X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=NetworkPkg%2FHttpDxe%2FHttpsSupport.c;h=9103987a0e4c8ead2d236212c68eeb6ba669e389;hp=e6f4d5a6ccb285ac626c5e615c0e999829b151a5;hb=6f3487a79b41e72782c5baea996c294b4ce38960;hpb=45ea8a0c4550e1bb357d9e1d7fe653cd79cacaf5
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index e6f4d5a6cc..9103987a0e 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -1,7 +1,7 @@
/** @file
Miscellaneous routines specific to Https for HttpDxe driver.
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2016 Hewlett Packard Enterprise Development LP
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -67,11 +67,11 @@ AsciiStrCaseStr (
Dst = *SearchStringTmp;
if ((Src >= 'A') && (Src <= 'Z')) {
- Src -= ('A' - 'a');
+ Src += ('a' - 'A');
}
if ((Dst >= 'A') && (Dst <= 'Z')) {
- Dst -= ('A' - 'a');
+ Dst += ('a' - 'A');
}
if (Src != Dst) {
@@ -425,9 +425,8 @@ TlsConfigCertificate (
// GetVariable still error or the variable is corrupted.
// Fall back to the default value.
//
- FreePool (CACert);
-
- return EFI_NOT_FOUND;
+ Status = EFI_NOT_FOUND;
+ goto FreeCACert;
}
ASSERT (CACert != NULL);
@@ -451,8 +450,7 @@ TlsConfigCertificate (
CertList->SignatureSize - sizeof (Cert->SignatureOwner)
);
if (EFI_ERROR (Status)) {
- FreePool (CACert);
- return Status;
+ goto FreeCACert;
}
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
@@ -462,10 +460,92 @@ TlsConfigCertificate (
CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
}
+FreeCACert:
FreePool (CACert);
return Status;
}
+/**
+ Read the HttpTlsCipherList variable and configure it for HTTPS session.
+
+ @param[in, out] HttpInstance The HTTP instance private data.
+
+ @retval EFI_SUCCESS The prefered HTTP TLS CipherList is configured.
+ @retval EFI_NOT_FOUND Fail to get 'HttpTlsCipherList' variable.
+ @retval EFI_INVALID_PARAMETER The contents of variable are invalid.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+
+ @retval Others Other error as indicated.
+
+**/
+EFI_STATUS
+TlsConfigCipherList (
+ IN OUT HTTP_PROTOCOL *HttpInstance
+ )
+{
+ EFI_STATUS Status;
+ UINT8 *CipherList;
+ UINTN CipherListSize;
+
+ CipherList = NULL;
+ CipherListSize = 0;
+
+ //
+ // Try to read the HttpTlsCipherList variable.
+ //
+ Status = gRT->GetVariable (
+ EDKII_HTTP_TLS_CIPHER_LIST_VARIABLE,
+ &gEdkiiHttpTlsCipherListGuid,
+ NULL,
+ &CipherListSize,
+ NULL
+ );
+ ASSERT (EFI_ERROR (Status));
+ if (Status != EFI_BUFFER_TOO_SMALL) {
+ return Status;
+ }
+
+ if (CipherListSize % sizeof (EFI_TLS_CIPHER) != 0) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // Allocate buffer and read the config variable.
+ //
+ CipherList = AllocatePool (CipherListSize);
+ if (CipherList == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ Status = gRT->GetVariable (
+ EDKII_HTTP_TLS_CIPHER_LIST_VARIABLE,
+ &gEdkiiHttpTlsCipherListGuid,
+ NULL,
+ &CipherListSize,
+ CipherList
+ );
+ if (EFI_ERROR (Status)) {
+ //
+ // GetVariable still error or the variable is corrupted.
+ //
+ goto ON_EXIT;
+ }
+
+ ASSERT (CipherList != NULL);
+
+ Status = HttpInstance->Tls->SetSessionData (
+ HttpInstance->Tls,
+ EfiTlsCipherList,
+ CipherList,
+ CipherListSize
+ );
+
+ON_EXIT:
+ FreePool (CipherList);
+
+ return Status;
+}
+
/**
Configure TLS session data.
@@ -525,6 +605,15 @@ TlsConfigureSession (
return Status;
}
+ //
+ // Tls Cipher List
+ //
+ Status = TlsConfigCipherList (HttpInstance);
+ if (EFI_ERROR (Status) && Status != EFI_NOT_FOUND) {
+ DEBUG ((EFI_D_ERROR, "TlsConfigCipherList: return %r error.\n", Status));
+ return Status;
+ }
+
//
// Tls Config Certificate
//
@@ -861,7 +950,7 @@ TlsReceiveOnePdu (
//
// Allocate buffer to receive one TLS header.
//
- Len = sizeof (TLS_RECORD_HEADER);
+ Len = TLS_RECORD_HEADER_LENGTH;
PduHdr = NetbufAlloc (Len);
if (PduHdr == NULL) {
Status = EFI_OUT_OF_RESOURCES;
@@ -1301,11 +1390,19 @@ TlsCloseSession (
Process one message according to the CryptMode.
@param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[in] Message Pointer to the message buffer needed to processed.
+ @param[in] Message Pointer to the message buffer needed to processed.
+ If ProcessMode is EfiTlsEncrypt, the message contain the TLS
+ header and plain text TLS APP payload.
+ If ProcessMode is EfiTlsDecrypt, the message contain the TLS
+ header and cipher text TLS APP payload.
@param[in] MessageSize Pointer to the message buffer size.
@param[in] ProcessMode Process mode.
@param[in, out] Fragment Only one Fragment returned after the Message is
processed successfully.
+ If ProcessMode is EfiTlsEncrypt, the fragment contain the TLS
+ header and cipher text TLS APP payload.
+ If ProcessMode is EfiTlsDecrypt, the fragment contain the TLS
+ header and plain text TLS APP payload.
@retval EFI_SUCCESS Message is processed successfully.
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
@@ -1408,6 +1505,9 @@ TlsProcessMessage (
ON_EXIT:
if (OriginalFragmentTable != NULL) {
+ if( FragmentTable == OriginalFragmentTable) {
+ FragmentTable = NULL;
+ }
FreePool (OriginalFragmentTable);
OriginalFragmentTable = NULL;
}
@@ -1592,7 +1692,7 @@ HttpsReceive (
return Status;
}
- CopyMem (BufferIn, TempFragment.Bulk + sizeof (TLS_RECORD_HEADER), BufferInSize);
+ CopyMem (BufferIn, TempFragment.Bulk + TLS_RECORD_HEADER_LENGTH, BufferInSize);
//
// Free the buffer in TempFragment.