From nobody Sat Nov 2 14:26:26 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1490111865318920.5930066921984; Tue, 21 Mar 2017 08:57:45 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id EFFEE80387; Tue, 21 Mar 2017 08:57:40 -0700 (PDT) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 72CBE80387 for ; Tue, 21 Mar 2017 08:57:39 -0700 (PDT) Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Mar 2017 08:57:39 -0700 Received: from qlong-mobl1.ccr.corp.intel.com ([10.255.31.111]) by orsmga002.jf.intel.com with ESMTP; 21 Mar 2017 08:57:37 -0700 X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=intel.com; i=@intel.com; q=dns/txt; s=intel; t=1490111859; x=1521647859; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=LeZJF6cNUh1ZZlArJLNEFGyxOF7kzVRPAzGqsHiOWKc=; b=lCxLElnKeDfhzSFFmDN6PVeyQExokg+CXzAL1jRcL1rNQA8Kq3ksFWUN UoIDxd21npkS2bfoTtOnFv6EXrYe8w==; X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.36,198,1486454400"; d="scan'208";a="63202388" From: Qin Long To: edk2-devel@lists.01.org Date: Tue, 21 Mar 2017 23:56:12 +0800 Message-Id: <20170321155612.1192-10-qin.long@intel.com> X-Mailer: git-send-email 2.11.1.windows.1 In-Reply-To: <20170321155612.1192-1-qin.long@intel.com> References: <20170321155612.1192-1-qin.long@intel.com> Subject: [edk2] [PATCH v1 9/9] CryptoPkg/TlsLib: Update TLS Wrapper Library to align with OpenSSL changes. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: ard.biesheuvel@linaro.org, ting.ye@intel.com, ronald.cron@arm.com, jiaxin.wu@intel.com, glin@suse.com, lersek@redhat.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" This patch update the wrapper implementation in TlsLib to align with the latest OpenSSL-1.1.0xx API changes. Cc: Jiaxin Wu Cc: Ting Ye Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Gary Lin Cc: Ronald Cron Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long --- CryptoPkg/Library/TlsLib/InternalTlsLib.h | 6 +++++- CryptoPkg/Library/TlsLib/TlsConfig.c | 21 +++++++++++++-------- CryptoPkg/Library/TlsLib/TlsInit.c | 19 ++++++++++--------- 3 files changed, 28 insertions(+), 18 deletions(-) diff --git a/CryptoPkg/Library/TlsLib/InternalTlsLib.h b/CryptoPkg/Library/= TlsLib/InternalTlsLib.h index e75146648d..f3a662afea 100644 --- a/CryptoPkg/Library/TlsLib/InternalTlsLib.h +++ b/CryptoPkg/Library/TlsLib/InternalTlsLib.h @@ -1,7 +1,7 @@ /** @file Internal include file for TlsLib. =20 -Copyright (c) 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -15,6 +15,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHE= R EXPRESS OR IMPLIED. #ifndef __INTERNAL_TLS_LIB_H__ #define __INTERNAL_TLS_LIB_H__ =20 +#undef _WIN32 +#undef _WIN64 +#undef _MSC_VER + #include #include #include diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLi= b/TlsConfig.c index f103da4321..3586be3945 100644 --- a/CryptoPkg/Library/TlsLib/TlsConfig.c +++ b/CryptoPkg/Library/TlsLib/TlsConfig.c @@ -128,24 +128,30 @@ TlsSetVersion ( =20 ProtoVersion =3D (MajorVer << 8) | MinorVer; =20 + // + // Using the general-purpose version-flexible SSL/TLS methods here. + // The actual protocol version used in OpenSSL-1.1.xx will be negoriated + // to the highest version mutually supported by the client and server. + // Old TLSv1_x_method() was marked as deprecated. + // switch (ProtoVersion) { case TLS1_VERSION: // // TLS 1.0 // - SSL_set_ssl_method (TlsConn->Ssl, TLSv1_method ()); + SSL_set_ssl_method (TlsConn->Ssl, TLS_method ()); break; case TLS1_1_VERSION: // // TLS 1.1 // - SSL_set_ssl_method (TlsConn->Ssl, TLSv1_1_method ()); + SSL_set_ssl_method (TlsConn->Ssl, TLS_method ()); break; case TLS1_2_VERSION: // // TLS 1.2 // - SSL_set_ssl_method (TlsConn->Ssl, TLSv1_2_method ()); + SSL_set_ssl_method (TlsConn->Ssl, TLS_method ()); break; default: // @@ -384,8 +390,7 @@ TlsSetSessionId ( return EFI_UNSUPPORTED; } =20 - Session->session_id_length =3D SessionIdLen; - CopyMem (Session->session_id, SessionId, Session->session_id_length); + SSL_SESSION_set1_id (Session, (const unsigned char *)SessionId, SessionI= dLen); =20 return EFI_SUCCESS; } @@ -847,7 +852,7 @@ TlsGetClientRandom ( return; } =20 - CopyMem (ClientRandom, TlsConn->Ssl->s3->client_random, SSL3_RANDOM_SIZE= ); + SSL_get_client_random (TlsConn->Ssl, ClientRandom, SSL3_RANDOM_SIZE); } =20 /** @@ -876,7 +881,7 @@ TlsGetServerRandom ( return; } =20 - CopyMem (ServerRandom, TlsConn->Ssl->s3->server_random, SSL3_RANDOM_SIZE= ); + SSL_get_server_random (TlsConn->Ssl, ServerRandom, SSL3_RANDOM_SIZE); } =20 /** @@ -916,7 +921,7 @@ TlsGetKeyMaterial ( return EFI_UNSUPPORTED; } =20 - CopyMem (KeyMaterial, Session->master_key, Session->master_key_length); + SSL_SESSION_get_master_key (Session, KeyMaterial, SSL3_MASTER_SECRET_SIZ= E); =20 return EFI_SUCCESS; } diff --git a/CryptoPkg/Library/TlsLib/TlsInit.c b/CryptoPkg/Library/TlsLib/= TlsInit.c index 6b1fd93ea9..d7b8899ac2 100644 --- a/CryptoPkg/Library/TlsLib/TlsInit.c +++ b/CryptoPkg/Library/TlsLib/TlsInit.c @@ -1,7 +1,7 @@ /** @file SSL/TLS Initialization Library Wrapper Implementation over OpenSSL. =20 -Copyright (c) 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
(C) Copyright 2016 Hewlett Packard Enterprise Development LP
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License @@ -33,14 +33,10 @@ TlsInitialize ( // Performs initialization of crypto and ssl library, and loads required // algorithms. // - SSL_library_init (); - - // - // Loads error strings from both crypto and ssl library. - // - SSL_load_error_strings (); - - /// OpenSSL_add_all_algorithms(); + OPENSSL_init_ssl ( + OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, + NULL + ); =20 // // Initialize the pseudorandom number generator. @@ -220,6 +216,11 @@ TlsNew ( } =20 // + // This retains compatibility with previous version of OpenSSL. + // + SSL_set_security_level (TlsConn->Ssl, 0); + + // // Initialize the created SSL Object // SSL_set_info_callback (TlsConn->Ssl, NULL); --=20 2.11.1.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel