From nobody Tue Feb 10 04:32:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521506230961786.6014283043005; Mon, 19 Mar 2018 17:37:10 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 4AE752202E4A9; Mon, 19 Mar 2018 17:30:37 -0700 (PDT) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 39129225B02AF for ; Mon, 19 Mar 2018 17:30:35 -0700 (PDT) Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Mar 2018 17:37:04 -0700 Received: from jiaxinwu-mobl2.ccr.corp.intel.com ([10.239.196.39]) by orsmga005.jf.intel.com with ESMTP; 19 Mar 2018 17:37:02 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.115; helo=mga14.intel.com; envelope-from=jiaxin.wu@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,332,1517904000"; d="scan'208";a="209637213" From: Jiaxin Wu To: edk2-devel@lists.01.org Date: Tue, 20 Mar 2018 08:36:56 +0800 Message-Id: <20180320003657.4524-3-jiaxin.wu@intel.com> X-Mailer: git-send-email 2.16.2.windows.1 In-Reply-To: <20180320003657.4524-1-jiaxin.wu@intel.com> References: <20180320003657.4524-1-jiaxin.wu@intel.com> Subject: [edk2] [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Karunakar P , Ye Ting , Fu Siyuan MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Cc: Karunakar P Cc: Fu Siyuan Cc: Ye Ting Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu Reviewed-by: Karunakar p --- NetworkPkg/TlsDxe/TlsImpl.c | 74 +++++++++++++++++++++++++++++++----------= ---- NetworkPkg/TlsDxe/TlsImpl.h | 6 +--- 2 files changed, 52 insertions(+), 28 deletions(-) diff --git a/NetworkPkg/TlsDxe/TlsImpl.c b/NetworkPkg/TlsDxe/TlsImpl.c index 8e1238216b..a026075f36 100644 --- a/NetworkPkg/TlsDxe/TlsImpl.c +++ b/NetworkPkg/TlsDxe/TlsImpl.c @@ -1,9 +1,9 @@ /** @file The Miscellaneous Routines for TlsDxe driver. =20 -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
=20 This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at http://opensource.org/licenses/bsd-license.php @@ -48,10 +48,11 @@ TlsEncryptPacket ( UINT16 ThisPlainMessageSize; TLS_RECORD_HEADER *TempRecordHeader; UINT16 ThisMessageSize; UINT32 BufferOutSize; UINT8 *BufferOut; + UINT32 RecordCount; INTN Ret; =20 Status =3D EFI_SUCCESS; BytesCopied =3D 0; BufferInSize =3D 0; @@ -59,10 +60,11 @@ TlsEncryptPacket ( BufferInPtr =3D NULL; RecordHeaderIn =3D NULL; TempRecordHeader =3D NULL; BufferOutSize =3D 0; BufferOut =3D NULL; + RecordCount =3D 0; Ret =3D 0; =20 // // Calculate the size according to the fragment table. // @@ -89,34 +91,46 @@ TlsEncryptPacket ( (*FragmentTable)[Index].FragmentLength ); BytesCopied +=3D (*FragmentTable)[Index].FragmentLength; } =20 - BufferOut =3D AllocateZeroPool (MAX_BUFFER_SIZE); + // + // Count TLS record number. + // + BufferInPtr =3D BufferIn; + while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { + RecordHeaderIn =3D (TLS_RECORD_HEADER *) BufferInPtr; + if (RecordHeaderIn->ContentType !=3D TlsContentTypeApplicationData || = RecordHeaderIn->Length > TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH) { + Status =3D EFI_INVALID_PARAMETER; + goto ERROR; + } + BufferInPtr +=3D TLS_RECORD_HEADER_LENGTH + RecordHeaderIn->Length; + RecordCount ++; + } + =20 + // + // Allocate enough buffer to hold TLS Ciphertext. + // + BufferOut =3D AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH = + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH)); if (BufferOut =3D=3D NULL) { Status =3D EFI_OUT_OF_RESOURCES; goto ERROR; } =20 // - // Parsing buffer. + // Parsing buffer. Received packet may have multiple TLS record messages. // BufferInPtr =3D BufferIn; TempRecordHeader =3D (TLS_RECORD_HEADER *) BufferOut; while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { RecordHeaderIn =3D (TLS_RECORD_HEADER *) BufferInPtr; =20 - if (RecordHeaderIn->ContentType !=3D TlsContentTypeApplicationData) { - Status =3D EFI_INVALID_PARAMETER; - goto ERROR; - } - ThisPlainMessageSize =3D RecordHeaderIn->Length; =20 TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPl= ainMessageSize); =20 - Ret =3D TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordH= eader), MAX_BUFFER_SIZE - BufferOutSize); + Ret =3D TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordH= eader), TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH= ); =20 if (Ret > 0) { ThisMessageSize =3D (UINT16) Ret; } else { // @@ -127,11 +141,11 @@ TlsEncryptPacket ( ThisMessageSize =3D 0; } =20 BufferOutSize +=3D ThisMessageSize; =20 - BufferInPtr +=3D RECORD_HEADER_LEN + ThisPlainMessageSize; + BufferInPtr +=3D TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize; TempRecordHeader +=3D ThisMessageSize; } =20 FreePool (BufferIn); BufferIn =3D NULL; @@ -199,10 +213,11 @@ TlsDecryptPacket ( UINT16 ThisCipherMessageSize; TLS_RECORD_HEADER *TempRecordHeader; UINT16 ThisPlainMessageSize; UINT8 *BufferOut; UINT32 BufferOutSize; + UINT32 RecordCount; INTN Ret; =20 Status =3D EFI_SUCCESS; BytesCopied =3D 0; BufferIn =3D NULL; @@ -210,10 +225,11 @@ TlsDecryptPacket ( BufferInPtr =3D NULL; RecordHeaderIn =3D NULL; TempRecordHeader =3D NULL; BufferOut =3D NULL; BufferOutSize =3D 0; + RecordCount =3D 0; Ret =3D 0; =20 // // Calculate the size according to the fragment table. // @@ -240,11 +256,28 @@ TlsDecryptPacket ( (*FragmentTable)[Index].FragmentLength ); BytesCopied +=3D (*FragmentTable)[Index].FragmentLength; } =20 - BufferOut =3D AllocateZeroPool (MAX_BUFFER_SIZE); + // + // Count TLS record number. + // + BufferInPtr =3D BufferIn; + while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { + RecordHeaderIn =3D (TLS_RECORD_HEADER *) BufferInPtr; + if (RecordHeaderIn->ContentType !=3D TlsContentTypeApplicationData || = NTOHS (RecordHeaderIn->Length) > TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH) { + Status =3D EFI_INVALID_PARAMETER; + goto ERROR; + } + BufferInPtr +=3D TLS_RECORD_HEADER_LENGTH + NTOHS (RecordHeaderIn->Len= gth); + RecordCount ++; + } + + // + // Allocate enough buffer to hold TLS Plaintext. + // + BufferOut =3D AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH = + TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH)); if (BufferOut =3D=3D NULL) { Status =3D EFI_OUT_OF_RESOURCES; goto ERROR; } =20 @@ -254,26 +287,21 @@ TlsDecryptPacket ( BufferInPtr =3D BufferIn; TempRecordHeader =3D (TLS_RECORD_HEADER *) BufferOut; while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { RecordHeaderIn =3D (TLS_RECORD_HEADER *) BufferInPtr; =20 - if (RecordHeaderIn->ContentType !=3D TlsContentTypeApplicationData) { - Status =3D EFI_INVALID_PARAMETER; - goto ERROR; - } - ThisCipherMessageSize =3D NTOHS (RecordHeaderIn->Length); =20 - Ret =3D TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeade= rIn), RECORD_HEADER_LEN + ThisCipherMessageSize); - if (Ret !=3D RECORD_HEADER_LEN + ThisCipherMessageSize) { + Ret =3D TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeade= rIn), TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize); + if (Ret !=3D TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize) { TlsInstance->TlsSessionState =3D EfiTlsSessionError; Status =3D EFI_ABORTED; goto ERROR; } =20 Ret =3D 0; - Ret =3D TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1= ), MAX_BUFFER_SIZE - BufferOutSize); + Ret =3D TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1= ), TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH); =20 if (Ret > 0) { ThisPlainMessageSize =3D (UINT16) Ret; } else { // @@ -282,16 +310,16 @@ TlsDecryptPacket ( DEBUG ((EFI_D_WARN, "TlsDecryptPacket: No data read from TLS object.= \n")); =20 ThisPlainMessageSize =3D 0; } =20 - CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN); + CopyMem (TempRecordHeader, RecordHeaderIn, TLS_RECORD_HEADER_LENGTH); TempRecordHeader->Length =3D ThisPlainMessageSize; - BufferOutSize +=3D RECORD_HEADER_LEN + ThisPlainMessageSize; + BufferOutSize +=3D TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize; =20 - BufferInPtr +=3D RECORD_HEADER_LEN + ThisCipherMessageSize; - TempRecordHeader +=3D RECORD_HEADER_LEN + ThisPlainMessageSize; + BufferInPtr +=3D TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize; + TempRecordHeader +=3D TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize; } =20 FreePool (BufferIn); BufferIn =3D NULL; =20 diff --git a/NetworkPkg/TlsDxe/TlsImpl.h b/NetworkPkg/TlsDxe/TlsImpl.h index 3ae9d0d546..e04b312c19 100644 --- a/NetworkPkg/TlsDxe/TlsImpl.h +++ b/NetworkPkg/TlsDxe/TlsImpl.h @@ -1,9 +1,9 @@ /** @file Header file of Miscellaneous Routines for TlsDxe driver. =20 -Copyright (c) 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
=20 This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at http://opensource.org/licenses/bsd-license.php @@ -44,14 +44,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITH= ER EXPRESS OR IMPLIED. // extern EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding; extern EFI_TLS_PROTOCOL mTlsProtocol; extern EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol; =20 -#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) + Length(2) - -#define MAX_BUFFER_SIZE 32768 - /** Encrypt the message listed in fragment. =20 @param[in] TlsInstance The pointer to the TLS instance. @param[in, out] FragmentTable Pointer to a list of fragment. --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel