/** @file\r
SSL/TLS Configuration Library Wrapper Implementation over OpenSSL.\r
\r
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
//\r
// IANA/IETF defined Cipher Suite ID\r
//\r
- UINT16 IanaCipher;\r
+ UINT16 IanaCipher;\r
//\r
// OpenSSL-used Cipher Suite String\r
//\r
- CONST CHAR8 *OpensslCipher;\r
+ CONST CHAR8 *OpensslCipher;\r
//\r
// Length of OpensslCipher\r
//\r
- UINTN OpensslCipherLength;\r
+ UINTN OpensslCipherLength;\r
} TLS_CIPHER_MAPPING;\r
\r
//\r
//\r
// Keep the table uniquely sorted by the IanaCipher field, in increasing order.\r
//\r
-STATIC CONST TLS_CIPHER_MAPPING TlsCipherMappingTable[] = {\r
- MAP ( 0x0001, "NULL-MD5" ), /// TLS_RSA_WITH_NULL_MD5\r
- MAP ( 0x0002, "NULL-SHA" ), /// TLS_RSA_WITH_NULL_SHA\r
- MAP ( 0x0004, "RC4-MD5" ), /// TLS_RSA_WITH_RC4_128_MD5\r
- MAP ( 0x0005, "RC4-SHA" ), /// TLS_RSA_WITH_RC4_128_SHA\r
- MAP ( 0x000A, "DES-CBC3-SHA" ), /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1\r
- MAP ( 0x0016, "DHE-RSA-DES-CBC3-SHA" ), /// TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA\r
- MAP ( 0x002F, "AES128-SHA" ), /// TLS_RSA_WITH_AES_128_CBC_SHA, mandatory TLS 1.2\r
- MAP ( 0x0030, "DH-DSS-AES128-SHA" ), /// TLS_DH_DSS_WITH_AES_128_CBC_SHA\r
- MAP ( 0x0031, "DH-RSA-AES128-SHA" ), /// TLS_DH_RSA_WITH_AES_128_CBC_SHA\r
- MAP ( 0x0033, "DHE-RSA-AES128-SHA" ), /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA\r
- MAP ( 0x0035, "AES256-SHA" ), /// TLS_RSA_WITH_AES_256_CBC_SHA\r
- MAP ( 0x0036, "DH-DSS-AES256-SHA" ), /// TLS_DH_DSS_WITH_AES_256_CBC_SHA\r
- MAP ( 0x0037, "DH-RSA-AES256-SHA" ), /// TLS_DH_RSA_WITH_AES_256_CBC_SHA\r
- MAP ( 0x0039, "DHE-RSA-AES256-SHA" ), /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA\r
- MAP ( 0x003B, "NULL-SHA256" ), /// TLS_RSA_WITH_NULL_SHA256\r
- MAP ( 0x003C, "AES128-SHA256" ), /// TLS_RSA_WITH_AES_128_CBC_SHA256\r
- MAP ( 0x003D, "AES256-SHA256" ), /// TLS_RSA_WITH_AES_256_CBC_SHA256\r
- MAP ( 0x003E, "DH-DSS-AES128-SHA256" ), /// TLS_DH_DSS_WITH_AES_128_CBC_SHA256\r
- MAP ( 0x003F, "DH-RSA-AES128-SHA256" ), /// TLS_DH_RSA_WITH_AES_128_CBC_SHA256\r
- MAP ( 0x0067, "DHE-RSA-AES128-SHA256" ), /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA256\r
- MAP ( 0x0068, "DH-DSS-AES256-SHA256" ), /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256\r
- MAP ( 0x0069, "DH-RSA-AES256-SHA256" ), /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256\r
- MAP ( 0x006B, "DHE-RSA-AES256-SHA256" ), /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256\r
+STATIC CONST TLS_CIPHER_MAPPING TlsCipherMappingTable[] = {\r
+ MAP (0x0001, "NULL-MD5"), /// TLS_RSA_WITH_NULL_MD5\r
+ MAP (0x0002, "NULL-SHA"), /// TLS_RSA_WITH_NULL_SHA\r
+ MAP (0x0004, "RC4-MD5"), /// TLS_RSA_WITH_RC4_128_MD5\r
+ MAP (0x0005, "RC4-SHA"), /// TLS_RSA_WITH_RC4_128_SHA\r
+ MAP (0x000A, "DES-CBC3-SHA"), /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1\r
+ MAP (0x0016, "DHE-RSA-DES-CBC3-SHA"), /// TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA\r
+ MAP (0x002F, "AES128-SHA"), /// TLS_RSA_WITH_AES_128_CBC_SHA, mandatory TLS 1.2\r
