/** @file\r
Implementation of EFI TLS Protocol Interfaces.\r
\r
- Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r
\r
- This program and the accompanying materials\r
- are licensed and made available under the terms and conditions of the BSD License\r
- which accompanies this distribution. The full text of the license may be found at\r
- http://opensource.org/licenses/bsd-license.php.\r
-\r
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
EFI_STATUS\r
EFIAPI\r
TlsSetSessionData (\r
- IN EFI_TLS_PROTOCOL *This,\r
- IN EFI_TLS_SESSION_DATA_TYPE DataType,\r
- IN VOID *Data,\r
- IN UINTN DataSize\r
+ IN EFI_TLS_PROTOCOL *This,\r
+ IN EFI_TLS_SESSION_DATA_TYPE DataType,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
)\r
{\r
- EFI_STATUS Status;\r
- TLS_INSTANCE *Instance;\r
- UINT16 *CipherId;\r
- UINTN CipherCount;\r
- UINTN Index;\r
-\r
- EFI_TPL OldTpl;\r
-\r
- Status = EFI_SUCCESS;\r
- CipherId = NULL;\r
-\r
- if (This == NULL || Data == NULL || DataSize == 0) {\r
+ EFI_STATUS Status;\r
+ TLS_INSTANCE *Instance;\r
+ UINT16 *CipherId;\r
+ CONST EFI_TLS_CIPHER *TlsCipherList;\r
+ UINTN CipherCount;\r
+ CONST EFI_TLS_VERIFY_HOST *TlsVerifyHost;\r
+ EFI_TLS_VERIFY VerifyMethod;\r
+ UINTN VerifyMethodSize;\r
+ UINTN Index;\r
+\r
+ EFI_TPL OldTpl;\r
+\r
+ Status = EFI_SUCCESS;\r
+ CipherId = NULL;\r
+ VerifyMethodSize = sizeof (EFI_TLS_VERIFY);\r
+\r
+ if ((This == NULL) || (Data == NULL) || (DataSize == 0)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
\r
Instance = TLS_INSTANCE_FROM_PROTOCOL (This);\r
\r
- if (DataType != EfiTlsSessionState && Instance->TlsSessionState != EfiTlsSessionNotStarted){\r
+ if ((DataType != EfiTlsSessionState) && (Instance->TlsSessionState != EfiTlsSessionNotStarted)) {\r
Status = EFI_NOT_READY;\r
goto ON_EXIT;\r
}\r
\r
switch (DataType) {\r
- //\r
- // Session Configuration\r
- //\r
- case EfiTlsVersion:\r
- if (DataSize != sizeof (EFI_TLS_VERSION)) {\r
- Status = EFI_INVALID_PARAMETER;\r
- goto ON_EXIT;\r
- }\r
+ //\r
+ // Session Configuration\r
+ //\r
+ case EfiTlsVersion:\r
+ if (DataSize != sizeof (EFI_TLS_VERSION)) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
\r
- Status = TlsSetVersion (Instance->TlsConn, ((EFI_TLS_VERSION *) Data)->Major, ((EFI_TLS_VERSION *) Data)->Minor);\r
- break;\r
- case EfiTlsConnectionEnd:\r
- if (DataSize != sizeof (EFI_TLS_CONNECTION_END)) {\r
- Status = EFI_INVALID_PARAMETER;\r
- goto ON_EXIT;\r
- }\r
+ Status = TlsSetVersion (Instance->TlsConn, ((EFI_TLS_VERSION *)Data)->Major, ((EFI_TLS_VERSION *)Data)->Minor);\r
+ break;\r
+ case EfiTlsConnectionEnd:\r
+ if (DataSize != sizeof (EFI_TLS_CONNECTION_END)) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
\r
- Status = TlsSetConnectionEnd (Instance->TlsConn, *((EFI_TLS_CONNECTION_END *) Data));\r
- break;\r
- case EfiTlsCipherList:\r
