From nobody Wed May 8 02:25:36 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521506229638888.7391756521013; Mon, 19 Mar 2018 17:37:09 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id E65C321E4902F; Mon, 19 Mar 2018 17:30:35 -0700 (PDT) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E6152225B0292 for ; Mon, 19 Mar 2018 17:30:33 -0700 (PDT) Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Mar 2018 17:37:02 -0700 Received: from jiaxinwu-mobl2.ccr.corp.intel.com ([10.239.196.39]) by orsmga005.jf.intel.com with ESMTP; 19 Mar 2018 17:37:01 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.115; helo=mga14.intel.com; envelope-from=jiaxin.wu@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,332,1517904000"; d="scan'208";a="209637207" From: Jiaxin Wu To: edk2-devel@lists.01.org Date: Tue, 20 Mar 2018 08:36:55 +0800 Message-Id: <20180320003657.4524-2-jiaxin.wu@intel.com> X-Mailer: git-send-email 2.16.2.windows.1 In-Reply-To: <20180320003657.4524-1-jiaxin.wu@intel.com> References: <20180320003657.4524-1-jiaxin.wu@intel.com> Subject: [edk2] [Patch 1/3] MdePkg/Tls1.h: Add TLS record header length and max payload length. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Karunakar P , Ye Ting , Fu Siyuan MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Cc: Karunakar P Cc: Fu Siyuan Cc: Ye Ting Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu Reviewed-by: Karunakar p --- MdePkg/Include/IndustryStandard/Tls1.h | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/MdePkg/Include/IndustryStandard/Tls1.h b/MdePkg/Include/Indust= ryStandard/Tls1.h index 9009291ee3..cccb6db7fb 100644 --- a/MdePkg/Include/IndustryStandard/Tls1.h +++ b/MdePkg/Include/IndustryStandard/Tls1.h @@ -1,11 +1,11 @@ /** @file Transport Layer Security -- TLS 1.0/1.1/1.2 Standard definitions, from = RFC 2246/4346/5246 =20 This file contains common TLS 1.0/1.1/1.2 definitions from RFC 2246/4346= /5246 =20 - Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+ Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BS= D License which accompanies this distribution. The full text of the license may b= e found at http://opensource.org/licenses/bsd-license.php =20 @@ -85,9 +85,23 @@ typedef struct { UINT8 ContentType; EFI_TLS_VERSION Version; UINT16 Length; } TLS_RECORD_HEADER; =20 +#define TLS_RECORD_HEADER_LENGTH 5 + +// +// The length (in bytes) of the TLSPlaintext records payload MUST NOT exce= ed 2^14. +// Refers to section 6.2 of RFC5246.=20 +// +#define TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH 16384 + +// +// The length (in bytes) of the TLSCiphertext records payload MUST NOT exc= eed 2^14 + 2048. +// Refers to section 6.2 of RFC5246.=20 +// +#define TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH 18432 + #pragma pack() =20 #endif =20 --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Wed May 8 02:25:36 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521506230961786.6014283043005; Mon, 19 Mar 2018 17:37:10 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 4AE752202E4A9; Mon, 19 Mar 2018 17:30:37 -0700 (PDT) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 39129225B02AF for ; Mon, 19 Mar 2018 17:30:35 -0700 (PDT) Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Mar 2018 17:37:04 -0700 Received: from jiaxinwu-mobl2.ccr.corp.intel.com ([10.239.196.39]) by orsmga005.jf.intel.com with ESMTP; 19 Mar 2018 17:37:02 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.115; helo=mga14.intel.com; envelope-from=jiaxin.wu@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,332,1517904000"; d="scan'208";a="209637213" From: Jiaxin Wu To: edk2-devel@lists.01.org Date: Tue, 20 Mar 2018 08:36:56 +0800 Message-Id: <20180320003657.4524-3-jiaxin.wu@intel.com> X-Mailer: git-send-email 2.16.2.windows.1 In-Reply-To: <20180320003657.4524-1-jiaxin.wu@intel.com> References: <20180320003657.4524-1-jiaxin.wu@intel.com> Subject: [edk2] [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Karunakar P , Ye Ting , Fu Siyuan MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Cc: Karunakar P Cc: Fu Siyuan Cc: Ye Ting Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu Reviewed-by: Karunakar p --- NetworkPkg/TlsDxe/TlsImpl.c | 74 +++++++++++++++++++++++++++++++----------= ---- NetworkPkg/TlsDxe/TlsImpl.h | 6 +--- 2 files changed, 52 insertions(+), 28 deletions(-) diff --git a/NetworkPkg/TlsDxe/TlsImpl.c b/NetworkPkg/TlsDxe/TlsImpl.c index 8e1238216b..a026075f36 100644 --- a/NetworkPkg/TlsDxe/TlsImpl.c +++ b/NetworkPkg/TlsDxe/TlsImpl.c @@ -1,9 +1,9 @@ /** @file The Miscellaneous Routines for TlsDxe driver. =20 -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
=20 This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at http://opensource.org/licenses/bsd-license.php @@ -48,10 +48,11 @@ TlsEncryptPacket ( UINT16 ThisPlainMessageSize; TLS_RECORD_HEADER *TempRecordHeader; UINT16 ThisMessageSize; UINT32 BufferOutSize; UINT8 *BufferOut; + UINT32 RecordCount; INTN Ret; =20 Status =3D EFI_SUCCESS; BytesCopied =3D 0; BufferInSize =3D 0; @@ -59,10 +60,11 @@ TlsEncryptPacket ( BufferInPtr =3D NULL; RecordHeaderIn =3D NULL; TempRecordHeader =3D NULL; BufferOutSize =3D 0; BufferOut =3D NULL; + RecordCount =3D 0; Ret =3D 0; =20 // // Calculate the size according to the fragment table. // @@ -89,34 +91,46 @@ TlsEncryptPacket ( (*FragmentTable)[Index].FragmentLength ); BytesCopied +=3D (*FragmentTable)[Index].FragmentLength; } =20 - BufferOut =3D AllocateZeroPool (MAX_BUFFER_SIZE); + // + // Count TLS record number. + // + BufferInPtr =3D BufferIn; + while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { + RecordHeaderIn =3D (TLS_RECORD_HEADER *) BufferInPtr; + if (RecordHeaderIn->ContentType !=3D TlsContentTypeApplicationData || = RecordHeaderIn->Length > TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH) { + Status =3D EFI_INVALID_PARAMETER; + goto ERROR; + } + BufferInPtr +=3D TLS_RECORD_HEADER_LENGTH + RecordHeaderIn->Length; + RecordCount ++; + } + =20 + // + // Allocate enough buffer to hold TLS Ciphertext. + // + BufferOut =3D AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH = + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH)); if (BufferOut =3D=3D NULL) { Status =3D EFI_OUT_OF_RESOURCES; goto ERROR; } =20 // - // Parsing buffer. + // Parsing buffer. Received packet may have multiple TLS record messages. // BufferInPtr =3D BufferIn; TempRecordHeader =3D (TLS_RECORD_HEADER *) BufferOut; while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { RecordHeaderIn =3D (TLS_RECORD_HEADER *) BufferInPtr; =20 - if (RecordHeaderIn->ContentType !