+/** @file\r
+ SSL/TLS Configuration Null Library Wrapper Implementation.\r
+\r
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include "InternalTlsLib.h"\r
+\r
+/**\r
+ Set a new TLS/SSL method for a particular TLS object.\r
+\r
+ This function sets a new TLS/SSL method for a particular TLS object.\r
+\r
+ @param[in] Tls Pointer to a TLS object.\r
+ @param[in] MajorVer Major Version of TLS/SSL Protocol.\r
+ @param[in] MinorVer Minor Version of TLS/SSL Protocol.\r
+\r
+ @retval EFI_SUCCESS The TLS/SSL method was set successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetVersion (\r
+ IN VOID *Tls,\r
+ IN UINT8 MajorVer,\r
+ IN UINT8 MinorVer\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Set TLS object to work in client or server mode.\r
+\r
+ This function prepares a TLS object to work in client or server mode.\r
+\r
+ @param[in] Tls Pointer to a TLS object.\r
+ @param[in] IsServer Work in server mode.\r
+\r
+ @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetConnectionEnd (\r
+ IN VOID *Tls,\r
+ IN BOOLEAN IsServer\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Set the ciphers list to be used by the TLS object.\r
+\r
+ This function sets the ciphers for use by a specified TLS object.\r
+\r
+ @param[in] Tls Pointer to a TLS object.\r
+ @param[in] CipherId Array of UINT16 cipher identifiers. Each UINT16\r
+ cipher identifier comes from the TLS Cipher Suite\r
+ Registry of the IANA, interpreting Byte1 and Byte2\r
+ in network (big endian) byte order.\r
+ @param[in] CipherNum The number of cipher in the list.\r
+\r
+ @retval EFI_SUCCESS The ciphers list was set successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_UNSUPPORTED No supported TLS cipher was found in CipherId.\r
+ @retval EFI_OUT_OF_RESOURCES Memory allocation failed.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetCipherList (\r
+ IN VOID *Tls,\r
+ IN UINT16 *CipherId,\r
+ IN UINTN CipherNum\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Set the compression method for TLS/SSL operations.\r
+\r
+ This function handles TLS/SSL integrated compression methods.\r
+\r
+ @param[in] CompMethod The compression method ID.\r
+\r
+ @retval EFI_SUCCESS The compression method for the communication was\r
+ set successfully.\r
+ @retval EFI_UNSUPPORTED Unsupported compression method.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetCompressionMethod (\r
+ IN UINT8 CompMethod\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Set peer certificate verification mode for the TLS connection.\r
+\r
+ This function sets the verification mode flags for the TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in] VerifyMode A set of logically or'ed verification mode flags.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+TlsSetVerify (\r
+ IN VOID *Tls,\r
+ IN UINT32 VerifyMode\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+}\r
+\r
+// MU_CHANGE - Proposed fixes for TCBZ960, invalid domain name (CN) accepted. [BEGIN]\r
+/**\r
+ Set the specified host name to be verified.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in] Flags The setting flags during the validation.\r
+ @param[in] HostName The specified host name to be verified.\r
+\r
+ @retval EFI_SUCCESS The HostName setting was set successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_ABORTED Invalid HostName setting.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetVerifyHost (\r
+ IN VOID *Tls,\r
+ IN UINT32 Flags,\r
+ IN CHAR8 *HostName\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+// MU_CHANGE - Proposed fixes for TCBZ960, invalid domain name (CN) accepted. [END]\r
+\r
+/**\r
+ Sets a TLS/SSL session ID to be used during TLS/SSL connect.\r
+\r
+ This function sets a session ID to be used when the TLS/SSL connection is\r
+ to be established.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in] SessionId Session ID data used for session resumption.\r
+ @param[in] SessionIdLen Length of Session ID in bytes.\r
+\r
+ @retval EFI_SUCCESS Session ID was set successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_UNSUPPORTED No available session for ID setting.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetSessionId (\r
+ IN VOID *Tls,\r
+ IN UINT8 *SessionId,\r
+ IN UINT16 SessionIdLen\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Adds the CA to the cert store when requesting Server or Client authentication.\r
+\r
+ This function adds the CA certificate to the list of CAs when requesting\r
+ Server or Client authentication for the chosen TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in] Data Pointer to the data buffer of a DER-encoded binary\r
+ X.509 certificate or PEM-encoded X.509 certificate.\r
+ @param[in] DataSize The size of data buffer in bytes.\r
+\r
+ @retval EFI_SUCCESS The operation succeeded.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.\r
+ @retval EFI_ABORTED Invalid X.509 certificate.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetCaCertificate (\r
+ IN VOID *Tls,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Loads the local public certificate into the specified TLS object.\r
+\r
+ This function loads the X.509 certificate into the specified TLS object\r
+ for TLS negotiation.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in] Data Pointer to the data buffer of a DER-encoded binary\r
+ X.509 certificate or PEM-encoded X.509 certificate.\r
+ @param[in] DataSize The size of data buffer in bytes.\r
+\r
+ @retval EFI_SUCCESS The operation succeeded.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.\r
+ @retval EFI_ABORTED Invalid X.509 certificate.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetHostPublicCert (\r
+ IN VOID *Tls,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Adds the local private key to the specified TLS object.\r
+\r
+ This function adds the local private key (PEM-encoded RSA or PKCS#8 private\r
+ key) into the specified TLS object for TLS negotiation.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in] Data Pointer to the data buffer of a PEM-encoded RSA\r
+ or PKCS#8 private key.\r
+ @param[in] DataSize The size of data buffer in bytes.\r
+\r
+ @retval EFI_SUCCESS The operation succeeded.\r
+ @retval EFI_UNSUPPORTED This function is not supported.\r
+ @retval EFI_ABORTED Invalid private key data.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetHostPrivateKey (\r
+ IN VOID *Tls,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Adds the CA-supplied certificate revocation list for certificate validation.\r
+\r
+ This function adds the CA-supplied certificate revocation list data for\r
+ certificate validity checking.\r
+\r
+ @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.\r
+ @param[in] DataSize The size of data buffer in bytes.\r
+\r
+ @retval EFI_SUCCESS The operation succeeded.\r
+ @retval EFI_UNSUPPORTED This function is not supported.\r
+ @retval EFI_ABORTED Invalid CRL data.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsSetCertRevocationList (\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Gets the protocol version used by the specified TLS connection.\r
+\r
+ This function returns the protocol version used by the specified TLS\r
+ connection.\r
+\r
+ If Tls is NULL, then ASSERT().\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+\r
+ @return The protocol version of the specified TLS connection.\r
+\r
+**/\r
+UINT16\r
+EFIAPI\r
+TlsGetVersion (\r
+ IN VOID *Tls\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return 0;\r
+}\r
+\r
+/**\r
+ Gets the connection end of the specified TLS connection.\r
+\r
+ This function returns the connection end (as client or as server) used by\r
+ the specified TLS connection.\r
+\r
+ If Tls is NULL, then ASSERT().\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+\r
+ @return The connection end used by the specified TLS connection.\r
+\r
+**/\r
+UINT8\r
+EFIAPI\r
+TlsGetConnectionEnd (\r
+ IN VOID *Tls\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return 0;\r
+}\r
+\r
+/**\r
+ Gets the cipher suite used by the specified TLS connection.\r
+\r
+ This function returns current cipher suite used by the specified\r
+ TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in,out] CipherId The cipher suite used by the TLS object.\r
+\r
+ @retval EFI_SUCCESS The cipher suite was returned successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_UNSUPPORTED Unsupported cipher suite.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetCurrentCipher (\r
+ IN VOID *Tls,\r
+ IN OUT UINT16 *CipherId\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Gets the compression methods used by the specified TLS connection.\r
+\r
+ This function returns current integrated compression methods used by\r
+ the specified TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in,out] CompressionId The current compression method used by\r
+ the TLS object.\r
+\r
+ @retval EFI_SUCCESS The compression method was returned successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_ABORTED Invalid Compression method.\r
+ @retval EFI_UNSUPPORTED This function is not supported.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetCurrentCompressionId (\r
+ IN VOID *Tls,\r
+ IN OUT UINT8 *CompressionId\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Gets the verification mode currently set in the TLS connection.\r
+\r
+ This function returns the peer verification mode currently set in the\r
+ specified TLS connection.\r
+\r
+ If Tls is NULL, then ASSERT().\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+\r
+ @return The verification mode set in the specified TLS connection.\r
+\r
+**/\r
+UINT32\r
+EFIAPI\r
+TlsGetVerify (\r
+ IN VOID *Tls\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return 0;\r
+}\r
+\r
+/**\r
+ Gets the session ID used by the specified TLS connection.\r
+\r
