UINT32 Index;\r
EFI_SIGNATURE_LIST *CertList;\r
EFI_SIGNATURE_DATA *Cert;\r
+ UINTN CertArraySizeInBytes;\r
UINTN CertCount;\r
UINT32 ItemDataSize;\r
\r
if (EFI_ERROR (Status)) {\r
//\r
// GetVariable still error or the variable is corrupted.\r
- // Fall back to the default value.\r
//\r
- FreePool (CACert);\r
-\r
- return EFI_NOT_FOUND;\r
+ goto FreeCACert;\r
}\r
\r
ASSERT (CACert != NULL);\r
\r
+ //\r
+ // Sanity check\r
+ //\r
+ Status = EFI_INVALID_PARAMETER;\r
+ CertCount = 0;\r
+ ItemDataSize = (UINT32) CACertSize;\r
+ while (ItemDataSize > 0) {\r
+ if (ItemDataSize < sizeof (EFI_SIGNATURE_LIST)) {\r
+ DEBUG ((DEBUG_ERROR, "%a: truncated EFI_SIGNATURE_LIST header\n",\r
+ __FUNCTION__));\r
+ goto FreeCACert;\r
+ }\r
+\r
+ CertList = (EFI_SIGNATURE_LIST *) (CACert + (CACertSize - ItemDataSize));\r
+\r
+ if (CertList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST)) {\r
+ DEBUG ((DEBUG_ERROR,\r
+ "%a: SignatureListSize too small for EFI_SIGNATURE_LIST\n",\r
+ __FUNCTION__));\r
+ goto FreeCACert;\r
+ }\r
+\r
+ if (CertList->SignatureListSize > ItemDataSize) {\r
+ DEBUG ((DEBUG_ERROR, "%a: truncated EFI_SIGNATURE_LIST body\n",\r
+ __FUNCTION__));\r
+ goto FreeCACert;\r
+ }\r
+\r
+ if (!CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {\r
+ DEBUG ((DEBUG_ERROR, "%a: only X509 certificates are supported\n",\r
+ __FUNCTION__));\r
+ Status = EFI_UNSUPPORTED;\r
+ goto FreeCACert;\r
+ }\r
+\r
+ if (CertList->SignatureHeaderSize != 0) {\r
+ DEBUG ((DEBUG_ERROR, "%a: SignatureHeaderSize must be 0 for X509\n",\r
+ __FUNCTION__));\r
+ goto FreeCACert;\r
+ }\r
+\r
+ if (CertList->SignatureSize < sizeof (EFI_SIGNATURE_DATA)) {\r
+ DEBUG ((DEBUG_ERROR,\r
+ "%a: SignatureSize too small for EFI_SIGNATURE_DATA\n", __FUNCTION__));\r
+ goto FreeCACert;\r
+ }\r
+\r
+ CertArraySizeInBytes = (CertList->SignatureListSize -\r
+ sizeof (EFI_SIGNATURE_LIST));\r
+ if (CertArraySizeInBytes % CertList->SignatureSize != 0) {\r
+ DEBUG ((DEBUG_ERROR,\r
+ "%a: EFI_SIGNATURE_DATA array not a multiple of SignatureSize\n",\r
+ __FUNCTION__));\r
+ goto FreeCACert;\r
+ }\r
+\r
+ CertCount += CertArraySizeInBytes / CertList->SignatureSize;\r
+ ItemDataSize -= CertList->SignatureListSize;\r
+ }\r
+ if (CertCount == 0) {\r
+ DEBUG ((DEBUG_ERROR, "%a: no X509 certificates provided\n", __FUNCTION__));\r
+ goto FreeCACert;\r
+ }\r
+\r
//\r
// Enumerate all data and erasing the target item.\r
//\r
CertList->SignatureSize - sizeof (Cert->SignatureOwner)\r
);\r
if (EFI_ERROR (Status)) {\r
- FreePool (CACert);\r
- return Status;\r
+ goto FreeCACert;\r
}\r
\r
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);\r
CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r
}\r
\r
+FreeCACert:\r
FreePool (CACert);\r
return Status;\r
}\r
//\r
// Allocate buffer to receive one TLS header.\r
//\r
- Len = sizeof (TLS_RECORD_HEADER);\r
+ Len = TLS_RECORD_HEADER_LENGTH;\r
PduHdr = NetbufAlloc (Len);\r
if (PduHdr == NULL) {\r
Status = EFI_OUT_OF_RESOURCES;\r
Process one message according to the CryptMode.\r
\r
@param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.\r
- @param[in] Message Pointer to the message buffer needed to processed.\r
+ @param[in] Message Pointer to the message buffer needed to processed. \r
+ If ProcessMode is EfiTlsEncrypt, the message contain the TLS\r
+ header and plain text TLS APP payload.\r
+ If ProcessMode is EfiTlsDecrypt, the message contain the TLS \r
+ header and cipher text TLS APP payload.\r
@param[in] MessageSize Pointer to the message buffer size.\r
@param[in] ProcessMode Process mode.\r
@param[in, out] Fragment Only one Fragment returned after the Message is\r
processed successfully.\r
+ If ProcessMode is EfiTlsEncrypt, the fragment contain the TLS \r
+ header and cipher text TLS APP payload.\r
+ If ProcessMode is EfiTlsDecrypt, the fragment contain the TLS \r
+ header and plain text TLS APP payload.\r
\r
@retval EFI_SUCCESS Message is processed successfully.\r
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.\r
ON_EXIT:\r
\r
if (OriginalFragmentTable != NULL) {\r
+ if( FragmentTable == OriginalFragmentTable) {\r
+ FragmentTable = NULL;\r
+ }\r
FreePool (OriginalFragmentTable);\r
OriginalFragmentTable = NULL;\r
}\r
return Status;\r
}\r
\r
- CopyMem (BufferIn, TempFragment.Bulk + sizeof (TLS_RECORD_HEADER), BufferInSize);\r
+ CopyMem (BufferIn, TempFragment.Bulk + TLS_RECORD_HEADER_LENGTH, BufferInSize);\r
\r
//\r
// Free the buffer in TempFragment.\r