=3D TlsContentTypeApplicationData) { - Status =3D EFI_INVALID_PARAMETER; - goto ERROR; - } - ThisPlainMessageSize =3D RecordHeaderIn->Length; =20 TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPl= ainMessageSize); =20 - Ret =3D TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordH= eader), MAX_BUFFER_SIZE - BufferOutSize); + Ret =3D TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordH= eader), TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH= ); =20 if (Ret > 0) { ThisMessageSize =3D (UINT16) Ret; } else { // @@ -127,11 +141,11 @@ TlsEncryptPacket ( ThisMessageSize =3D 0; } =20 BufferOutSize +=3D ThisMessageSize; =20 - BufferInPtr +=3D RECORD_HEADER_LEN + ThisPlainMessageSize; + BufferInPtr +=3D TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize; TempRecordHeader +=3D ThisMessageSize; } =20 FreePool (BufferIn); BufferIn =3D NULL; @@ -199,10 +213,11 @@ TlsDecryptPacket ( UINT16 ThisCipherMessageSize; TLS_RECORD_HEADER *TempRecordHeader; UINT16 ThisPlainMessageSize; UINT8 *BufferOut; UINT32 BufferOutSize; + UINT32 RecordCount; INTN Ret; =20 Status =3D EFI_SUCCESS; BytesCopied =3D 0; BufferIn =3D NULL; @@ -210,10 +225,11 @@ TlsDecryptPacket ( BufferInPtr =3D NULL; RecordHeaderIn =3D NULL; TempRecordHeader =3D NULL; BufferOut =3D NULL; BufferOutSize =3D 0; + RecordCount =3D 0; Ret =3D 0; =20 // // Calculate the size according to the fragment table. // @@ -240,11 +256,28 @@ TlsDecryptPacket ( (*FragmentTable)[Index].FragmentLength ); BytesCopied +=3D (*FragmentTable)[Index].FragmentLength; } =20 - BufferOut =3D AllocateZeroPool (MAX_BUFFER_SIZE); + // + // Count TLS record number. + // + BufferInPtr =3D BufferIn; + while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { + RecordHeaderIn =3D (TLS_RECORD_HEADER *) BufferInPtr; + if (RecordHeaderIn->ContentType !=3D TlsContentTypeApplicationData || = NTOHS (RecordHeaderIn->Length) > TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH) { + Status =3D EFI_INVALID_PARAMETER; + goto ERROR; + } + BufferInPtr +=3D TLS_RECORD_HEADER_LENGTH + NTOHS (RecordHeaderIn->Len= gth); + RecordCount ++; + } + + // + // Allocate enough buffer to hold TLS Plaintext. + // + BufferOut =3D AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH = + TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH)); if (BufferOut =3D=3D NULL) { Status =3D EFI_OUT_OF_RESOURCES; goto ERROR; } =20 @@ -254,26 +287,21 @@ TlsDecryptPacket ( BufferInPtr =3D BufferIn; TempRecordHeader =3D (TLS_RECORD_HEADER *) BufferOut; while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { RecordHeaderIn =3D (TLS_RECORD_HEADER *) BufferInPtr; =20 - if (RecordHeaderIn->ContentType !=3D TlsContentTypeApplicationData) { - Status =3D EFI_INVALID_PARAMETER; - goto ERROR; - } - ThisCipherMessageSize =3D NTOHS (RecordHeaderIn->Length); =20 - Ret =3D TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeade= rIn), RECORD_HEADER_LEN + ThisCipherMessageSize); - if (Ret !=3D RECORD_HEADER_LEN + ThisCipherMessageSize) { + Ret =3D TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeade= rIn), TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize); + if (Ret !=3D TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize) { TlsInstance->TlsSessionState =3D EfiTlsSessionError; Status =3D EFI_ABORTED; goto ERROR; } =20 Ret =3D 0; - Ret =3D TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1= ), MAX_BUFFER_SIZE - BufferOutSize); + Ret =3D TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1= ), TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH); =20 if (Ret > 0) { ThisPlainMessageSize =3D (UINT16) Ret; } else { // @@ -282,16 +310,16 @@ TlsDecryptPacket ( DEBUG ((EFI_D_WARN, "TlsDecryptPacket: No data read from TLS object.= \n")); =20 ThisPlainMessageSize =3D 0; } =20 - CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN); + CopyMem (TempRecordHeader, RecordHeaderIn, TLS_RECORD_HEADER_LENGTH); TempRecordHeader->Length =3D ThisPlainMessageSize; - BufferOutSize +=3D RECORD_HEADER_LEN + ThisPlainMessageSize; + BufferOutSize +=3D TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize; =20 - BufferInPtr +=3D RECORD_HEADER_LEN + ThisCipherMessageSize; - TempRecordHeader +=3D RECORD_HEADER_LEN + ThisPlainMessageSize; + BufferInPtr +=3D TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize; + TempRecordHeader +=3D TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize; } =20 FreePool (BufferIn); BufferIn =3D NULL; =20 diff --git a/NetworkPkg/TlsDxe/TlsImpl.h b/NetworkPkg/TlsDxe/TlsImpl.h index 3ae9d0d546..e04b312c19 100644 --- a/NetworkPkg/TlsDxe/TlsImpl.h +++ b/NetworkPkg/TlsDxe/TlsImpl.h @@ -1,9 +1,9 @@ /** @file Header file of Miscellaneous Routines for TlsDxe driver. =20 -Copyright (c) 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
=20 This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at http://opensource.org/licenses/bsd-license.php @@ -44,14 +44,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITH= ER EXPRESS OR IMPLIED. // extern EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding; extern EFI_TLS_PROTOCOL mTlsProtocol; extern EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol; =20 -#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) + Length(2) - -#define MAX_BUFFER_SIZE 32768 - /** Encrypt the message listed in fragment. =20 @param[in] TlsInstance The pointer to the TLS instance. @param[in, out] FragmentTable Pointer to a list of fragment. --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Wed May 8 02:25:36 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521506233478382.5735031399214; Mon, 19 Mar 2018 17:37:13 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id B0F03225B02BB; Mon, 19 Mar 2018 17:30:38 -0700 (PDT) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 916192202E49C for ; Mon, 19 Mar 2018 17:30:36 -0700 (PDT) Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Mar 2018 17:37:05 -0700 Received: from jiaxinwu-mobl2.ccr.corp.intel.com ([10.239.196.39]) by orsmga005.jf.intel.com with ESMTP; 19 Mar 2018 17:37:04 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.115; helo=mga14.intel.com; envelope-from=jiaxin.wu@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,332,1517904000"; d="scan'208";a="209637219" From: Jiaxin Wu To: edk2-devel@lists.01.org Date: Tue, 20 Mar 2018 08:36:57 +0800 Message-Id: <20180320003657.4524-4-jiaxin.wu@intel.com> X-Mailer: git-send-email 2.16.2.windows.1 In-Reply-To: <20180320003657.4524-1-jiaxin.wu@intel.com> References: <20180320003657.4524-1-jiaxin.wu@intel.com> Subject: [edk2] [Patch 3/3] NetworkPkg/HttpDxe: Handle the large data request via HTTPS channel. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Karunakar P , Ye Ting , Fu Siyuan MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Cc: Karunakar P Cc: Fu Siyuan Cc: Ye Ting Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu Reviewed-by: Karunakar p --- NetworkPkg/HttpDxe/HttpProto.c | 121 +++++++++++++++++++++++++++-------= ---- NetworkPkg/HttpDxe/HttpsSupport.c | 17 +++++- NetworkPkg/HttpDxe/HttpsSupport.h | 12 +++- 3 files changed, 111 insertions(+), 39 deletions(-) diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c index d7fe271168..35c4a166c4 100644 --- a/NetworkPkg/HttpDxe/HttpProto.c +++ b/NetworkPkg/HttpDxe/HttpProto.c @@ -1,9 +1,9 @@ /** @file Miscellaneous routines for HttpDxe driver. =20 -Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2016 Hewlett Packard Enterprise Development LP
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at http://opensource.org/licenses/bsd-license.php @@ -1474,64 +1474,101 @@ HttpTransmitTcp ( EFI_STATUS Status; EFI_TCP4_IO_TOKEN *Tx4Token; EFI_TCP4_PROTOCOL *Tcp4; EFI_TCP6_IO_TOKEN *Tx6Token; EFI_TCP6_PROTOCOL *Tcp6; - UINT8 *Buffer; =20 - UINTN BufferSize; + UINT8 *TlsRecord; =20 + UINT16 PayloadSize; NET_FRAGMENT TempFragment; + NET_FRAGMENT Fragment; + UINTN RecordCount; + UINTN RemainingLen; =20 Status =3D EFI_SUCCESS; - Buffer =3D NULL; + TlsRecord =3D NULL; + PayloadSize =3D 0; TempFragment.Len =3D 0; TempFragment.Bulk =3D NULL; + Fragment.Len =3D 0; + Fragment.Bulk =3D NULL; + RecordCount =3D 0; + RemainingLen =3D 0; =20 // // Need to encrypt data. // if (HttpInstance->UseHttps) { // - // Build BufferOut data + // Allocate enough buffer for each TLS plaintext records. // - BufferSize =3D sizeof (TLS_RECORD_HEADER) + TxStringLen; - Buffer =3D AllocateZeroPool (BufferSize); - if (Buffer =3D=3D NULL) { + TlsRecord =3D AllocateZeroPool (TLS_RECORD_HEADER_LENGTH + TLS_PLAINTE= XT_RECORD_MAX_PAYLOAD_LENGTH); + if (TlsRecord =3D=3D NULL) { Status =3D EFI_OUT_OF_RESOURCES; return Status; } - ((TLS_RECORD_HEADER *) Buffer)->ContentType =3D TlsContentTypeApplicat= ionData; - ((TLS_RECORD_HEADER *) Buffer)->Version.Major =3D HttpInstance->TlsCon= figData.Version.Major; - ((TLS_RECORD_HEADER *) Buffer)->Version.Minor =3D HttpInstance->TlsCon= figData.Version.Minor; - ((TLS_RECORD_HEADER *) Buffer)->Length =3D (UINT16) (TxStringLen); - CopyMem (Buffer + sizeof (TLS_RECORD_HEADER), TxString, TxStringLen); - =20 + // - // Encrypt Packet. + // Allocate enough buffer for all TLS ciphertext records. // - Status =3D TlsProcessMessage ( - HttpInstance,=20 - Buffer,=20 - BufferSize,=20 - EfiTlsEncrypt,=20 - &TempFragment - ); - =20 - FreePool (Buffer); + RecordCount =3D TxStringLen / TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH = + 1; + Fragment.Bulk =3D AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_L= ENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH)); + if (Fragment.Bulk =3D=3D NULL) { + Status =3D EFI_OUT_OF_RESOURCES; + goto ON_ERROR; + } =20 - if (EFI_ERROR (Status)) { - return Status; + // + // Encrypt each TLS plaintext records. + // + RemainingLen =3D TxStringLen; + while (RemainingLen !=3D 0) { + PayloadSize =3D (UINT16) MIN (TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGT= H, RemainingLen); + =20 + ((TLS_RECORD_HEADER *) TlsRecord)->ContentType =3D TlsContentTypeApp= licationData; + ((TLS_RECORD_HEADER *) TlsRecord)->Version.Major =3D HttpInstance->T= lsConfigData.Version.Major; + ((TLS_RECORD_HEADER *) TlsRecord)->Version.Minor =3D HttpInstance->T= lsConfigData.Version.Minor; + ((TLS_RECORD_HEADER *) TlsRecord)->Length =3D PayloadSize; + + CopyMem (TlsRecord + TLS_RECORD_HEADER_LENGTH, TxString + (TxStringL= en - RemainingLen), PayloadSize); + =20 + Status =3D TlsProcessMessage ( + HttpInstance,=20 + TlsRecord,=20 + TLS_RECORD_HEADER_LENGTH + PayloadSize,=20 + EfiTlsEncrypt,=20 + &TempFragment + ); + if (EFI_ERROR (Status)) { + goto ON_ERROR; + } + + // + // Record the processed/encrypted Packet.