+ This function returns the TLS/SSL session ID currently used by the\r
+ specified TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in,out] SessionId Buffer to contain the returned session ID.\r
+ @param[in,out] SessionIdLen The length of Session ID in bytes.\r
+\r
+ @retval EFI_SUCCESS The Session ID was returned successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_UNSUPPORTED Invalid TLS/SSL session.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetSessionId (\r
+ IN VOID *Tls,\r
+ IN OUT UINT8 *SessionId,\r
+ IN OUT UINT16 *SessionIdLen\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Gets the client random data used in the specified TLS connection.\r
+\r
+ This function returns the TLS/SSL client random data currently used in\r
+ the specified TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in,out] ClientRandom Buffer to contain the returned client\r
+ random data (32 bytes).\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+TlsGetClientRandom (\r
+ IN VOID *Tls,\r
+ IN OUT UINT8 *ClientRandom\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+}\r
+\r
+/**\r
+ Gets the server random data used in the specified TLS connection.\r
+\r
+ This function returns the TLS/SSL server random data currently used in\r
+ the specified TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in,out] ServerRandom Buffer to contain the returned server\r
+ random data (32 bytes).\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+TlsGetServerRandom (\r
+ IN VOID *Tls,\r
+ IN OUT UINT8 *ServerRandom\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+}\r
+\r
+/**\r
+ Gets the master key data used in the specified TLS connection.\r
+\r
+ This function returns the TLS/SSL master key material currently used in\r
+ the specified TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[in,out] KeyMaterial Buffer to contain the returned key material.\r
+\r
+ @retval EFI_SUCCESS Key material was returned successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_UNSUPPORTED Invalid TLS/SSL session.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetKeyMaterial (\r
+ IN VOID *Tls,\r
+ IN OUT UINT8 *KeyMaterial\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Gets the CA Certificate from the cert store.\r
+\r
+ This function returns the CA certificate for the chosen\r
+ TLS connection.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[out] Data Pointer to the data buffer to receive the CA\r
+ certificate data sent to the client.\r
+ @param[in,out] DataSize The size of data buffer in bytes.\r
+\r
+ @retval EFI_SUCCESS The operation succeeded.\r
+ @retval EFI_UNSUPPORTED This function is not supported.\r
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetCaCertificate (\r
+ IN VOID *Tls,\r
+ OUT VOID *Data,\r
+ IN OUT UINTN *DataSize\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Gets the local public Certificate set in the specified TLS object.\r
+\r
+ This function returns the local public certificate which was currently set\r
+ in the specified TLS object.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[out] Data Pointer to the data buffer to receive the local\r
+ public certificate.\r
+ @param[in,out] DataSize The size of data buffer in bytes.\r
+\r
+ @retval EFI_SUCCESS The operation succeeded.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
+ @retval EFI_NOT_FOUND The certificate is not found.\r
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetHostPublicCert (\r
+ IN VOID *Tls,\r
+ OUT VOID *Data,\r
+ IN OUT UINTN *DataSize\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Gets the local private key set in the specified TLS object.\r
+\r
+ This function returns the local private key data which was currently set\r
+ in the specified TLS object.\r
+\r
+ @param[in] Tls Pointer to the TLS object.\r
+ @param[out] Data Pointer to the data buffer to receive the local\r
+ private key data.\r
+ @param[in,out] DataSize The size of data buffer in bytes.\r
+\r
+ @retval EFI_SUCCESS The operation succeeded.\r
+ @retval EFI_UNSUPPORTED This function is not supported.\r
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetHostPrivateKey (\r
+ IN VOID *Tls,\r
+ OUT VOID *Data,\r
+ IN OUT UINTN *DataSize\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Gets the CA-supplied certificate revocation list data set in the specified\r
+ TLS object.\r
+\r
+ This function returns the CA-supplied certificate revocation list data which\r
+ was currently set in the specified TLS object.\r
+\r
+ @param[out] Data Pointer to the data buffer to receive the CRL data.\r
+ @param[in,out] DataSize The size of data buffer in bytes.\r
+\r
+ @retval EFI_SUCCESS The operation succeeded.\r
+ @retval EFI_UNSUPPORTED This function is not supported.\r
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TlsGetCertRevocationList (\r
+ OUT VOID *Data,\r
+ IN OUT UINTN *DataSize\r
+ )\r
+{\r
+ ASSERT(FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r