- if (DataSize % sizeof (EFI_TLS_CIPHER) != 0) {\r
- Status = EFI_INVALID_PARAMETER;\r
- goto ON_EXIT;\r
- }\r
+ Status = TlsSetConnectionEnd (Instance->TlsConn, *((EFI_TLS_CONNECTION_END *)Data));\r
+ break;\r
+ case EfiTlsCipherList:\r
+ if (DataSize % sizeof (EFI_TLS_CIPHER) != 0) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ CipherId = AllocatePool (DataSize);\r
+ if (CipherId == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ TlsCipherList = (CONST EFI_TLS_CIPHER *)Data;\r
+ CipherCount = DataSize / sizeof (EFI_TLS_CIPHER);\r
+ for (Index = 0; Index < CipherCount; Index++) {\r
+ CipherId[Index] = ((TlsCipherList[Index].Data1 << 8) |\r
+ TlsCipherList[Index].Data2);\r
+ }\r
+\r
+ Status = TlsSetCipherList (Instance->TlsConn, CipherId, CipherCount);\r
+\r
+ FreePool (CipherId);\r
+ break;\r
+ case EfiTlsCompressionMethod:\r
+ //\r
+ // TLS seems only define one CompressionMethod.null, which specifies that data exchanged via the\r
+ // record protocol will not be compressed.\r
+ // More information from OpenSSL: http://www.openssl.org/docs/manmaster/ssl/SSL_COMP_add_compression_method.html\r
+ // The TLS RFC does however not specify compression methods or their corresponding identifiers,\r
+ // so there is currently no compatible way to integrate compression with unknown peers.\r
+ // It is therefore currently not recommended to integrate compression into applications.\r
+ // Applications for non-public use may agree on certain compression methods.\r
+ // Using different compression methods with the same identifier will lead to connection failure.\r
+ //\r
+ for (Index = 0; Index < DataSize / sizeof (EFI_TLS_COMPRESSION); Index++) {\r
+ Status = TlsSetCompressionMethod (*((UINT8 *)Data + Index));\r
+ if (EFI_ERROR (Status)) {\r
+ break;\r
+ }\r
+ }\r
\r
- CipherId = AllocatePool (DataSize);\r
- if (CipherId == NULL) {\r
- Status = EFI_OUT_OF_RESOURCES;\r
+ break;\r
+ case EfiTlsExtensionData:\r
+ Status = EFI_UNSUPPORTED;\r
goto ON_EXIT;\r
- }\r
+ case EfiTlsVerifyMethod:\r
+ if (DataSize != sizeof (EFI_TLS_VERIFY)) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
\r
- CipherCount = DataSize / sizeof (EFI_TLS_CIPHER);\r
- for (Index = 0; Index < CipherCount; Index++) {\r
- *(CipherId +Index) = HTONS (*(((UINT16 *) Data) + Index));\r
- }\r
+ TlsSetVerify (Instance->TlsConn, *((UINT32 *)Data));\r
+ break;\r
+ case EfiTlsVerifyHost:\r
+ if (DataSize != sizeof (EFI_TLS_VERIFY_HOST)) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
\r
- Status = TlsSetCipherList (Instance->TlsConn, CipherId, CipherCount);\r
+ TlsVerifyHost = (CONST EFI_TLS_VERIFY_HOST *)Data;\r
\r
- FreePool (CipherId);\r
- break;\r
- case EfiTlsCompressionMethod:\r
- //\r
- // TLS seems only define one CompressionMethod.null, which specifies that data exchanged via the\r
- // record protocol will not be compressed.\r
- // More information from OpenSSL: http://www.openssl.org/docs/manmaster/ssl/SSL_COMP_add_compression_method.html\r
- // The TLS RFC does however not specify compression methods or their corresponding identifiers,\r
- // so there is currently no compatible way to integrate compression with unknown peers.\r
- // It is therefore currently not recommended to integrate compression into applications.\r
- // Applications for non-public use may agree on certain compression methods.\r
- // Using different compression methods with the same identifier will lead to connection failure.\r
- //\r
- for (Index = 0; Index < DataSize / sizeof (EFI_TLS_COMPRESSION); Index++) {\r
- Status = TlsSetCompressionMethod (*((UINT8 *) Data + Index));\r
+ if (((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT) != 0) &&\r
+ ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT) != 0))\r
+ {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ if (((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_WILDCARDS) != 0) &&\r
+ (((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS) != 0) ||\r
+ ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS) != 0)))\r
+ {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = This->GetSessionData (This, EfiTlsVerifyMethod, &VerifyMethod, &VerifyMethodSize);\r
if (EFI_ERROR (Status)) {\r
- break;\r
+ goto ON_EXIT;\r
}\r
- }\r
\r
- break;\r
- case EfiTlsExtensionData:\r
- Status = EFI_UNSUPPORTED;\r
- goto ON_EXIT;\r
- case EfiTlsVerifyMethod:\r
- if (DataSize != sizeof (EFI_TLS_VERIFY)) {\r
- Status = EFI_INVALID_PARAMETER;\r
- goto ON_EXIT;\r
- }\r
+ if ((VerifyMethod & EFI_TLS_VERIFY_PEER) == 0) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
\r
- TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data));\r
- break;\r
- case EfiTlsSessionID:\r
- if (DataSize != sizeof (EFI_TLS_SESSION_ID)) {\r
- Status = EFI_INVALID_PARAMETER;\r
- goto ON_EXIT;\r
- }\r
+ Status = TlsSetVerifyHost (Instance->TlsConn, TlsVerifyHost->Flags, TlsVerifyHost->HostName);\r
\r
- Status = TlsSetSessionId (\r
- Instance->TlsConn,\r
- ((EFI_TLS_SESSION_ID *) Data)->Data,\r
- ((EFI_TLS_SESSION_ID *) Data)->Length\r
- );\r
- break;\r
- case EfiTlsSessionState:\r
- if (DataSize != sizeof (EFI_TLS_SESSION_STATE)) {\r
- Status = EFI_INVALID_PARAMETER;\r
- goto ON_EXIT;\r
- }\r
+ break;\r
+ case EfiTlsSessionID:\r
+ if (DataSize != sizeof (EFI_TLS_SESSION_ID)) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
\r
- Instance->TlsSessionState = *(EFI_TLS_SESSION_STATE *) Data;\r
- break;\r
- //\r
- // Session information\r
- //\r
- case EfiTlsClientRandom:\r
- Status = EFI_ACCESS_DENIED;\r
- break;\r
- case EfiTlsServerRandom:\r
- Status = EFI_ACCESS_DENIED;\r
- break;\r
- case EfiTlsKeyMaterial:\r
- Status = EFI_ACCESS_DENIED;\r
- break;\r
- //\r
- // Unsupported type.\r
- //\r
- default:\r
- Status = EFI_UNSUPPORTED;\r
+ Status = TlsSetSessionId (\r
+ Instance->TlsConn,\r
+ ((EFI_TLS_SESSION_ID *)Data)->Data,\r
+ ((EFI_TLS_SESSION_ID *)Data)->Length\r
+ );\r
+ break;\r
+ case EfiTlsSessionState:\r
+ if (DataSize != sizeof (EFI_TLS_SESSION_STATE)) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Instance->TlsSessionState = *(EFI_TLS_SESSION_STATE *)Data;\r
+ break;\r
+ //\r
+ // Session information\r
+ //\r
+ case EfiTlsClientRandom:\r
+ Status = EFI_ACCESS_DENIED;\r
+ break;\r
+ case EfiTlsServerRandom:\r
+ Status = EFI_ACCESS_DENIED;\r
+ break;\r
+ case EfiTlsKeyMaterial:\r
+ Status = EFI_ACCESS_DENIED;\r
+ break;\r
+ //\r
+ // Unsupported type.\r
+ //\r
+ default:\r
+ Status = EFI_UNSUPPORTED;\r
}\r
\r
ON_EXIT:\r
EFI_STATUS\r
EFIAPI\r
TlsGetSessionData (\r
- IN EFI_TLS_PROTOCOL *This,\r
- IN EFI_TLS_SESSION_DATA_TYPE DataType,\r
- IN OUT VOID *Data, OPTIONAL\r
- IN OUT UINTN *DataSize\r
+ IN EFI_TLS_PROTOCOL *This,\r
+ IN EFI_TLS_SESSION_DATA_TYPE DataType,\r
+ IN OUT VOID *Data OPTIONAL,\r
+ IN OUT UINTN *DataSize\r
)\r
{\r
- EFI_STATUS Status;\r
- TLS_INSTANCE *Instance;\r
+ EFI_STATUS Status;\r
+ TLS_INSTANCE *Instance;\r
\r
- EFI_TPL OldTpl;\r
+ EFI_TPL OldTpl;\r
\r
Status = EFI_SUCCESS;\r
\r
- if (This == NULL || DataSize == NULL || (Data == NULL && *DataSize != 0)) {\r
+ if ((This == NULL) || (DataSize == NULL) || ((Data == NULL) && (*DataSize != 0))) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
\r
Instance = TLS_INSTANCE_FROM_PROTOCOL (This);\r
\r
- if (Instance->TlsSessionState == EfiTlsSessionNotStarted &&\r
- (DataType == EfiTlsSessionID || DataType == EfiTlsClientRandom ||\r
- DataType == EfiTlsServerRandom || DataType == EfiTlsKeyMaterial)) {\r
+ if ((Instance->TlsSessionState == EfiTlsSessionNotStarted) &&\r
+ ((DataType == EfiTlsSessionID) || (DataType == EfiTlsClientRandom) ||\r
+ (DataType == EfiTlsServerRandom) || (DataType == EfiTlsKeyMaterial)))\r
+ {\r
Status = EFI_NOT_READY;\r
goto ON_EXIT;\r
}\r
\r
switch (DataType) {\r
- case EfiTlsVersion:\r
- if (*DataSize < sizeof (EFI_TLS_VERSION)) {\r
- *DataSize = sizeof (EFI_TLS_VERSION);\r
- Status = EFI_BUFFER_TOO_SMALL;\r
- goto ON_EXIT;\r
- }\r
- *DataSize = sizeof (EFI_TLS_VERSION);\r
- *((UINT16 *) Data) = HTONS (TlsGetVersion (Instance->TlsConn));\r
- break;\r
- case EfiTlsConnectionEnd:\r
- if (*DataSize < sizeof (EFI_TLS_CONNECTION_END)) {\r
- *DataSize = sizeof (EFI_TLS_CONNECTION_END);\r
- Status = EFI_BUFFER_TOO_SMALL;\r
- goto ON_EXIT;\r
- }\r
- *DataSize = sizeof (EFI_TLS_CONNECTION_END);\r
- *((UINT8 *) Data) = TlsGetConnectionEnd (Instance->TlsConn);\r
- break;\r
- case EfiTlsCipherList:\r
- //\r
- // Get the current session cipher suite.\r
- //\r
- if (*DataSize < sizeof (EFI_TLS_CIPHER)) {\r
- *DataSize = sizeof (EFI_TLS_CIPHER);\r
- Status = EFI_BUFFER_TOO_SMALL;\r
- goto ON_EXIT;\r
- }\r
- *DataSize = sizeof(EFI_TLS_CIPHER);\r
- Status = TlsGetCurrentCipher (Instance->TlsConn, (UINT16 *) Data);\r
- *((UINT16 *) Data) = HTONS (*((UINT16 *) Data));\r
- break;\r
- case EfiTlsCompressionMethod:\r
- //\r
- // Get the current session compression method.\r
- //\r
- if (*DataSize < sizeof (EFI_TLS_COMPRESSION)) {\r
+ case EfiTlsVersion:\r
+ if (*DataSize < sizeof (EFI_TLS_VERSION)) {\r
+ *DataSize = sizeof (EFI_TLS_VERSION);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ *DataSize = sizeof (EFI_TLS_VERSION);\r
+ *((UINT16 *)Data) = HTONS (TlsGetVersion (Instance->TlsConn));\r
+ break;\r
+ case EfiTlsConnectionEnd:\r
+ if (*DataSize < sizeof (EFI_TLS_CONNECTION_END)) {\r
+ *DataSize = sizeof (EFI_TLS_CONNECTION_END);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ *DataSize = sizeof (EFI_TLS_CONNECTION_END);\r
+ *((UINT8 *)Data) = TlsGetConnectionEnd (Instance->TlsConn);\r
+ break;\r
+ case EfiTlsCipherList:\r
+ //\r
+ // Get the current session cipher suite.\r
+ //\r
+ if (*DataSize < sizeof (EFI_TLS_CIPHER)) {\r
+ *DataSize = sizeof (EFI_TLS_CIPHER);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ *DataSize = sizeof (EFI_TLS_CIPHER);\r
+ Status = TlsGetCurrentCipher (Instance->TlsConn, (UINT16 *)Data);\r
+ *((UINT16 *)Data) = HTONS (*((UINT16 *)Data));\r
+ break;\r
+ case EfiTlsCompressionMethod:\r
+ //\r
+ // Get the current session compression method.\r
+ //\r
+ if (*DataSize < sizeof (EFI_TLS_COMPRESSION)) {\r
+ *DataSize = sizeof (EFI_TLS_COMPRESSION);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+\r
*DataSize = sizeof (EFI_TLS_COMPRESSION);\r
- Status = EFI_BUFFER_TOO_SMALL;\r
- goto ON_EXIT;\r
- }\r
- *DataSize = sizeof (EFI_TLS_COMPRESSION);\r
- Status = TlsGetCurrentCompressionId (Instance->TlsConn, (UINT8 *) Data);\r
- break;\r
- case EfiTlsExtensionData:\r
- Status = EFI_UNSUPPORTED;\r
- goto ON_EXIT;\r
- case EfiTlsVerifyMethod:\r
- if (*DataSize < sizeof (EFI_TLS_VERIFY)) {\r
- *DataSize = sizeof (EFI_TLS_VERIFY);\r
- Status = EFI_BUFFER_TOO_SMALL;\r
+ Status = TlsGetCurrentCompressionId (Instance->TlsConn, (UINT8 *)Data);\r
+ break;\r
+ case EfiTlsExtensionData:\r
+ Status = EFI_UNSUPPORTED;\r
goto ON_EXIT;\r
- }\r
- *DataSize = sizeof (EFI_TLS_VERIFY);\r
- *((UINT32 *) Data) = TlsGetVerify (Instance->TlsConn);\r
- break;\r
- case EfiTlsSessionID:\r
- if (*DataSize < sizeof (EFI_TLS_SESSION_ID)) {\r
+ case EfiTlsVerifyMethod:\r
+ if (*DataSize < sizeof (EFI_TLS_VERIFY)) {\r
+ *DataSize = sizeof (EFI_TLS_VERIFY);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ *DataSize = sizeof (EFI_TLS_VERIFY);\r
+ *((UINT32 *)Data) = TlsGetVerify (Instance->TlsConn);\r
+ break;\r
+ case EfiTlsSessionID:\r
+ if (*DataSize < sizeof (EFI_TLS_SESSION_ID)) {\r
+ *DataSize = sizeof (EFI_TLS_SESSION_ID);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+\r
*DataSize = sizeof (EFI_TLS_SESSION_ID);\r
- Status = EFI_BUFFER_TOO_SMALL;\r
- goto ON_EXIT;\r
- }\r
- *DataSize = sizeof (EFI_TLS_SESSION_ID);\r
- Status = TlsGetSessionId (\r
- Instance->TlsConn,\r
- ((EFI_TLS_SESSION_ID *) Data)->Data,\r
- &(((EFI_TLS_SESSION_ID *) Data)->Length)\r
- );\r
- break;\r
- case EfiTlsSessionState:\r
- if (*DataSize < sizeof (EFI_TLS_SESSION_STATE)) {\r
+ Status = TlsGetSessionId (\r
+ Instance->TlsConn,\r
+ ((EFI_TLS_SESSION_ID *)Data)->Data,\r
+ &(((EFI_TLS_SESSION_ID *)Data)->Length)\r
+ );\r
+ break;\r
+ case EfiTlsSessionState:\r
+ if (*DataSize < sizeof (EFI_TLS_SESSION_STATE)) {\r
+ *DataSize = sizeof (EFI_TLS_SESSION_STATE);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+\r
*DataSize = sizeof (EFI_TLS_SESSION_STATE);\r
- Status = EFI_BUFFER_TOO_SMALL;\r
- goto ON_EXIT;\r
- }\r
- *DataSize = sizeof (EFI_TLS_SESSION_STATE);\r
- CopyMem (Data, &Instance->TlsSessionState, *DataSize);\r
- break;\r
- case EfiTlsClientRandom:\r
- if (*DataSize < sizeof (EFI_TLS_RANDOM)) {\r
+ CopyMem (Data, &Instance->TlsSessionState, *DataSize);\r
+ break;\r
+ case EfiTlsClientRandom:\r
+ if (*DataSize < sizeof (EFI_TLS_RANDOM)) {\r
+ *DataSize = sizeof (EFI_TLS_RANDOM);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+\r
*DataSize = sizeof (EFI_TLS_RANDOM);\r
- Status = EFI_BUFFER_TOO_SMALL;\r
- goto ON_EXIT;\r
- }\r
- *DataSize = sizeof (EFI_TLS_RANDOM);\r
- TlsGetClientRandom (Instance->TlsConn, (UINT8 *) Data);\r
- break;\r
- case EfiTlsServerRandom:\r
- if (*DataSize < sizeof (EFI_TLS_RANDOM)) {\r
+ TlsGetClientRandom (Instance->TlsConn, (UINT8 *)Data);\r
+ break;\r
+ case EfiTlsServerRandom:\r
+ if (*DataSize < sizeof (EFI_TLS_RANDOM)) {\r
+ *DataSize = sizeof (EFI_TLS_RANDOM);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+\r
*DataSize = sizeof (EFI_TLS_RANDOM);\r
- Status = EFI_BUFFER_TOO_SMALL;\r
- goto ON_EXIT;\r
- }\r
- *DataSize = sizeof (EFI_TLS_RANDOM);\r
- TlsGetServerRandom (Instance->TlsConn, (UINT8 *) Data);\r
- break;\r
- case EfiTlsKeyMaterial:\r
- if (*DataSize < sizeof (EFI_TLS_MASTER_SECRET)) {\r
+ TlsGetServerRandom (Instance->TlsConn, (UINT8 *)Data);\r
+ break;\r
+ case EfiTlsKeyMaterial:\r
+ if (*DataSize < sizeof (EFI_TLS_MASTER_SECRET)) {\r
+ *DataSize = sizeof (EFI_TLS_MASTER_SECRET);\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto ON_EXIT;\r
+ }\r
+\r
*DataSize = sizeof (EFI_TLS_MASTER_SECRET);\r
- Status = EFI_BUFFER_TOO_SMALL;\r
- goto ON_EXIT;\r
- }\r
- *DataSize = sizeof (EFI_TLS_MASTER_SECRET);\r
- Status = TlsGetKeyMaterial (Instance->TlsConn, (UINT8 *) Data);\r
- break;\r
- //\r
- // Unsupported type.\r
- //\r
- default:\r
- Status = EFI_UNSUPPORTED;\r
+ Status = TlsGetKeyMaterial (Instance->TlsConn, (UINT8 *)Data);\r
+ break;\r
+ //\r
+ // Unsupported type.\r
+ //\r
+ default:\r
+ Status = EFI_UNSUPPORTED;\r
}\r
\r
ON_EXIT:\r
EFI_STATUS\r
EFIAPI\r
TlsBuildResponsePacket (\r
- IN EFI_TLS_PROTOCOL *This,\r
- IN UINT8 *RequestBuffer, OPTIONAL\r
- IN UINTN RequestSize, OPTIONAL\r
- OUT UINT8 *Buffer, OPTIONAL\r
- IN OUT UINTN *BufferSize\r
+ IN EFI_TLS_PROTOCOL *This,\r
+ IN UINT8 *RequestBuffer OPTIONAL,\r
+ IN UINTN RequestSize OPTIONAL,\r
+ OUT UINT8 *Buffer OPTIONAL,\r
+ IN OUT UINTN *BufferSize\r
)\r
{\r
- EFI_STATUS Status;\r
- TLS_INSTANCE *Instance;\r
- EFI_TPL OldTpl;\r
+ EFI_STATUS Status;\r
+ TLS_INSTANCE *Instance;\r
+ EFI_TPL OldTpl;\r
\r
Status = EFI_SUCCESS;\r
\r
if ((This == NULL) || (BufferSize == NULL) ||\r
- (RequestBuffer == NULL && RequestSize != 0) ||\r
- (RequestBuffer != NULL && RequestSize == 0) ||\r
- (Buffer == NULL && *BufferSize !=0)) {\r
+ ((RequestBuffer == NULL) && (RequestSize != 0)) ||\r
+ ((RequestBuffer != NULL) && (RequestSize == 0)) ||\r
+ ((Buffer == NULL) && (*BufferSize != 0)))\r
+ {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
\r
Instance = TLS_INSTANCE_FROM_PROTOCOL (This);\r
\r
- if(RequestBuffer == NULL && RequestSize == 0) {\r
+ if ((RequestBuffer == NULL) && (RequestSize == 0)) {\r
switch (Instance->TlsSessionState) {\r
- case EfiTlsSessionNotStarted:\r
- //\r
- // ClientHello.\r
- //\r
- Status = TlsDoHandshake (\r
- Instance->TlsConn,\r
- NULL,\r
- 0,\r
- Buffer,\r
- BufferSize\r
- );\r
- if (EFI_ERROR (Status)) {\r
- goto ON_EXIT;\r
- }\r
+ case EfiTlsSessionNotStarted:\r
+ //\r
+ // ClientHello.\r
+ //\r
+ Status = TlsDoHandshake (\r
+ Instance->TlsConn,\r
+ NULL,\r
+ 0,\r
+ Buffer,\r
+ BufferSize\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
\r
- //\r
- // *BufferSize should not be zero when ClientHello.\r
- //\r
- if (*BufferSize == 0) {\r
- Status = EFI_ABORTED;\r
- goto ON_EXIT;\r
- }\r
+ //\r
+ // *BufferSize should not be zero when ClientHello.\r
+ //\r
+ if (*BufferSize == 0) {\r
+ Status = EFI_ABORTED;\r
+ goto ON_EXIT;\r
+ }\r
\r
- Instance->TlsSessionState = EfiTlsSessionHandShaking;\r
+ Instance->TlsSessionState = EfiTlsSessionHandShaking;\r
\r
- break;\r
- case EfiTlsSessionClosing:\r
- //\r
- // TLS session will be closed and response packet needs to be CloseNotify.\r
- //\r
- Status = TlsCloseNotify (\r
- Instance->TlsConn,\r
- Buffer,\r
- BufferSize\r
- );\r
- if (EFI_ERROR (Status)) {\r
- goto ON_EXIT;\r
- }\r
+ break;\r
+ case EfiTlsSessionClosing:\r
+ //\r
+ // TLS session will be closed and response packet needs to be CloseNotify.\r
+ //\r
+ Status = TlsCloseNotify (\r
+ Instance->TlsConn,\r
+ Buffer,\r
+ BufferSize\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
\r
- //\r
- // *BufferSize should not be zero when build CloseNotify message.\r
- //\r
- if (*BufferSize == 0) {\r
- Status = EFI_ABORTED;\r
- goto ON_EXIT;\r
- }\r
+ //\r
+ // *BufferSize should not be zero when build CloseNotify message.\r
+ //\r
+ if (*BufferSize == 0) {\r
+ Status = EFI_ABORTED;\r
+ goto ON_EXIT;\r
+ }\r
\r
- break;\r
- case EfiTlsSessionError:\r
- //\r
- // TLS session has errors and the response packet needs to be Alert\r
- // message based on error type.\r
- //\r
- Status = TlsHandleAlert (\r
- Instance->TlsConn,\r
- NULL,\r
- 0,\r
- Buffer,\r
- BufferSize\r
- );\r
- if (EFI_ERROR (Status)) {\r
- goto ON_EXIT;\r
- }\r
+ break;\r
+ case EfiTlsSessionError:\r
+ //\r
+ // TLS session has errors and the response packet needs to be Alert\r
+ // message based on error type.\r
+ //\r
+ Status = TlsHandleAlert (\r
+ Instance->TlsConn,\r
+ NULL,\r
+ 0,\r
+ Buffer,\r
+ BufferSize\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
\r
- break;\r
- default:\r
- //\r
- // Current TLS session state is NOT ready to build ResponsePacket.\r
- //\r
- Status = EFI_NOT_READY;\r
+ break;\r
+ default:\r
+ //\r
+ // Current TLS session state is NOT ready to build ResponsePacket.\r
+ //\r
+ Status = EFI_NOT_READY;\r
}\r
} else {\r
//\r
//\r
// Must be alert message, Decrypt it and build the ResponsePacket.\r
//\r
- ASSERT (((TLS_RECORD_HEADER *) RequestBuffer)->ContentType == TlsContentTypeAlert);\r
+ ASSERT (((TLS_RECORD_HEADER *)RequestBuffer)->ContentType == TlsContentTypeAlert);\r
\r
Status = TlsHandleAlert (\r
Instance->TlsConn,\r
EFI_STATUS\r
EFIAPI\r
TlsProcessPacket (\r
- IN EFI_TLS_PROTOCOL *This,\r
- IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,\r
- IN UINT32 *FragmentCount,\r
- IN EFI_TLS_CRYPT_MODE CryptMode\r
+ IN EFI_TLS_PROTOCOL *This,\r
+ IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,\r
+ IN UINT32 *FragmentCount,\r
+ IN EFI_TLS_CRYPT_MODE CryptMode\r
)\r
{\r
- EFI_STATUS Status;\r
- TLS_INSTANCE *Instance;\r
+ EFI_STATUS Status;\r
+ TLS_INSTANCE *Instance;\r
\r
- EFI_TPL OldTpl;\r
+ EFI_TPL OldTpl;\r
\r
Status = EFI_SUCCESS;\r
\r
- if (This == NULL || FragmentTable == NULL || FragmentCount == NULL) {\r
+ if ((This == NULL) || (FragmentTable == NULL) || (FragmentCount == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
// on output these fragments also contain the TLS header and TLS APP payload.\r
//\r
switch (CryptMode) {\r
- case EfiTlsEncrypt:\r
- Status = TlsEncryptPacket (Instance, FragmentTable, FragmentCount);\r
- break;\r
- case EfiTlsDecrypt:\r
- Status = TlsDecryptPacket (Instance, FragmentTable, FragmentCount);\r
- break;\r
- default:\r
- return EFI_INVALID_PARAMETER;\r
+ case EfiTlsEncrypt:\r
+ Status = TlsEncryptPacket (Instance, FragmentTable, FragmentCount);\r
+ break;\r
+ case EfiTlsDecrypt:\r
+ Status = TlsDecryptPacket (Instance, FragmentTable, FragmentCount);\r
+ break;\r
+ default:\r
+ return EFI_INVALID_PARAMETER;\r
}\r
\r
ON_EXIT:\r
gBS->RestoreTPL (OldTpl);\r
return Status;\r
}\r
-\r