=20 + // + CopyMem (Fragment.Bulk + Fragment.Len, TempFragment.Bulk, TempFragme= nt.Len); + Fragment.Len +=3D TempFragment.Len; + + FreePool (TempFragment.Bulk); + TempFragment.Len =3D 0; + TempFragment.Bulk =3D NULL; + =20 + RemainingLen -=3D (UINTN) PayloadSize; + ZeroMem (TlsRecord, TLS_RECORD_HEADER_LENGTH + TLS_PLAINTEXT_RECORD_= MAX_PAYLOAD_LENGTH); } + + FreePool (TlsRecord); + TlsRecord =3D NULL; } =20 if (!HttpInstance->LocalAddressIsIPv6) { Tcp4 =3D HttpInstance->Tcp4; Tx4Token =3D &Wrap->TcpWrap.Tx4Token; =20 if (HttpInstance->UseHttps) { - Tx4Token->Packet.TxData->DataLength =3D TempFragment.Len; - Tx4Token->Packet.TxData->FragmentTable[0].FragmentLength =3D TempFra= gment.Len; - Tx4Token->Packet.TxData->FragmentTable[0].FragmentBuffer =3D (VOID *= ) TempFragment.Bulk; + Tx4Token->Packet.TxData->DataLength =3D Fragment.Len; + Tx4Token->Packet.TxData->FragmentTable[0].FragmentLength =3D Fragmen= t.Len; + Tx4Token->Packet.TxData->FragmentTable[0].FragmentBuffer =3D (VOID *= ) Fragment.Bulk; } else { Tx4Token->Packet.TxData->DataLength =3D (UINT32) TxStringLen; Tx4Token->Packet.TxData->FragmentTable[0].FragmentLength =3D (UINT32= ) TxStringLen; Tx4Token->Packet.TxData->FragmentTable[0].FragmentBuffer =3D (VOID *= ) TxString; } @@ -1540,21 +1577,21 @@ HttpTransmitTcp ( =20 Wrap->TcpWrap.IsTxDone =3D FALSE; Status =3D Tcp4->Transmit (Tcp4, Tx4Token); if (EFI_ERROR (Status)) { DEBUG ((EFI_D_ERROR, "Transmit failed: %r\n", Status)); - return Status; + goto ON_ERROR; } =20 } else { Tcp6 =3D HttpInstance->Tcp6; Tx6Token =3D &Wrap->TcpWrap.Tx6Token; =20 if (HttpInstance->UseHttps) { - Tx6Token->Packet.TxData->DataLength =3D TempFragment.Len; - Tx6Token->Packet.TxData->FragmentTable[0].FragmentLength =3D TempFra= gment.Len; - Tx6Token->Packet.TxData->FragmentTable[0].FragmentBuffer =3D (VOID *= ) TempFragment.Bulk; + Tx6Token->Packet.TxData->DataLength =3D Fragment.Len; + Tx6Token->Packet.TxData->FragmentTable[0].FragmentLength =3D Fragmen= t.Len; + Tx6Token->Packet.TxData->FragmentTable[0].FragmentBuffer =3D (VOID *= ) Fragment.Bulk; } else { Tx6Token->Packet.TxData->DataLength =3D (UINT32) TxStringLen; Tx6Token->Packet.TxData->FragmentTable[0].FragmentLength =3D (UINT32= ) TxStringLen; Tx6Token->Packet.TxData->FragmentTable[0].FragmentBuffer =3D (VOID *= ) TxString; } @@ -1563,14 +1600,30 @@ HttpTransmitTcp ( =20 Wrap->TcpWrap.IsTxDone =3D FALSE; Status =3D Tcp6->Transmit (Tcp6, Tx6Token); if (EFI_ERROR (Status)) { DEBUG ((EFI_D_ERROR, "Transmit failed: %r\n", Status)); - return Status; + goto ON_ERROR; } } =20 + return Status; + +ON_ERROR: + =20 + if (HttpInstance->UseHttps) { + if (TlsRecord !=3D NULL) { + FreePool (TlsRecord); + TlsRecord =3D NULL; + } + =20 + if (Fragment.Bulk !=3D NULL) { + FreePool (Fragment.Bulk); + Fragment.Bulk =3D NULL; + } + } + return Status; } =20 /** Check whether the user's token or event has already diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSu= pport.c index f5e5911b86..5105a2014c 100644 --- a/NetworkPkg/HttpDxe/HttpsSupport.c +++ b/NetworkPkg/HttpDxe/HttpsSupport.c @@ -949,11 +949,11 @@ TlsReceiveOnePdu ( InitializeListHead (NbufList); =20 // // Allocate buffer to receive one TLS header. // - Len =3D sizeof (TLS_RECORD_HEADER); + Len =3D TLS_RECORD_HEADER_LENGTH; PduHdr =3D NetbufAlloc (Len); if (PduHdr =3D=3D NULL) { Status =3D EFI_OUT_OF_RESOURCES; goto ON_EXIT; } @@ -1389,15 +1389,23 @@ TlsCloseSession ( =20 /** Process one message according to the CryptMode. =20 @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure. - @param[in] Message Pointer to the message buffer neede= d to processed. + @param[in] Message Pointer to the message buffer neede= d to processed.