/** @file\r
The Miscellaneous Routines for TlsDxe driver.\r
\r
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r
\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
**/\r
EFI_STATUS\r
TlsEncryptPacket (\r
- IN TLS_INSTANCE *TlsInstance,\r
- IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,\r
- IN UINT32 *FragmentCount\r
+ IN TLS_INSTANCE *TlsInstance,\r
+ IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,\r
+ IN UINT32 *FragmentCount\r
)\r
{\r
- EFI_STATUS Status;\r
- UINTN Index;\r
- UINT32 BytesCopied;\r
- UINT32 BufferInSize;\r
- UINT8 *BufferIn;\r
- UINT8 *BufferInPtr;\r
- TLS_RECORD_HEADER *RecordHeaderIn;\r
- UINT16 ThisPlainMessageSize;\r
- TLS_RECORD_HEADER *TempRecordHeader;\r
- UINT16 ThisMessageSize;\r
- UINT32 BufferOutSize;\r
- UINT8 *BufferOut;\r
- INTN Ret;\r
+ EFI_STATUS Status;\r
+ UINTN Index;\r
+ UINT32 BytesCopied;\r
+ UINT32 BufferInSize;\r
+ UINT8 *BufferIn;\r
+ UINT8 *BufferInPtr;\r
+ TLS_RECORD_HEADER *RecordHeaderIn;\r
+ UINT16 ThisPlainMessageSize;\r
+ TLS_RECORD_HEADER *TempRecordHeader;\r
+ UINT16 ThisMessageSize;\r
+ UINT32 BufferOutSize;\r
+ UINT8 *BufferOut;\r
+ UINT32 RecordCount;\r
+ INTN Ret;\r
\r
Status = EFI_SUCCESS;\r
BytesCopied = 0;\r
TempRecordHeader = NULL;\r
BufferOutSize = 0;\r
BufferOut = NULL;\r
+ RecordCount = 0;\r
Ret = 0;\r
\r
//\r
BytesCopied += (*FragmentTable)[Index].FragmentLength;\r
}\r
\r
- BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);\r
+ //\r
+ // Count TLS record number.\r
+ //\r
+ BufferInPtr = BufferIn;\r
+ while ((UINTN)BufferInPtr < (UINTN)BufferIn + BufferInSize) {\r
+ RecordHeaderIn = (TLS_RECORD_HEADER *)BufferInPtr;\r
+ if ((RecordHeaderIn->ContentType != TlsContentTypeApplicationData) || (RecordHeaderIn->Length > TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH)) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ERROR;\r
+ }\r
+\r
+ BufferInPtr += TLS_RECORD_HEADER_LENGTH + RecordHeaderIn->Length;\r
+ RecordCount++;\r
+ }\r
+\r
+ //\r
+ // Allocate enough buffer to hold TLS Ciphertext.\r
+ //\r
+ BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH));\r
if (BufferOut == NULL) {\r
Status = EFI_OUT_OF_RESOURCES;\r
goto ERROR;\r
}\r
\r
//\r
- // Parsing buffer.\r
+ // Parsing buffer. Received packet may have multiple TLS record messages.\r
//\r
- BufferInPtr = BufferIn;\r
- TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;\r
- while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {\r
- RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;\r
-\r
- if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {\r
- Status = EFI_INVALID_PARAMETER;\r
- goto ERROR;\r
- }\r
+ BufferInPtr = BufferIn;\r
+ TempRecordHeader = (TLS_RECORD_HEADER *)BufferOut;\r
+ while ((UINTN)BufferInPtr < (UINTN)BufferIn + BufferInSize) {\r
+ RecordHeaderIn = (TLS_RECORD_HEADER *)BufferInPtr;\r
\r
ThisPlainMessageSize = RecordHeaderIn->Length;\r
\r
- TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPlainMessageSize);\r
+ TlsWrite (TlsInstance->TlsConn, (UINT8 *)(RecordHeaderIn + 1), ThisPlainMessageSize);\r
\r
- Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize);\r
+ Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH);\r
\r
if (Ret > 0) {\r
- ThisMessageSize = (UINT16) Ret;\r
+ ThisMessageSize = (UINT16)Ret;\r
} else {\r
//\r
// No data was successfully encrypted, continue to encrypt other messages.\r
//\r
- DEBUG ((EFI_D_WARN, "TlsEncryptPacket: No data read from TLS object.\n"));\r
+ DEBUG ((DEBUG_WARN, "TlsEncryptPacket: No data read from TLS object.\n"));\r
\r
ThisMessageSize = 0;\r
}\r
\r
BufferOutSize += ThisMessageSize;\r
\r
- BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize;\r
- TempRecordHeader += ThisMessageSize;\r
+ BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;\r
+ TempRecordHeader = (TLS_RECORD_HEADER *)((UINT8 *)TempRecordHeader + ThisMessageSize);\r
}\r
\r
FreePool (BufferIn);\r
goto ERROR;\r
}\r
\r
- (*FragmentTable)[0].FragmentBuffer = BufferOut;\r
- (*FragmentTable)[0].FragmentLength = BufferOutSize;\r
- *FragmentCount = 1;\r
+ (*FragmentTable)[0].FragmentBuffer = BufferOut;\r
+ (*FragmentTable)[0].FragmentLength = BufferOutSize;\r
+ *FragmentCount = 1;\r
\r
return Status;\r
\r
**/\r
EFI_STATUS\r
TlsDecryptPacket (\r
- IN TLS_INSTANCE *TlsInstance,\r
- IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,\r
- IN UINT32 *FragmentCount\r
+ IN TLS_INSTANCE *TlsInstance,\r
+ IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,\r
+ IN UINT32 *FragmentCount\r
)\r
{\r
- EFI_STATUS Status;\r
- UINTN Index;\r