+ MAP (0x0030, "DH-DSS-AES128-SHA"), /// TLS_DH_DSS_WITH_AES_128_CBC_SHA\r
+ MAP (0x0031, "DH-RSA-AES128-SHA"), /// TLS_DH_RSA_WITH_AES_128_CBC_SHA\r
+ MAP (0x0033, "DHE-RSA-AES128-SHA"), /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA\r
+ MAP (0x0035, "AES256-SHA"), /// TLS_RSA_WITH_AES_256_CBC_SHA\r
+ MAP (0x0036, "DH-DSS-AES256-SHA"), /// TLS_DH_DSS_WITH_AES_256_CBC_SHA\r
+ MAP (0x0037, "DH-RSA-AES256-SHA"), /// TLS_DH_RSA_WITH_AES_256_CBC_SHA\r
+ MAP (0x0039, "DHE-RSA-AES256-SHA"), /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA\r
+ MAP (0x003B, "NULL-SHA256"), /// TLS_RSA_WITH_NULL_SHA256\r
+ MAP (0x003C, "AES128-SHA256"), /// TLS_RSA_WITH_AES_128_CBC_SHA256\r
+ MAP (0x003D, "AES256-SHA256"), /// TLS_RSA_WITH_AES_256_CBC_SHA256\r
+ MAP (0x003E, "DH-DSS-AES128-SHA256"), /// TLS_DH_DSS_WITH_AES_128_CBC_SHA256\r
+ MAP (0x003F, "DH-RSA-AES128-SHA256"), /// TLS_DH_RSA_WITH_AES_128_CBC_SHA256\r
+ MAP (0x0067, "DHE-RSA-AES128-SHA256"), /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA256\r
+ MAP (0x0068, "DH-DSS-AES256-SHA256"), /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256\r
+ MAP (0x0069, "DH-RSA-AES256-SHA256"), /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256\r
+ MAP (0x006B, "DHE-RSA-AES256-SHA256"), /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256\r
};\r
\r
/**\r
STATIC\r
CONST TLS_CIPHER_MAPPING *\r
TlsGetCipherMapping (\r
- IN UINT16 CipherId\r
+ IN UINT16 CipherId\r
)\r
{\r
- INTN Left;\r
- INTN Right;\r
- INTN Middle;\r
+ INTN Left;\r
+ INTN Right;\r
+ INTN Middle;\r
\r
//\r
// Binary Search Cipher Mapping Table for IANA-OpenSSL Cipher Translation\r
if (CipherId < TlsCipherMappingTable[Middle].IanaCipher) {\r
Right = Middle - 1;\r
} else {\r
- Left = Middle + 1;\r
+ Left = Middle + 1;\r
}\r
}\r
\r
EFI_STATUS\r
EFIAPI\r
TlsSetVersion (\r
- IN VOID *Tls,\r
- IN UINT8 MajorVer,\r
- IN UINT8 MinorVer\r
+ IN VOID *Tls,\r
+ IN UINT8 MajorVer,\r
+ IN UINT8 MinorVer\r
)\r
{\r
TLS_CONNECTION *TlsConn;\r
UINT16 ProtoVersion;\r
\r
TlsConn = (TLS_CONNECTION *)Tls;\r
- if (TlsConn == NULL || TlsConn->Ssl == NULL) {\r
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
// Bound TLS method to the particular specified version.\r
//\r
switch (ProtoVersion) {\r
- case TLS1_VERSION:\r
- //\r
- // TLS 1.0\r
- //\r
- SSL_set_min_proto_version (TlsConn->Ssl, TLS1_VERSION);\r
- SSL_set_max_proto_version (TlsConn->Ssl, TLS1_VERSION);\r
- break;\r
- case TLS1_1_VERSION:\r
- //\r
- // TLS 1.1\r
- //\r
- SSL_set_min_proto_version (TlsConn->Ssl, TLS1_1_VERSION);\r
- SSL_set_max_proto_version (TlsConn->Ssl, TLS1_1_VERSION);\r
- break;\r
- case TLS1_2_VERSION:\r
- //\r
- // TLS 1.2\r
- //\r
- SSL_set_min_proto_version (TlsConn->Ssl, TLS1_2_VERSION);\r
- SSL_set_max_proto_version (TlsConn->Ssl, TLS1_2_VERSION);\r
- break;\r
- default:\r
- //\r
- // Unsupported Protocol Version\r
- //\r
- return EFI_UNSUPPORTED;\r
+ case TLS1_VERSION:\r
+ //\r
+ // TLS 1.0\r
+ //\r
+ SSL_set_min_proto_version (TlsConn->Ssl, TLS1_VERSION);\r
+ SSL_set_max_proto_version (TlsConn->Ssl, TLS1_VERSION);\r
+ break;\r
+ case TLS1_1_VERSION:\r
+ //\r
+ // TLS 1.1\r
+ //\r
+ SSL_set_min_proto_version (TlsConn->Ssl, TLS1_1_VERSION);\r
+ SSL_set_max_proto_version (TlsConn->Ssl, TLS1_1_VERSION);\r
+ break;\r
+ case TLS1_2_VERSION:\r
+ //\r
+ // TLS 1.2\r
+ //\r
+ SSL_set_min_proto_version (TlsConn->Ssl, TLS1_2_VERSION);\r
+ SSL_set_max_proto_version (TlsConn->Ssl, TLS1_2_VERSION);\r
+ break;\r
+ default:\r
+ //\r
+ // Unsupported Protocol Version\r
+ //\r
+ return EFI_UNSUPPORTED;\r
}\r
\r
- return EFI_SUCCESS;;\r
+ return EFI_SUCCESS;\r
}\r
\r
/**\r
EFI_STATUS\r
EFIAPI\r
TlsSetConnectionEnd (\r
- IN VOID *Tls,\r
- IN BOOLEAN IsServer\r
+ IN VOID *Tls,\r
+ IN BOOLEAN IsServer\r
)\r
{\r
TLS_CONNECTION *TlsConn;\r
\r
- TlsConn = (TLS_CONNECTION *) Tls;\r
- if (TlsConn == NULL || TlsConn->Ssl == NULL) {\r
+ TlsConn = (TLS_CONNECTION *)Tls;\r
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
// Set TLS to work in Server mode.\r
// It is unsupported for UEFI version currently.\r
//\r
- //SSL_set_accept_state (TlsConn->Ssl);\r
+ // SSL_set_accept_state (TlsConn->Ssl);\r
return EFI_UNSUPPORTED;\r
}\r
\r
EFI_STATUS\r
EFIAPI\r
TlsSetCipherList (\r
- IN VOID *Tls,\r
- IN UINT16 *CipherId,\r
- IN UINTN CipherNum\r
+ IN VOID *Tls,\r
+ IN UINT16 *CipherId,\r
+ IN UINTN CipherNum\r
)\r
{\r
- TLS_CONNECTION *TlsConn;\r
- EFI_STATUS Status;\r
- CONST TLS_CIPHER_MAPPING **MappedCipher;\r
- UINTN MappedCipherBytes;\r
- UINTN MappedCipherCount;\r
- UINTN CipherStringSize;\r
- UINTN Index;\r
- CONST TLS_CIPHER_MAPPING *Mapping;\r
- CHAR8 *CipherString;\r
- CHAR8 *CipherStringPosition;\r
-\r
- TlsConn = (TLS_CONNECTION *) Tls;\r
- if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {\r
+ TLS_CONNECTION *TlsConn;\r
+ EFI_STATUS Status;\r
+ CONST TLS_CIPHER_MAPPING **MappedCipher;\r
+ UINTN MappedCipherBytes;\r
+ UINTN MappedCipherCount;\r
+ UINTN CipherStringSize;\r
+ UINTN Index;\r
+ CONST TLS_CIPHER_MAPPING *Mapping;\r
+ CHAR8 *CipherString;\r
+ CHAR8 *CipherStringPosition;\r
+\r
+ TlsConn = (TLS_CONNECTION *)Tls;\r
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (CipherId == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
// Allocate the MappedCipher array for recording the mappings that we find\r
// for the input IANA identifiers in CipherId.\r
//\r
- Status = SafeUintnMult (CipherNum, sizeof (*MappedCipher),\r
- &MappedCipherBytes);\r
+ Status = SafeUintnMult (\r
+ CipherNum,\r
+ sizeof (*MappedCipher),\r
+ &MappedCipherBytes\r
+ );\r
if (EFI_ERROR (Status)) {\r
return EFI_OUT_OF_RESOURCES;\r
}\r
+\r
MappedCipher = AllocatePool (MappedCipherBytes);\r
if (MappedCipher == NULL) {\r
return EFI_OUT_OF_RESOURCES;\r
// CipherString.\r
//\r
MappedCipherCount = 0;\r
- CipherStringSize = 0;\r
+ CipherStringSize = 0;\r
for (Index = 0; Index < CipherNum; Index++) {\r
//\r
// Look up the IANA-to-OpenSSL mapping.\r
//\r
Mapping = TlsGetCipherMapping (CipherId[Index]);\r
if (Mapping == NULL) {\r
- DEBUG ((DEBUG_VERBOSE, "%a:%a: skipping CipherId=0x%04x\n",\r
- gEfiCallerBaseName, __FUNCTION__, CipherId[Index]));\r
+ DEBUG ((\r
+ DEBUG_VERBOSE,\r
+ "%a:%a: skipping CipherId=0x%04x\n",\r
+ gEfiCallerBaseName,\r
+ __FUNCTION__,\r
+ CipherId[Index]\r
+ ));\r
//\r
// Skipping the cipher is valid because CipherId is an ordered\r
// preference list of ciphers, thus we can filter it as long as we\r
//\r
continue;\r
}\r
+\r
//\r
// Accumulate Mapping->OpensslCipherLength into CipherStringSize. If this\r
// is not the first successful mapping, account for a colon (":") prefix\r
goto FreeMappedCipher;\r
}\r
}\r
- Status = SafeUintnAdd (CipherStringSize, Mapping->OpensslCipherLength,\r
- &CipherStringSize);\r
+\r
+ Status = SafeUintnAdd (\r
+ CipherStringSize,\r
+ Mapping->OpensslCipherLength,\r
+ &CipherStringSize\r
+ );\r
if (EFI_ERROR (Status)) {\r
Status = EFI_OUT_OF_RESOURCES;\r
goto FreeMappedCipher;\r
}\r
+\r
//\r
// Record the mapping.\r
//\r
// terminating NUL character in CipherStringSize; allocate CipherString.\r
//\r
if (MappedCipherCount == 0) {\r
- DEBUG ((DEBUG_ERROR, "%a:%a: no CipherId could be mapped\n",\r
- gEfiCallerBaseName, __FUNCTION__));\r
+ DEBUG ((\r
+ DEBUG_ERROR,\r
+ "%a:%a: no CipherId could be mapped\n",\r
+ gEfiCallerBaseName,\r
+ __FUNCTION__\r
+ ));\r
Status = EFI_UNSUPPORTED;\r
goto FreeMappedCipher;\r
}\r
+\r
Status = SafeUintnAdd (CipherStringSize, 1, &CipherStringSize);\r
if (EFI_ERROR (Status)) {\r
Status = EFI_OUT_OF_RESOURCES;\r
goto FreeMappedCipher;\r
}\r
+\r
CipherString = AllocatePool (CipherStringSize);\r
if (CipherString == NULL) {\r
Status = EFI_OUT_OF_RESOURCES;\r
if (Index > 0) {\r
*(CipherStringPosition++) = ':';\r
}\r
- CopyMem (CipherStringPosition, Mapping->OpensslCipher,\r
- Mapping->OpensslCipherLength);\r
+\r
+ CopyMem (\r
+ CipherStringPosition,\r
+ Mapping->OpensslCipher,\r
+ Mapping->OpensslCipherLength\r
+ );\r
CipherStringPosition += Mapping->OpensslCipherLength;\r
}\r
\r
// 79 non-newline characters. (MAX_DEBUG_MESSAGE_LENGTH is usually 0x100 in\r
// DebugLib instances.)\r
//\r
- DEBUG_CODE (\r
- UINTN FullLength;\r
- UINTN SegmentLength;\r
-\r
- FullLength = CipherStringSize - 1;\r
- DEBUG ((DEBUG_VERBOSE, "%a:%a: CipherString={\n", gEfiCallerBaseName,\r
- __FUNCTION__));\r
- for (CipherStringPosition = CipherString;\r
- CipherStringPosition < CipherString + FullLength;\r
- CipherStringPosition += SegmentLength) {\r
- SegmentLength = FullLength - (CipherStringPosition - CipherString);\r
- if (SegmentLength > 79) {\r
- SegmentLength = 79;\r
- }\r
- DEBUG ((DEBUG_VERBOSE, "%.*a\n", SegmentLength, CipherStringPosition));\r
+ DEBUG_CODE_BEGIN ();\r
+ UINTN FullLength;\r
+ UINTN SegmentLength;\r
+\r
+ FullLength = CipherStringSize - 1;\r
+ DEBUG ((\r
+ DEBUG_VERBOSE,\r
+ "%a:%a: CipherString={\n",\r
+ gEfiCallerBaseName,\r
+ __FUNCTION__\r
+ ));\r
+ for (CipherStringPosition = CipherString;\r
+ CipherStringPosition < CipherString + FullLength;\r
+ CipherStringPosition += SegmentLength)\r
+ {\r
+ SegmentLength = FullLength - (CipherStringPosition - CipherString);\r
+ if (SegmentLength > 79) {\r
+ SegmentLength = 79;\r
}\r
- DEBUG ((DEBUG_VERBOSE, "}\n"));\r
- //\r
- // Restore the pre-debug value of CipherStringPosition by skipping over the\r
- // trailing NUL.\r
- //\r
- CipherStringPosition++;\r
- ASSERT (CipherStringPosition == CipherString + CipherStringSize);\r
- );\r
+\r
+ DEBUG ((DEBUG_VERBOSE, "%.*a\n", SegmentLength, CipherStringPosition));\r
+ }\r
+\r
+ DEBUG ((DEBUG_VERBOSE, "}\n"));\r
+ //\r
+ // Restore the pre-debug value of CipherStringPosition by skipping over the\r
+ // trailing NUL.\r
+ //\r
+ CipherStringPosition++;\r
+ ASSERT (CipherStringPosition == CipherString + CipherStringSize);\r
+ DEBUG_CODE_END ();\r
\r
//\r
// Sets the ciphers for use by the Tls object.\r
EFI_STATUS\r
EFIAPI\r
TlsSetCompressionMethod (\r
- IN UINT8 CompMethod\r
+ IN UINT8 CompMethod\r
)\r
{\r
COMP_METHOD *Cm;\r
//\r
return EFI_SUCCESS;\r
} else if (CompMethod == 1) {\r
- Cm = COMP_zlib();\r
+ Cm = COMP_zlib ();\r
} else {\r
return EFI_UNSUPPORTED;\r
}\r
VOID\r
EFIAPI\r
TlsSetVerify (\r
- IN VOID *Tls,\r
- IN UINT32 VerifyMode\r
+ IN VOID *Tls,\r
+ IN UINT32 VerifyMode\r
)\r
{\r
TLS_CONNECTION *TlsConn;\r
\r
- TlsConn = (TLS_CONNECTION *) Tls;\r
- if (TlsConn == NULL || TlsConn->Ssl == NULL) {\r
+ TlsConn = (TLS_CONNECTION *)Tls;\r
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL)) {\r
return;\r
}\r
\r
SSL_set_verify (TlsConn->Ssl, VerifyMode, NULL);\r
}\r
\r
+/**\r
+ Set the specified host name to be verified.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in] Flags The setting flags during the validation.\r
+ @param[in] HostName The specified host name to be verified.\r
+\r
+ @retval EFI_SUCCESS The HostName setting was set successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_ABORTED Invalid HostName setting.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetVerifyHost (\r
+ IN VOID *Tls,\r
+ IN UINT32 Flags,\r
+ IN CHAR8 *HostName\r
+ )\r
+{\r
+ TLS_CONNECTION *TlsConn;\r
+ X509_VERIFY_PARAM *VerifyParam;\r
+ UINTN BinaryAddressSize;\r
+ UINT8 BinaryAddress[MAX (NS_INADDRSZ, NS_IN6ADDRSZ)];\r
+ INTN ParamStatus;\r
+\r
+ TlsConn = (TLS_CONNECTION *)Tls;\r
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (HostName == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ SSL_set_hostflags (TlsConn->Ssl, Flags);\r
+\r
+ VerifyParam = SSL_get0_param (TlsConn->Ssl);\r
+ ASSERT (VerifyParam != NULL);\r
+\r
+ BinaryAddressSize = 0;\r
+ if (inet_pton (AF_INET6, HostName, BinaryAddress) == 1) {\r
+ BinaryAddressSize = NS_IN6ADDRSZ;\r
+ } else if (inet_pton (AF_INET, HostName, BinaryAddress) == 1) {\r
+ BinaryAddressSize = NS_INADDRSZ;\r
+ }\r
+\r
+ if (BinaryAddressSize > 0) {\r
+ DEBUG ((\r
+ DEBUG_VERBOSE,\r
+ "%a:%a: parsed \"%a\" as an IPv%c address "\r
+ "literal\n",\r
+ gEfiCallerBaseName,\r
+ __FUNCTION__,\r
+ HostName,\r
+ (UINTN)((BinaryAddressSize == NS_IN6ADDRSZ) ? '6' : '4')\r
+ ));\r
+ ParamStatus = X509_VERIFY_PARAM_set1_ip (\r
+ VerifyParam,\r
+ BinaryAddress,\r
+ BinaryAddressSize\r
+ );\r
+ } else {\r
+ ParamStatus = X509_VERIFY_PARAM_set1_host (VerifyParam, HostName, 0);\r
+ }\r
+\r
+ return (ParamStatus == 1) ? EFI_SUCCESS : EFI_ABORTED;\r
+}\r
+\r
/**\r
Sets a TLS/SSL session ID to be used during TLS/SSL connect.\r
\r
EFI_STATUS\r
EFIAPI\r
TlsSetSessionId (\r
- IN VOID *Tls,\r
- IN UINT8 *SessionId,\r
- IN UINT16 SessionIdLen\r
+ IN VOID *Tls,\r
+ IN UINT8 *SessionId,\r
+ IN UINT16 SessionIdLen\r
)\r
{\r
TLS_CONNECTION *TlsConn;\r
SSL_SESSION *Session;\r
\r
- TlsConn = (TLS_CONNECTION *) Tls;\r
+ TlsConn = (TLS_CONNECTION *)Tls;\r
Session = NULL;\r
\r
- if (TlsConn == NULL || TlsConn->Ssl == NULL || SessionId == NULL) {\r
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (SessionId == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
EFI_STATUS\r
EFIAPI\r
TlsSetCaCertificate (\r
- IN VOID *Tls,\r
- IN VOID *Data,\r
- IN UINTN DataSize\r
+ IN VOID *Tls,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
)\r
{\r
BIO *BioCert;\r
Cert = NULL;\r
X509Store = NULL;\r
Status = EFI_SUCCESS;\r
- TlsConn = (TLS_CONNECTION *) Tls;\r
+ TlsConn = (TLS_CONNECTION *)Tls;\r
Ret = 0;\r
\r
- if (TlsConn == NULL || TlsConn->Ssl == NULL || Data == NULL || DataSize == 0) {\r
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (Data == NULL) || (DataSize == 0)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
// DER-encoded binary X.509 certificate or PEM-encoded X.509 certificate.\r
// Determine whether certificate is from DER encoding, if so, translate it to X509 structure.\r
//\r
- Cert = d2i_X509 (NULL, (const unsigned char ** )&Data, (long) DataSize);\r
+ Cert = d2i_X509 (NULL, (const unsigned char **)&Data, (long)DataSize);\r
if (Cert == NULL) {\r
//\r
// Certificate is from PEM encoding.\r
goto ON_EXIT;\r
}\r
\r
- if (BIO_write (BioCert, Data, (UINT32) DataSize) <= 0) {\r
+ if (BIO_write (BioCert, Data, (UINT32)DataSize) <= 0) {\r
Status = EFI_ABORTED;\r
goto ON_EXIT;\r
}\r
SslCtx = SSL_get_SSL_CTX (TlsConn->Ssl);\r
X509Store = SSL_CTX_get_cert_store (SslCtx);\r
if (X509Store == NULL) {\r
- Status = EFI_ABORTED;\r
- goto ON_EXIT;\r
+ Status = EFI_ABORTED;\r
+ goto ON_EXIT;\r
}\r
\r
//\r
//\r
// Ignore "already in table" errors\r
//\r
- if (!(ERR_GET_FUNC (ErrorCode) == X509_F_X509_STORE_ADD_CERT &&\r
- ERR_GET_REASON (ErrorCode) == X509_R_CERT_ALREADY_IN_HASH_TABLE)) {\r
+ if (!((ERR_GET_FUNC (ErrorCode) == X509_F_X509_STORE_ADD_CERT) &&\r
+ (ERR_GET_REASON (ErrorCode) == X509_R_CERT_ALREADY_IN_HASH_TABLE)))\r
+ {\r
Status = EFI_ABORTED;\r
goto ON_EXIT;\r
}\r
EFI_STATUS\r
EFIAPI\r
TlsSetHostPublicCert (\r
- IN VOID *Tls,\r
- IN VOID *Data,\r
- IN UINTN DataSize\r
+ IN VOID *Tls,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
)\r
{\r
BIO *BioCert;\r
BioCert = NULL;\r
Cert = NULL;\r
Status = EFI_SUCCESS;\r
- TlsConn = (TLS_CONNECTION *) Tls;\r
+ TlsConn = (TLS_CONNECTION *)Tls;\r
\r
- if (TlsConn == NULL || TlsConn->Ssl == NULL || Data == NULL || DataSize == 0) {\r
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (Data == NULL) || (DataSize == 0)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
// DER-encoded binary X.509 certificate or PEM-encoded X.509 certificate.\r
// Determine whether certificate is from DER encoding, if so, translate it to X509 structure.\r
//\r
- Cert = d2i_X509 (NULL, (const unsigned char ** )&Data, (long) DataSize);\r
+ Cert = d2i_X509 (NULL, (const unsigned char **)&Data, (long)DataSize);\r
if (Cert == NULL) {\r
//\r
// Certificate is from PEM encoding.\r
goto ON_EXIT;\r
}\r
\r
- if (BIO_write (BioCert, Data, (UINT32) DataSize) <= 0) {\r
+ if (BIO_write (BioCert, Data, (UINT32)DataSize) <= 0) {\r
Status = EFI_ABORTED;\r
goto ON_EXIT;\r
}\r
EFI_STATUS\r
EFIAPI\r
TlsSetHostPrivateKey (\r
- IN VOID *Tls,\r
- IN VOID *Data,\r
- IN UINTN DataSize\r
+ IN VOID *Tls,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
)\r
{\r
return EFI_UNSUPPORTED;\r
EFI_STATUS\r
EFIAPI\r
TlsSetCertRevocationList (\r
- IN VOID *Data,\r
- IN UINTN DataSize\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
)\r
{\r
return EFI_UNSUPPORTED;\r
UINT16\r
EFIAPI\r
TlsGetVersion (\r
- IN VOID *Tls\r
+ IN VOID *Tls\r
)\r
{\r
TLS_CONNECTION *TlsConn;\r
\r
- TlsConn = (TLS_CONNECTION *) Tls;\r
+ TlsConn = (TLS_CONNECTION *)Tls;\r
\r
ASSERT (TlsConn != NULL);\r
\r
UINT8\r
EFIAPI\r
TlsGetConnectionEnd (\r
- IN VOID *Tls\r
+ IN VOID *Tls\r
)\r
{\r
TLS_CONNECTION *TlsConn;\r
\r
- TlsConn = (TLS_CONNECTION *) Tls;\r
+ TlsConn = (TLS_CONNECTION *)Tls;\r
\r
ASSERT (TlsConn != NULL);\r
\r
EFI_STATUS\r
EFIAPI\r
TlsGetCurrentCipher (\r
- IN VOID *Tls,\r
- IN OUT UINT16 *CipherId\r
+ IN VOID *Tls,\r
+ IN OUT UINT16 *CipherId\r
)\r
{\r
TLS_CONNECTION *TlsConn;\r
CONST SSL_CIPHER *Cipher;\r
\r
- TlsConn = (TLS_CONNECTION *) Tls;\r
+ TlsConn = (TLS_CONNECTION *)Tls;\r
Cipher = NULL;\r
\r
- if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {\r
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (CipherId == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
EFI_STATUS\r
EFIAPI\r
TlsGetCurrentCompressionId (\r
- IN VOID *Tls,\r
- IN OUT UINT8 *CompressionId\r
+ IN VOID *Tls,\r
+ IN OUT UINT8 *CompressionId\r
)\r
{\r
return EFI_UNSUPPORTED;\r
UINT32\r
EFIAPI\r
TlsGetVerify (\r
- IN VOID *Tls\r
+ IN VOID *Tls\r
)\r
{\r
TLS_CONNECTION *TlsConn;\r
\r
- TlsConn = (TLS_CONNECTION *) Tls;\r
+ TlsConn = (TLS_CONNECTION *)Tls;\r
\r
ASSERT (TlsConn != NULL);\r
\r
EFI_STATUS\r
EFIAPI\r
TlsGetSessionId (\r
- IN VOID *Tls,\r
- IN OUT UINT8 *SessionId,\r
- IN OUT UINT16 *SessionIdLen\r
+ IN VOID *Tls,\r
+ IN OUT UINT8 *SessionId,\r
+ IN OUT UINT16 *SessionIdLen\r
)\r
{\r
TLS_CONNECTION *TlsConn;\r
SSL_SESSION *Session;\r
CONST UINT8 *SslSessionId;\r
\r
- TlsConn = (TLS_CONNECTION *) Tls;\r
+ TlsConn = (TLS_CONNECTION *)Tls;\r
Session = NULL;\r
\r
- if (TlsConn == NULL || TlsConn->Ssl == NULL || SessionId == NULL || SessionIdLen == NULL) {\r
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (SessionId == NULL) || (SessionIdLen == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
VOID\r
EFIAPI\r
TlsGetClientRandom (\r
- IN VOID *Tls,\r
- IN OUT UINT8 *ClientRandom\r
+ IN VOID *Tls,\r
+ IN OUT UINT8 *ClientRandom\r
)\r
{\r
TLS_CONNECTION *TlsConn;\r
\r
- TlsConn = (TLS_CONNECTION *) Tls;\r
+ TlsConn = (TLS_CONNECTION *)Tls;\r
\r
- if (TlsConn == NULL || TlsConn->Ssl == NULL || ClientRandom == NULL) {\r
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (ClientRandom == NULL)) {\r
return;\r
}\r
\r
VOID\r
EFIAPI\r
TlsGetServerRandom (\r
- IN VOID *Tls,\r
- IN OUT UINT8 *ServerRandom\r
+ IN VOID *Tls,\r
+ IN OUT UINT8 *ServerRandom\r
)\r
{\r
TLS_CONNECTION *TlsConn;\r
\r
- TlsConn = (TLS_CONNECTION *) Tls;\r
+ TlsConn = (TLS_CONNECTION *)Tls;\r
\r
- if (TlsConn == NULL || TlsConn->Ssl == NULL || ServerRandom == NULL) {\r
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (ServerRandom == NULL)) {\r
return;\r
}\r
\r
EFI_STATUS\r
EFIAPI\r
TlsGetKeyMaterial (\r
- IN VOID *Tls,\r
- IN OUT UINT8 *KeyMaterial\r
+ IN VOID *Tls,\r
+ IN OUT UINT8 *KeyMaterial\r
)\r
{\r
TLS_CONNECTION *TlsConn;\r
SSL_SESSION *Session;\r
\r
- TlsConn = (TLS_CONNECTION *) Tls;\r
+ TlsConn = (TLS_CONNECTION *)Tls;\r
Session = NULL;\r
\r
- if (TlsConn == NULL || TlsConn->Ssl == NULL || KeyMaterial == NULL) {\r
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (KeyMaterial == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
EFI_STATUS\r
EFIAPI\r
TlsGetCaCertificate (\r
- IN VOID *Tls,\r
- OUT VOID *Data,\r
- IN OUT UINTN *DataSize\r
+ IN VOID *Tls,\r
+ OUT VOID *Data,\r
+ IN OUT UINTN *DataSize\r
)\r
{\r
return EFI_UNSUPPORTED;\r
EFI_STATUS\r
EFIAPI\r
TlsGetHostPublicCert (\r
- IN VOID *Tls,\r
- OUT VOID *Data,\r
- IN OUT UINTN *DataSize\r
+ IN VOID *Tls,\r
+ OUT VOID *Data,\r
+ IN OUT UINTN *DataSize\r
)\r
{\r
X509 *Cert;\r
TLS_CONNECTION *TlsConn;\r
\r
Cert = NULL;\r
- TlsConn = (TLS_CONNECTION *) Tls;\r
+ TlsConn = (TLS_CONNECTION *)Tls;\r
\r
- if (TlsConn == NULL || TlsConn->Ssl == NULL || DataSize == NULL || (*DataSize != 0 && Data == NULL)) {\r
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (DataSize == NULL) || ((*DataSize != 0) && (Data == NULL))) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
- Cert = SSL_get_certificate(TlsConn->Ssl);\r
+ Cert = SSL_get_certificate (TlsConn->Ssl);\r
if (Cert == NULL) {\r
return EFI_NOT_FOUND;\r
}\r
//\r
// Only DER encoding is supported currently.\r
//\r
- if (*DataSize < (UINTN) i2d_X509 (Cert, NULL)) {\r
- *DataSize = (UINTN) i2d_X509 (Cert, NULL);\r
+ if (*DataSize < (UINTN)i2d_X509 (Cert, NULL)) {\r
+ *DataSize = (UINTN)i2d_X509 (Cert, NULL);\r
return EFI_BUFFER_TOO_SMALL;\r
}\r
\r
- *DataSize = (UINTN) i2d_X509 (Cert, (unsigned char **) &Data);\r
+ *DataSize = (UINTN)i2d_X509 (Cert, (unsigned char **)&Data);\r
\r
return EFI_SUCCESS;\r
}\r
EFI_STATUS\r
EFIAPI\r
TlsGetHostPrivateKey (\r
- IN VOID *Tls,\r
- OUT VOID *Data,\r
- IN OUT UINTN *DataSize\r
+ IN VOID *Tls,\r
+ OUT VOID *Data,\r
+ IN OUT UINTN *DataSize\r
)\r
{\r
return EFI_UNSUPPORTED;\r
EFI_STATUS\r
EFIAPI\r
TlsGetCertRevocationList (\r
- OUT VOID *Data,\r
- IN OUT UINTN *DataSize\r
+ OUT VOID *Data,\r
+ IN OUT UINTN *DataSize\r
)\r
{\r
return EFI_UNSUPPORTED;\r
}\r
-\r