/** @file\r
Miscellaneous routines specific to Https for HttpDxe driver.\r
\r
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
Dst = *SearchStringTmp;\r
\r
if ((Src >= 'A') && (Src <= 'Z')) {\r
- Src -= ('A' - 'a');\r
+ Src += ('a' - 'A');\r
}\r
\r
if ((Dst >= 'A') && (Dst <= 'Z')) {\r
- Dst -= ('A' - 'a');\r
+ Dst += ('a' - 'A');\r
}\r
\r
if (Src != Dst) {\r
// GetVariable still error or the variable is corrupted.\r
// Fall back to the default value.\r
//\r
- FreePool (CACert);\r
-\r
- return EFI_NOT_FOUND;\r
+ Status = EFI_NOT_FOUND;\r
+ goto FreeCACert;\r
}\r
\r
ASSERT (CACert != NULL);\r
CertList->SignatureSize - sizeof (Cert->SignatureOwner)\r
);\r
if (EFI_ERROR (Status)) {\r
- FreePool (CACert);\r
- return Status;\r
+ goto FreeCACert;\r
}\r
\r
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);\r
CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r
}\r
\r
+FreeCACert:\r
FreePool (CACert);\r
return Status;\r
}\r
\r
+/**\r
+ Read the HttpTlsCipherList variable and configure it for HTTPS session.\r
+\r
+ @param[in, out] HttpInstance The HTTP instance private data.\r
+\r
+ @retval EFI_SUCCESS The prefered HTTP TLS CipherList is configured.\r
+ @retval EFI_NOT_FOUND Fail to get 'HttpTlsCipherList' variable.\r
+ @retval EFI_INVALID_PARAMETER The contents of variable are invalid.\r
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
+\r
+ @retval Others Other error as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+TlsConfigCipherList (\r
+ IN OUT HTTP_PROTOCOL *HttpInstance\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINT8 *CipherList;\r
+ UINTN CipherListSize;\r
+\r
+ CipherList = NULL;\r
+ CipherListSize = 0;\r
+\r
+ //\r
+ // Try to read the HttpTlsCipherList variable.\r
+ //\r
+ Status = gRT->GetVariable (\r
+ EDKII_HTTP_TLS_CIPHER_LIST_VARIABLE,\r
+ &gEdkiiHttpTlsCipherListGuid,\r
+ NULL,\r
+ &CipherListSize,\r
+ NULL\r
+ );\r
+ ASSERT (EFI_ERROR (Status));\r
+ if (Status != EFI_BUFFER_TOO_SMALL) {\r
+ return Status;\r
+ }\r
+\r
+ if (CipherListSize % sizeof (EFI_TLS_CIPHER) != 0) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ //\r
+ // Allocate buffer and read the config variable.\r
+ //\r
+ CipherList = AllocatePool (CipherListSize);\r
+ if (CipherList == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ Status = gRT->GetVariable (\r
+ EDKII_HTTP_TLS_CIPHER_LIST_VARIABLE,\r
+ &gEdkiiHttpTlsCipherListGuid,\r
+ NULL,\r
+ &CipherListSize,\r
+ CipherList\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ //\r
+ // GetVariable still error or the variable is corrupted.\r
+ //\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ ASSERT (CipherList != NULL);\r
+\r
+ Status = HttpInstance->Tls->SetSessionData (\r
+ HttpInstance->Tls,\r
+ EfiTlsCipherList,\r
+ CipherList,\r
+ CipherListSize\r
+ );\r
+\r
+ON_EXIT: \r
+ FreePool (CipherList);\r
+ \r
+ return Status;\r
+}\r
+\r
/**\r
Configure TLS session data.\r
\r
return Status;\r
}\r
\r
+ //\r
+ // Tls Cipher List\r
+ //\r
+ Status = TlsConfigCipherList (HttpInstance);\r
+ if (EFI_ERROR (Status) && Status != EFI_NOT_FOUND) {\r
+ DEBUG ((EFI_D_ERROR, "TlsConfigCipherList: return %r error.\n", Status));\r
+ return Status;\r
+ }\r
+\r
//\r
// Tls Config Certificate\r
//\r
//\r
// Allocate buffer to receive one TLS header.\r
//\r
- Len = sizeof (TLS_RECORD_HEADER);\r
+ Len = TLS_RECORD_HEADER_LENGTH;\r
PduHdr = NetbufAlloc (Len);\r
if (PduHdr == NULL) {\r
Status = EFI_OUT_OF_RESOURCES;\r
Process one message according to the CryptMode.\r
\r
@param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.\r
- @param[in] Message Pointer to the message buffer needed to processed.\r
+ @param[in] Message Pointer to the message buffer needed to processed. \r
+ If ProcessMode is EfiTlsEncrypt, the message contain the TLS\r
+ header and plain text TLS APP payload.\r
+ If ProcessMode is EfiTlsDecrypt, the message contain the TLS \r
+ header and cipher text TLS APP payload.\r
@param[in] MessageSize Pointer to the message buffer size.\r
@param[in] ProcessMode Process mode.\r
@param[in, out] Fragment Only one Fragment returned after the Message is\r
processed successfully.\r
+ If ProcessMode is EfiTlsEncrypt, the fragment contain the TLS \r
+ header and cipher text TLS APP payload.\r
+ If ProcessMode is EfiTlsDecrypt, the fragment contain the TLS \r
+ header and plain text TLS APP payload.\r
\r
@retval EFI_SUCCESS Message is processed successfully.\r
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
ON_EXIT:\r
\r
if (OriginalFragmentTable != NULL) {\r
+ if( FragmentTable == OriginalFragmentTable) {\r
+ FragmentTable = NULL;\r
+ }\r
FreePool (OriginalFragmentTable);\r
OriginalFragmentTable = NULL;\r
}\r
return Status;\r
}\r
\r
- CopyMem (BufferIn, TempFragment.Bulk + sizeof (TLS_RECORD_HEADER), BufferInSize);\r
+ CopyMem (BufferIn, TempFragment.Bulk + TLS_RECORD_HEADER_LENGTH, BufferInSize);\r
\r
//\r
// Free the buffer in TempFragment.\r