- UINT32 BytesCopied;\r
- UINT8 *BufferIn;\r
- UINT32 BufferInSize;\r
- UINT8 *BufferInPtr;\r
- TLS_RECORD_HEADER *RecordHeaderIn;\r
- UINT16 ThisCipherMessageSize;\r
- TLS_RECORD_HEADER *TempRecordHeader;\r
- UINT16 ThisPlainMessageSize;\r
- UINT8 *BufferOut;\r
- UINT32 BufferOutSize;\r
- INTN Ret;\r
+ EFI_STATUS Status;\r
+ UINTN Index;\r
+ UINT32 BytesCopied;\r
+ UINT8 *BufferIn;\r
+ UINT32 BufferInSize;\r
+ UINT8 *BufferInPtr;\r
+ TLS_RECORD_HEADER *RecordHeaderIn;\r
+ UINT16 ThisCipherMessageSize;\r
+ TLS_RECORD_HEADER *TempRecordHeader;\r
+ UINT16 ThisPlainMessageSize;\r
+ UINT8 *BufferOut;\r
+ UINT32 BufferOutSize;\r
+ UINT32 RecordCount;\r
+ INTN Ret;\r
\r
Status = EFI_SUCCESS;\r
BytesCopied = 0;\r
TempRecordHeader = NULL;\r
BufferOut = NULL;\r
BufferOutSize = 0;\r
+ RecordCount = 0;\r
Ret = 0;\r
\r
//\r
BytesCopied += (*FragmentTable)[Index].FragmentLength;\r
}\r
\r
- BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);\r
+ //\r
+ // Count TLS record number.\r
+ //\r
+ BufferInPtr = BufferIn;\r
+ while ((UINTN)BufferInPtr < (UINTN)BufferIn + BufferInSize) {\r
+ RecordHeaderIn = (TLS_RECORD_HEADER *)BufferInPtr;\r
+ if ((RecordHeaderIn->ContentType != TlsContentTypeApplicationData) || (NTOHS (RecordHeaderIn->Length) > TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH)) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ERROR;\r
+ }\r
+\r
+ BufferInPtr += TLS_RECORD_HEADER_LENGTH + NTOHS (RecordHeaderIn->Length);\r
+ RecordCount++;\r
+ }\r
+\r
+ //\r
+ // Allocate enough buffer to hold TLS Plaintext.\r
+ //\r
+ BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH));\r
if (BufferOut == NULL) {\r
Status = EFI_OUT_OF_RESOURCES;\r
goto ERROR;\r
//\r
// Parsing buffer. Received packet may have multiple TLS record messages.\r
//\r
- BufferInPtr = BufferIn;\r
- TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;\r
- while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {\r
- RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;\r
-\r
- if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {\r
- Status = EFI_INVALID_PARAMETER;\r
- goto ERROR;\r
- }\r
+ BufferInPtr = BufferIn;\r
+ TempRecordHeader = (TLS_RECORD_HEADER *)BufferOut;\r
+ while ((UINTN)BufferInPtr < (UINTN)BufferIn + BufferInSize) {\r
+ RecordHeaderIn = (TLS_RECORD_HEADER *)BufferInPtr;\r
\r
ThisCipherMessageSize = NTOHS (RecordHeaderIn->Length);\r
\r
- Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), RECORD_HEADER_LEN + ThisCipherMessageSize);\r
- if (Ret != RECORD_HEADER_LEN + ThisCipherMessageSize) {\r
+ Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *)(RecordHeaderIn), TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize);\r
+ if (Ret != TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize) {\r
TlsInstance->TlsSessionState = EfiTlsSessionError;\r
- Status = EFI_ABORTED;\r
+ Status = EFI_ABORTED;\r
goto ERROR;\r
}\r
\r
Ret = 0;\r
- Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), MAX_BUFFER_SIZE - BufferOutSize);\r
+ Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader + 1), TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH);\r
\r
if (Ret > 0) {\r
- ThisPlainMessageSize = (UINT16) Ret;\r
+ ThisPlainMessageSize = (UINT16)Ret;\r
} else {\r
//\r
// No data was successfully decrypted, continue to decrypt other messages.\r
//\r
- DEBUG ((EFI_D_WARN, "TlsDecryptPacket: No data read from TLS object.\n"));\r
+ DEBUG ((DEBUG_WARN, "TlsDecryptPacket: No data read from TLS object.\n"));\r
\r
ThisPlainMessageSize = 0;\r
}\r
\r
- CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN);\r
+ CopyMem (TempRecordHeader, RecordHeaderIn, TLS_RECORD_HEADER_LENGTH);\r
TempRecordHeader->Length = ThisPlainMessageSize;\r
- BufferOutSize += RECORD_HEADER_LEN + ThisPlainMessageSize;\r
+ BufferOutSize += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;\r
\r
- BufferInPtr += RECORD_HEADER_LEN + ThisCipherMessageSize;\r
- TempRecordHeader += RECORD_HEADER_LEN + ThisPlainMessageSize;\r
+ BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize;\r
+ TempRecordHeader = (TLS_RECORD_HEADER *)((UINT8 *)TempRecordHeader + TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize);\r
}\r
\r
FreePool (BufferIn);\r
goto ERROR;\r
}\r
\r
- (*FragmentTable)[0].FragmentBuffer = BufferOut;\r
- (*FragmentTable)[0].FragmentLength = BufferOutSize;\r
- *FragmentCount = 1;\r
+ (*FragmentTable)[0].FragmentBuffer = BufferOut;\r
+ (*FragmentTable)[0].FragmentLength = BufferOutSize;\r
+ *FragmentCount = 1;\r
\r
return Status;\r
\r
\r
return Status;\r
}\r
-\r