=20 + If ProcessMode is EfiTlsEncrypt, th= e message contain the TLS + header and plain text TLS APP paylo= ad. + If ProcessMode is EfiTlsDecrypt, th= e message contain the TLS=20 + header and cipher text TLS APP payl= oad. @param[in] MessageSize Pointer to the message buffer size. @param[in] ProcessMode Process mode. @param[in, out] Fragment Only one Fragment returned after th= e Message is processed successfully. + If ProcessMode is EfiTlsEncrypt, th= e fragment contain the TLS=20 + header and cipher text TLS APP payl= oad. + If ProcessMode is EfiTlsDecrypt, th= e fragment contain the TLS=20 + header and plain text TLS APP paylo= ad. =20 @retval EFI_SUCCESS Message is processed successfully. @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. @retval Others Other errors as indicated. =20 @@ -1496,10 +1504,13 @@ TlsProcessMessage ( Fragment->Bulk =3D Buffer; =20 ON_EXIT: =20 if (OriginalFragmentTable !=3D NULL) { + if( FragmentTable =3D=3D OriginalFragmentTable) { + FragmentTable =3D NULL; + } FreePool (OriginalFragmentTable); OriginalFragmentTable =3D NULL; } =20 // @@ -1680,11 +1691,11 @@ HttpsReceive ( if (BufferIn =3D=3D NULL) { Status =3D EFI_OUT_OF_RESOURCES; return Status; } =20 - CopyMem (BufferIn, TempFragment.Bulk + sizeof (TLS_RECORD_HEADER), Buf= ferInSize); + CopyMem (BufferIn, TempFragment.Bulk + TLS_RECORD_HEADER_LENGTH, Buffe= rInSize); =20 // // Free the buffer in TempFragment. // FreePool (TempFragment.Bulk); diff --git a/NetworkPkg/HttpDxe/HttpsSupport.h b/NetworkPkg/HttpDxe/HttpsSu= pport.h index f7a2d303e6..5d4ca01108 100644 --- a/NetworkPkg/HttpDxe/HttpsSupport.h +++ b/NetworkPkg/HttpDxe/HttpsSupport.h @@ -1,9 +1,9 @@ /** @file The header files of miscellaneous routines specific to Https for HttpDxe= driver. =20 -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at http://opensource.org/licenses/bsd-license.php =20 @@ -215,15 +215,23 @@ TlsCloseSession ( =20 /** Process one message according to the CryptMode. =20 @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure. - @param[in] Message Pointer to the message buffer neede= d to processed. + @param[in] Message Pointer to the message buffer neede= d to processed.=20 + If ProcessMode is EfiTlsEncrypt, th= e message contain the TLS + header and plain text TLS APP paylo= ad. + If ProcessMode is EfiTlsDecrypt, th= e message contain the TLS=20 + header and cipher text TLS APP payl= oad. @param[in] MessageSize Pointer to the message buffer size. @param[in] ProcessMode Process mode. @param[in, out] Fragment Only one Fragment returned after th= e Message is processed successfully. + If ProcessMode is EfiTlsEncrypt, th= e fragment contain the TLS=20 + header and cipher text TLS APP payl= oad. + If ProcessMode is EfiTlsDecrypt, th= e fragment contain the TLS=20 + header and plain text TLS APP paylo= ad. =20 @retval EFI_SUCCESS Message is processed successfully. @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. @retval Others Other errors as indicated. =20 --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel