/** @file\r
Implementation of EFI TLS Protocol Interfaces.\r
\r
- Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r
\r
- This program and the accompanying materials\r
- are licensed and made available under the terms and conditions of the BSD License\r
- which accompanies this distribution. The full text of the license may be found at\r
- http://opensource.org/licenses/bsd-license.php.\r
-\r
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
This is NULL.\r
Data is NULL.\r
DataSize is 0.\r
+ DataSize is invalid for DataType.\r
@retval EFI_UNSUPPORTED The DataType is unsupported.\r
@retval EFI_ACCESS_DENIED If the DataType is one of below:\r
EfiTlsClientRandom\r
EFI_STATUS Status;\r
TLS_INSTANCE *Instance;\r
UINT16 *CipherId;\r
+ CONST EFI_TLS_CIPHER *TlsCipherList;\r
+ UINTN CipherCount;\r
+ CONST EFI_TLS_VERIFY_HOST *TlsVerifyHost;\r
+ EFI_TLS_VERIFY VerifyMethod;\r
+ UINTN VerifyMethodSize;\r
UINTN Index;\r
\r
EFI_TPL OldTpl;\r
\r
- Status = EFI_SUCCESS;\r
- CipherId = NULL;\r
+ Status = EFI_SUCCESS;\r
+ CipherId = NULL;\r
+ VerifyMethodSize = sizeof (EFI_TLS_VERIFY);\r
\r
if (This == NULL || Data == NULL || DataSize == 0) {\r
return EFI_INVALID_PARAMETER;\r
Status = TlsSetConnectionEnd (Instance->TlsConn, *((EFI_TLS_CONNECTION_END *) Data));\r
break;\r
case EfiTlsCipherList:\r
+ if (DataSize % sizeof (EFI_TLS_CIPHER) != 0) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
CipherId = AllocatePool (DataSize);\r
if (CipherId == NULL) {\r
Status = EFI_OUT_OF_RESOURCES;\r
goto ON_EXIT;\r
}\r
\r
- for (Index = 0; Index < DataSize / sizeof (EFI_TLS_CIPHER); Index++) {\r
- *(CipherId +Index) = HTONS (*(((UINT16 *) Data) + Index));\r
+ TlsCipherList = (CONST EFI_TLS_CIPHER *) Data;\r
+ CipherCount = DataSize / sizeof (EFI_TLS_CIPHER);\r
+ for (Index = 0; Index < CipherCount; Index++) {\r
+ CipherId[Index] = ((TlsCipherList[Index].Data1 << 8) |\r
+ TlsCipherList[Index].Data2);\r
}\r
\r
- Status = TlsSetCipherList (Instance->TlsConn, CipherId, DataSize / sizeof (EFI_TLS_CIPHER));\r
+ Status = TlsSetCipherList (Instance->TlsConn, CipherId, CipherCount);\r
\r
FreePool (CipherId);\r
break;\r
}\r
\r
TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data));\r
+ break;\r
+ case EfiTlsVerifyHost:\r
+ if (DataSize != sizeof (EFI_TLS_VERIFY_HOST)) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ TlsVerifyHost = (CONST EFI_TLS_VERIFY_HOST *) Data;\r
+\r
+ if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT) != 0 &&\r
+ (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT) != 0) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_WILDCARDS) != 0 &&\r
+ ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS) != 0 ||\r
+ (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS) != 0)) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = This->GetSessionData (This, EfiTlsVerifyMethod, &VerifyMethod, &VerifyMethodSize);\r
+ if (EFI_ERROR (Status)) {\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ if ((VerifyMethod & EFI_TLS_VERIFY_PEER) == 0) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = TlsSetVerifyHost (Instance->TlsConn, TlsVerifyHost->Flags, TlsVerifyHost->HostName);\r
+\r
break;\r
case EfiTlsSessionID:\r
if (DataSize != sizeof (EFI_TLS_SESSION_ID)) {\r
TlsGetSessionData (\r
IN EFI_TLS_PROTOCOL *This,\r
IN EFI_TLS_SESSION_DATA_TYPE DataType,\r
- IN OUT VOID *Data, OPTIONAL\r
+ IN OUT VOID *Data OPTIONAL,\r
IN OUT UINTN *DataSize\r
)\r
{\r
EFIAPI\r
TlsBuildResponsePacket (\r
IN EFI_TLS_PROTOCOL *This,\r
- IN UINT8 *RequestBuffer, OPTIONAL\r
- IN UINTN RequestSize, OPTIONAL\r
- OUT UINT8 *Buffer, OPTIONAL\r
+ IN UINT8 *RequestBuffer OPTIONAL,\r
+ IN UINTN RequestSize OPTIONAL,\r
+ OUT UINT8 *Buffer OPTIONAL,\r
IN OUT UINTN *BufferSize\r
)\r
{\r
gBS->RestoreTPL (OldTpl);\r
return Status;\r
}\r
-\r