**\r
+ Create a new TLS object for a connection.\r
+\r
+ This function creates a new TLS object for a connection. The new object\r
+ inherits the setting of the underlying context TlsCtx: connection method,\r
+ options, verification setting.\r
+\r
+ @param[in] TlsCtx Pointer to the SSL_CTX object.\r
+\r
+ @return Pointer to an allocated SSL object.\r
+ If the creation failed, TlsNew() returns NULL.\r
+\r
+**/\r
+VOID *\r
+EFIAPI\r
+TlsNew (\r
+ IN VOID *TlsCtx\r
+ );\r
+\r
+/**\r
+ Checks if the TLS handshake was done.\r
+\r
+ This function will check if the specified TLS handshake was done.\r
+\r
+ @param[in] Tls Pointer to the TLS object for handshake state checking.\r
+\r
+ @retval TRUE The TLS handshake was done.\r
+ @retval FALSE The TLS handshake was not done.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+TlsInHandshake (\r
+ IN VOID *Tls\r
+ );\r
+\r
+/**\r
+ Perform a TLS/SSL handshake.\r
+\r
+ This function will perform a TLS/SSL handshake.\r
+\r
+ @param[in] Tls Pointer to the TLS object for handshake operation.\r
+ @param[in] BufferIn Pointer to the most recently received TLS Handshake packet.\r
+ @param[in] BufferInSize Packet size in bytes for the most recently received TLS\r
+ Handshake packet.\r
+ @param[out] BufferOut Pointer to the buffer to hold the built packet.\r
+ @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is\r
+ the buffer size provided by the caller. On output, it\r
+ is the buffer size in fact needed to contain the\r
+ packet.\r
+\r
+ @retval EFI_SUCCESS The required TLS packet is built successfully.\r
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
+ Tls is NULL.\r
+ BufferIn is NULL but BufferInSize is NOT 0.\r
+ BufferInSize is 0 but BufferIn is NOT NULL.\r
+ BufferOutSize is NULL.\r
+ BufferOut is NULL if *BufferOutSize is not zero.\r
+ @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.\r
+ @retval EFI_ABORTED Something wrong during handshake.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsDoHandshake (\r
+ IN VOID *Tls,\r
+ IN UINT8 *BufferIn, OPTIONAL\r
+ IN UINTN BufferInSize, OPTIONAL\r
+ OUT UINT8 *BufferOut, OPTIONAL\r
+ IN OUT UINTN *BufferOutSize\r
+ );\r
+\r
+/**\r
+ Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero,\r
+ TLS session has errors and the response packet needs to be Alert message based on error type.\r
+\r
+ @param[in] Tls Pointer to the TLS object for state checking.\r
+ @param[in] BufferIn Pointer to the most recently received TLS Alert packet.\r
+ @param[in] BufferInSize Packet size in bytes for the most recently received TLS\r
+ Alert packet.\r
+ @param[out] BufferOut Pointer to the buffer to hold the built packet.\r
+ @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is\r
+ the buffer size provided by the caller. On output, it\r
+ is the buffer size in fact needed to contain the\r
+ packet.\r
+\r
+ @retval EFI_SUCCESS The required TLS packet is built successfully.\r
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
+ Tls is NULL.\r
+ BufferIn is NULL but BufferInSize is NOT 0.\r
+ BufferInSize is 0 but BufferIn is NOT NULL.\r
+ BufferOutSize is NULL.\r
+ BufferOut is NULL if *BufferOutSize is not zero.\r
+ @retval EFI_ABORTED An error occurred.\r
+ @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsHandleAlert (\r
+ IN VOID *Tls,\r
+ IN UINT8 *BufferIn, OPTIONAL\r
+ IN UINTN BufferInSize, OPTIONAL\r
+ OUT UINT8 *BufferOut, OPTIONAL\r
+ IN OUT UINTN *BufferOutSize\r
+ );\r
+\r
+/**\r
+ Build the CloseNotify packet.\r
+\r
+ @param[in] Tls Pointer to the TLS object for state checking.\r
+ @param[in, out] Buffer Pointer to the buffer to hold the built packet.\r
+ @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is\r
+ the buffer size provided by the caller. On output, it\r
+ is the buffer size in fact needed to contain the\r
+ packet.\r
+\r
+ @retval EFI_SUCCESS The required TLS packet is built successfully.\r
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:\r
+ Tls is NULL.\r
+ BufferSize is NULL.\r
+ Buffer is NULL if *BufferSize is not zero.\r
+ @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsCloseNotify (\r
+ IN VOID *Tls,\r
+ IN OUT UINT8 *Buffer,\r
+ IN OUT UINTN *BufferSize\r
+ );\r
+\r
+/**\r
+ Attempts to read bytes from one TLS object and places the data in Buffer.\r
+\r
+ This function will attempt to read BufferSize bytes from the TLS object\r
+ and places the data in Buffer.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in,out] Buffer Pointer to the buffer to store the data.\r
+ @param[in] BufferSize The size of Buffer in bytes.\r
+\r
+ @retval >0 The amount of data successfully read from the TLS object.\r
+ @retval <=0 No data was successfully read.\r
+\r
+**/\r
+INTN\r
+EFIAPI\r
+TlsCtrlTrafficOut (\r
+ IN VOID *Tls,\r
+ IN OUT VOID *Buffer,\r
+ IN UINTN BufferSize\r
+ );\r
+\r
+/**\r
+ Attempts to write data from the buffer to TLS object.\r
+\r
+ This function will attempt to write BufferSize bytes data from the Buffer\r
+ to the TLS object.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in] Buffer Pointer to the data buffer.\r
+ @param[in] BufferSize The size of Buffer in bytes.\r
+\r
+ @retval >0 The amount of data successfully written to the TLS object.\r
+ @retval <=0 No data was successfully written.\r
+\r
+**/\r
+INTN\r
+EFIAPI\r
+TlsCtrlTrafficIn (\r
+ IN VOID *Tls,\r
+ IN VOID *Buffer,\r
+ IN UINTN BufferSize\r
+ );\r
+\r
+/**\r
+ Attempts to read bytes from the specified TLS connection into the buffer.\r
+\r
+ This function tries to read BufferSize bytes data from the specified TLS\r
+ connection into the Buffer.\r
+\r
+ @param[in] Tls Pointer to the TLS connection for data reading.\r
+ @param[in,out] Buffer Pointer to the data buffer.\r
+ @param[in] BufferSize The size of Buffer in bytes.\r
+\r
+ @retval >0 The read operation was successful, and return value is the\r
+ number of bytes actually read from the TLS connection.\r
+ @retval <=0 The read operation was not successful.\r
+\r
+**/\r
+INTN\r
+EFIAPI\r
+TlsRead (\r
+ IN VOID *Tls,\r
+ IN OUT VOID *Buffer,\r
+ IN UINTN BufferSize\r
+ );\r
+\r
+/**\r
+ Attempts to write data to a TLS connection.\r
+\r
+ This function tries to write BufferSize bytes data from the Buffer into the\r
+ specified TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS connection for data writing.\r
+ @param[in] Buffer Pointer to the data buffer.\r
+ @param[in] BufferSize The size of Buffer in bytes.\r
+\r
+ @retval >0 The write operation was successful, and return value is the\r
+ number of bytes actually written to the TLS connection.\r
+ @retval <=0 The write operation was not successful.\r
+\r
+**/\r
+INTN\r
+EFIAPI\r
+TlsWrite (\r
+ IN VOID *Tls,\r
+ IN VOID *Buffer,\r
+ IN UINTN BufferSize\r
+ );\r
+\r
+/**\r
+ Set a new TLS/SSL method for a particular TLS object.\r
+\r
+ This function sets a new TLS/SSL method for a particular TLS object.\r
+\r
+ @param[in] Tls Pointer to a TLS object.\r
+ @param[in] MajorVer Major Version of TLS/SSL Protocol.\r
+ @param[in] MinorVer Minor Version of TLS/SSL Protocol.\r
+\r
+ @retval EFI_SUCCESS The TLS/SSL method was set successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetVersion (\r
+ IN VOID *Tls,\r
+ IN UINT8 MajorVer,\r
+ IN UINT8 MinorVer\r
+ );\r
+\r
+/**\r
+ Set TLS object to work in client or server mode.\r
+\r
+ This function prepares a TLS object to work in client or server mode.\r
+\r
+ @param[in] Tls Pointer to a TLS object.\r
+ @param[in] IsServer Work in server mode.\r
+\r
+ @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetConnectionEnd (\r
+ IN VOID *Tls,\r
+ IN BOOLEAN IsServer\r
+ );\r
+\r
+/**\r
+ Set the ciphers list to be used by the TLS object.\r
+\r
+ This function sets the ciphers for use by a specified TLS object.\r
+\r
+ @param[in] Tls Pointer to a TLS object.\r
+ @param[in] CipherId Pointer to a string that contains one or more\r
+ ciphers separated by a colon.\r
+ @param[in] CipherNum The number of cipher in the list.\r
+\r
+ @retval EFI_SUCCESS The ciphers list was set successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_UNSUPPORTED Unsupported TLS cipher in the list.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetCipherList (\r
+ IN VOID *Tls,\r
+ IN UINT16 *CipherId,\r
+ IN UINTN CipherNum\r
+ );\r
+\r
+/**\r
+ Set the compression method for TLS/SSL operations.\r
+\r
+ This function handles TLS/SSL integrated compression methods.\r
+\r
+ @param[in] CompMethod The compression method ID.\r
+\r
+ @retval EFI_SUCCESS The compression method for the communication was\r
+ set successfully.\r
+ @retval EFI_UNSUPPORTED Unsupported compression method.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetCompressionMethod (\r
+ IN UINT8 CompMethod\r
+ );\r
+\r
+/**\r
+ Set peer certificate verification mode for the TLS connection.\r
+\r
+ This function sets the verification mode flags for the TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in] VerifyMode A set of logically or'ed verification mode flags.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+TlsSetVerify (\r
+ IN VOID *Tls,\r
+ IN UINT32 VerifyMode\r
+ );\r
+\r
+/**\r
+ Sets a TLS/SSL session ID to be used during TLS/SSL connect.\r
+\r
+ This function sets a session ID to be used when the TLS/SSL connection is\r
+ to be established.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in] SessionId Session ID data used for session resumption.\r
+ @param[in] SessionIdLen Length of Session ID in bytes.\r
+\r
+ @retval EFI_SUCCESS Session ID was set successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_UNSUPPORTED No available session for ID setting.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetSessionId (\r
+ IN VOID *Tls,\r
+ IN UINT8 *SessionId,\r
+ IN UINT16 SessionIdLen\r
+ );\r
+\r
+/**\r
+ Adds the CA to the cert store when requesting Server or Client authentication.\r
+\r
+ This function adds the CA certificate to the list of CAs when requesting\r
+ Server or Client authentication for the chosen TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in] Data Pointer to the data buffer of a DER-encoded binary\r
+ X.509 certificate or PEM-encoded X.509 certificate.\r
+ @param[in] DataSize The size of data buffer in bytes.\r
+\r
+ @retval EFI_SUCCESS The operation succeeded.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.\r
+ @retval EFI_ABORTED Invalid X.509 certificate.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetCaCertificate (\r
+ IN VOID *Tls,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
+ );\r
+\r
+/**\r
+ Loads the local public certificate into the specified TLS object.\r
+\r
+ This function loads the X.509 certificate into the specified TLS object\r
+ for TLS negotiation.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in] Data Pointer to the data buffer of a DER-encoded binary\r
+ X.509 certificate or PEM-encoded X.509 certificate.\r
+ @param[in] DataSize The size of data buffer in bytes.\r
+\r
+ @retval EFI_SUCCESS The operation succeeded.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.\r
+ @retval EFI_ABORTED Invalid X.509 certificate.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetHostPublicCert (\r
+ IN VOID *Tls,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
+ );\r
+\r
+/**\r
+ Adds the local private key to the specified TLS object.\r
+\r
+ This function adds the local private key (PEM-encoded RSA or PKCS#8 private\r
+ key) into the specified TLS object for TLS negotiation.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in] Data Pointer to the data buffer of a PEM-encoded RSA\r
+ or PKCS#8 private key.\r
+ @param[in] DataSize The size of data buffer in bytes.\r
+\r
+ @retval EFI_SUCCESS The operation succeeded.\r
+ @retval EFI_UNSUPPORTED This function is not supported.\r
+ @retval EFI_ABORTED Invalid private key data.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetHostPrivateKey (\r
+ IN VOID *Tls,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
+ );\r
+\r
+/**\r
+ Adds the CA-supplied certificate revocation list for certificate validation.\r
+\r
+ This function adds the CA-supplied certificate revocation list data for\r
+ certificate validity checking.\r
+\r
+ @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.\r
+ @param[in] DataSize The size of data buffer in bytes.\r
+\r
+ @retval EFI_SUCCESS The operation succeeded.\r
+ @retval EFI_UNSUPPORTED This function is not supported.\r
+ @retval EFI_ABORTED Invalid CRL data.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetCertRevocationList (\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
+ );\r
+\r
+/**\r
+ Gets the protocol version used by the specified TLS connection.\r
+\r
+ This function returns the protocol version used by the specified TLS\r
+ connection.\r
+\r
+ If Tls is NULL, then ASSERT().\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+\r
+ @return The protocol version of the specified TLS connection.\r
+\r
+**/\r
+UINT16\r
+EFIAPI\r
+TlsGetVersion (\r
+ IN VOID *Tls\r
+ );\r
+\r
+/**\r
+ Gets the connection end of the specified TLS connection.\r
+\r
+ This function returns the connection end (as client or as server) used by\r
+ the specified TLS connection.\r
+\r
+ If Tls is NULL, then ASSERT().\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+\r
+ @return The connection end used by the specified TLS connection.\r
+\r
+**/\r
+UINT8\r
+EFIAPI\r
+TlsGetConnectionEnd (\r
+ IN VOID *Tls\r
+ );\r
+\r
+/**\r
+ Gets the cipher suite used by the specified TLS connection.\r
+\r
+ This function returns current cipher suite used by the specified\r
+ TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in,out] CipherId The cipher suite used by the TLS object.\r
+\r
+ @retval EFI_SUCCESS The cipher suite was returned successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_UNSUPPORTED Unsupported cipher suite.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetCurrentCipher (\r
+ IN VOID *Tls,\r
+ IN OUT UINT16 *CipherId\r
+ );\r
+\r
+/**\r
+ Gets the compression methods used by the specified TLS connection.\r
+\r
+ This function returns current integrated compression methods used by\r
+ the specified TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in,out] CompressionId The current compression method used by\r
+ the TLS object.\r
+\r
+ @retval EFI_SUCCESS The compression method was returned successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_ABORTED Invalid Compression method.\r
+ @retval EFI_UNSUPPORTED This function is not supported.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetCurrentCompressionId (\r
+ IN VOID *Tls,\r
+ IN OUT UINT8 *CompressionId\r
+ );\r
+\r
+/**\r
+ Gets the verification mode currently set in the TLS connection.\r
+\r
+ This function returns the peer verification mode currently set in the\r
+ specified TLS connection.\r
+\r
+ If Tls is NULL, then ASSERT().\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+\r
+ @return The verification mode set in the specified TLS connection.\r
+\r
+**/\r
+UINT32\r
+EFIAPI\r
+TlsGetVerify (\r
+ IN VOID *Tls\r
+ );\r
+\r
+/**\r
+ Gets the session ID used by the specified TLS connection.\r
+\r
+ This function returns the TLS/SSL session ID currently used by the\r
+ specified TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in,out] SessionId Buffer to contain the returned session ID.\r
+ @param[in,out] SessionIdLen The length of Session ID in bytes.\r
+\r
+ @retval EFI_SUCCESS The Session ID was returned successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_UNSUPPORTED Invalid TLS/SSL session.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetSessionId (\r
+ IN VOID *Tls,\r
+ IN OUT UINT8 *SessionId,\r
+ IN OUT UINT16 *SessionIdLen\r
+ );\r
+\r
+/**\r
+ Gets the client random data used in the specified TLS connection.\r
+\r
+ This function returns the TLS/SSL client random data currently used in\r
+ the specified TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in,out] ClientRandom Buffer to contain the returned client\r
+ random data (32 bytes).\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+TlsGetClientRandom (\r
+ IN VOID *Tls,\r
+ IN OUT UINT8 *ClientRandom\r
+ );\r
+\r
+/**\r
+ Gets the server random data used in the specified TLS connection.\r
+\r
+ This function returns the TLS/SSL server random data currently used in\r
+ the specified TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in,out] ServerRandom Buffer to contain the returned server\r
+ random data (32 bytes).\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+TlsGetServerRandom (\r
+ IN VOID *Tls,\r
+ IN OUT UINT8 *ServerRandom\r
+ );\r
+\r
+/**\r
+ Gets the master key data used in the specified TLS connection.\r
+\r
+ This function returns the TLS/SSL master key material currently used in\r
+ the specified TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in,out] KeyMaterial Buffer to contain the returned key material.\r
+\r
+ @retval EFI_SUCCESS Key material was returned successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_UNSUPPORTED Invalid TLS/SSL session.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetKeyMaterial (\r
+ IN VOID *Tls,\r
+ IN OUT UINT8 *KeyMaterial\r
+ );\r
+\r
+/**\r
+ Gets the CA Certificate from the cert store.\r
+\r
+ This function returns the CA certificate for the chosen\r
+ TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[out] Data Pointer to the data buffer to receive the CA\r
+ certificate data sent to the client.\r
+ @param[in,out] DataSize The size of data buffer in bytes.\r
+\r
+ @retval EFI_SUCCESS The operation succeeded.\r
+ @retval EFI_UNSUPPORTED This function is not supported.\r
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetCaCertificate (\r
+ IN VOID *Tls,\r
+ OUT VOID *Data,\r
+ IN OUT UINTN *DataSize\r
+ );\r
+\r
+/**\r
+ Gets the local public Certificate set in the specified TLS object.\r
+\r
+ This function returns the local public certificate which was currently set\r
+ in the specified TLS object.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[out] Data Pointer to the data buffer to receive the local\r
+ public certificate.\r
+ @param[in,out] DataSize The size of data buffer in bytes.\r
+\r
+ @retval EFI_SUCCESS The operation succeeded.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_NOT_FOUND The certificate is not found.\r
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetHostPublicCert (\r
+ IN VOID *Tls,\r
+ OUT VOID *Data,\r
+ IN OUT UINTN *DataSize\r
+ );\r
+\r
+/**\r
+ Gets the local private key set in the specified TLS object.\r
+\r
+ This function returns the local private key data which was currently set\r
+ in the specified TLS object.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[out] Data Pointer to the data buffer to receive the local\r
+ private key data.\r
+ @param[in,out] DataSize The size of data buffer in bytes.\r
+\r
+ @retval EFI_SUCCESS The operation succeeded.\r
+ @retval EFI_UNSUPPORTED This function is not supported.\r
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetHostPrivateKey (\r
+ IN VOID *Tls,\r
+ OUT VOID *Data,\r
+ IN OUT UINTN *DataSize\r
+ );\r
+\r
+/**\r
+ Gets the CA-supplied certificate revocation list data set in the specified\r
+ TLS object.\r
+\r
+ This function returns the CA-supplied certificate revocation list data which\r
+ was currently set in the specified TLS object.\r
+\r
+ @param[out] Data Pointer to the data buffer to receive the CRL data.\r
+ @param[in,out] DataSize The size of data buffer in bytes.\r
+\r
+ @retval EFI_SUCCESS The operation succeeded.\r
+ @retval EFI_UNSUPPORTED This function is not supported.\r
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetCertRevocationList (\r
+ OUT VOID *Data,\r
+ IN OUT UINTN *DataSize\r
+ );\r
+\r
+#endif // __TLS_LIB_H__\r
+\r