From nobody Sun May 5 18:31:33 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+49363+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+49363+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1571780464; cv=none; d=zoho.com; s=zohoarc; b=lF7As57sDIxzyFjfZHKhzKBwSeCTyK8a+/5aZhYnQb18DWGZps8zlBBMojDLAcNA1CaOnUda78zl9X7L0/VtnX2udDrJYTT8DvXNjxGHuizcthXOn0uZbwbaclho/SlqEgsILCyWY0SozAKjfo0x69itQzRgPRMj4QLA761TL8A= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1571780464; h=Content-Transfer-Encoding:Cc:Date:From:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To; bh=05YSo9cWVBMqdq9kU+FjnjFHXNOlqA+YYpjZQ8S4INU=; b=Z3fDre83C0CAknxSN/AHqOWt0Gd0wYOHSwolT2+RICepq4x6xl2U/3mz9OVp09d8xoemo0tXs12Op8lmkBaI6ngGixdvpbEsiprlr2Kj0acb2VwBsFn+wN+47kiB63CYj08gB9SVKZs64RWgclSuniYuYW9e7ICKvNrXQDm4I1k= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+49363+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1571780464738920.5122296489294; Tue, 22 Oct 2019 14:41:04 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Hk4pYY1788612xOxypoVy7QG; Tue, 22 Oct 2019 14:41:03 -0700 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web12.1467.1571780462399560253 for ; Tue, 22 Oct 2019 14:41:02 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Oct 2019 14:41:01 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,217,1569308400"; d="scan'208";a="196584751" X-Received: from unknown (HELO mdkinney-MOBL2.amr.corp.intel.com) ([10.241.111.156]) by fmsmga008.fm.intel.com with ESMTP; 22 Oct 2019 14:41:00 -0700 From: "Michael D Kinney" To: devel@edk2.groups.io Cc: Sean Brogan , Jian J Wang , Xiaoyu Lu Subject: [edk2-devel] [Patch] CryptoPkg: Add Null instance of the TlsLib class Date: Tue, 22 Oct 2019 14:40:58 -0700 Message-Id: <20191022214058.21124-1-michael.d.kinney@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com X-Gm-Message-State: DuHZ5Ucrqh517uijuebJDT6Px1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1571780463; bh=s+wEB9sdTznb41tytgbDWFYYCl51vNwEUPMEo9ttRlw=; h=Cc:Date:From:Reply-To:Subject:To; b=cdTAwQPY6PBoo2Zo2Lh3EJ70FvbvNyWKRQmt3Q+Vhf/KgOaSrjqAUxNiXmKdASwD8rf tkT3IMAdWPfYM9ezDitgaesUP5qk69GvYIRfPoLxvUzDXodTStwN7tqtYalbEaoLE7lA3 iFe2qu87qUPqB7yWDNcLfsmcbrVCzWftKUA= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Sean Brogan https://bugzilla.tianocore.org/show_bug.cgi?id=3D2258 Add a Null instance of the TlsLib class. This lib instance can be used as a template for new implementations of the TlsLib class and can also be used to reduce CI build times for build checks that depend on the TlsLib class. Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Michael D Kinney Reviewed-by: Jian J Wang --- CryptoPkg/CryptoPkg.dsc | 1 + CryptoPkg/Library/TlsLibNull/InternalTlsLib.h | 16 + CryptoPkg/Library/TlsLibNull/TlsConfigNull.c | 622 ++++++++++++++++++ CryptoPkg/Library/TlsLibNull/TlsInitNull.c | 111 ++++ CryptoPkg/Library/TlsLibNull/TlsLibNull.inf | 38 ++ CryptoPkg/Library/TlsLibNull/TlsLibNull.uni | 13 + CryptoPkg/Library/TlsLibNull/TlsProcessNull.c | 247 +++++++ 7 files changed, 1048 insertions(+) create mode 100644 CryptoPkg/Library/TlsLibNull/InternalTlsLib.h create mode 100644 CryptoPkg/Library/TlsLibNull/TlsConfigNull.c create mode 100644 CryptoPkg/Library/TlsLibNull/TlsInitNull.c create mode 100644 CryptoPkg/Library/TlsLibNull/TlsLibNull.inf create mode 100644 CryptoPkg/Library/TlsLibNull/TlsLibNull.uni create mode 100644 CryptoPkg/Library/TlsLibNull/TlsProcessNull.c diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index c90e76c721..cea4335afb 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -115,6 +115,7 @@ [Components] CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf CryptoPkg/Library/TlsLib/TlsLib.inf + CryptoPkg/Library/TlsLibNull/TlsLibNull.inf CryptoPkg/Library/OpensslLib/OpensslLib.inf CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf =20 diff --git a/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h b/CryptoPkg/Libr= ary/TlsLibNull/InternalTlsLib.h new file mode 100644 index 0000000000..888c9066bf --- /dev/null +++ b/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h @@ -0,0 +1,16 @@ +/** @file + Internal include file for TlsLibNull. + +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __INTERNAL_TLS_LIB_NULL_H__ +#define __INTERNAL_TLS_LIB_NULL_H__ + +#include +#include +#include + +#endif diff --git a/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c b/CryptoPkg/Libra= ry/TlsLibNull/TlsConfigNull.c new file mode 100644 index 0000000000..8033a61790 --- /dev/null +++ b/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c @@ -0,0 +1,622 @@ +/** @file + SSL/TLS Configuration Null Library Wrapper Implementation. + +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalTlsLib.h" + +/** + Set a new TLS/SSL method for a particular TLS object. + + This function sets a new TLS/SSL method for a particular TLS object. + + @param[in] Tls Pointer to a TLS object. + @param[in] MajorVer Major Version of TLS/SSL Protocol. + @param[in] MinorVer Minor Version of TLS/SSL Protocol. + + @retval EFI_SUCCESS The TLS/SSL method was set successfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_UNSUPPORTED Unsupported TLS/SSL method. + +**/ +EFI_STATUS +EFIAPI +TlsSetVersion ( + IN VOID *Tls, + IN UINT8 MajorVer, + IN UINT8 MinorVer + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Set TLS object to work in client or server mode. + + This function prepares a TLS object to work in client or server mode. + + @param[in] Tls Pointer to a TLS object. + @param[in] IsServer Work in server mode. + + @retval EFI_SUCCESS The TLS/SSL work mode was set successfull= y. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode. + +**/ +EFI_STATUS +EFIAPI +TlsSetConnectionEnd ( + IN VOID *Tls, + IN BOOLEAN IsServer + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Set the ciphers list to be used by the TLS object. + + This function sets the ciphers for use by a specified TLS object. + + @param[in] Tls Pointer to a TLS object. + @param[in] CipherId Array of UINT16 cipher identifiers. Each UINT16 + cipher identifier comes from the TLS Cipher Sui= te + Registry of the IANA, interpreting Byte1 and By= te2 + in network (big endian) byte order. + @param[in] CipherNum The number of cipher in the list. + + @retval EFI_SUCCESS The ciphers list was set successfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_UNSUPPORTED No supported TLS cipher was found in Ciph= erId. + @retval EFI_OUT_OF_RESOURCES Memory allocation failed. + +**/ +EFI_STATUS +EFIAPI +TlsSetCipherList ( + IN VOID *Tls, + IN UINT16 *CipherId, + IN UINTN CipherNum + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Set the compression method for TLS/SSL operations. + + This function handles TLS/SSL integrated compression methods. + + @param[in] CompMethod The compression method ID. + + @retval EFI_SUCCESS The compression method for the communication= was + set successfully. + @retval EFI_UNSUPPORTED Unsupported compression method. + +**/ +EFI_STATUS +EFIAPI +TlsSetCompressionMethod ( + IN UINT8 CompMethod + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Set peer certificate verification mode for the TLS connection. + + This function sets the verification mode flags for the TLS connection. + + @param[in] Tls Pointer to the TLS object. + @param[in] VerifyMode A set of logically or'ed verification mode fla= gs. + +**/ +VOID +EFIAPI +TlsSetVerify ( + IN VOID *Tls, + IN UINT32 VerifyMode + ) +{ + ASSERT(FALSE); +} + +// MU_CHANGE - Proposed fixes for TCBZ960, invalid domain name (CN) accept= ed. [BEGIN] +/** + Set the specified host name to be verified. + + @param[in] Tls Pointer to the TLS object. + @param[in] Flags The setting flags during the validation. + @param[in] HostName The specified host name to be verified. + + @retval EFI_SUCCESS The HostName setting was set successfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_ABORTED Invalid HostName setting. + +**/ +EFI_STATUS +EFIAPI +TlsSetVerifyHost ( + IN VOID *Tls, + IN UINT32 Flags, + IN CHAR8 *HostName + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +// MU_CHANGE - Proposed fixes for TCBZ960, invalid domain name (CN) accept= ed. [END] + +/** + Sets a TLS/SSL session ID to be used during TLS/SSL connect. + + This function sets a session ID to be used when the TLS/SSL connection is + to be established. + + @param[in] Tls Pointer to the TLS object. + @param[in] SessionId Session ID data used for session resumption. + @param[in] SessionIdLen Length of Session ID in bytes. + + @retval EFI_SUCCESS Session ID was set successfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_UNSUPPORTED No available session for ID setting. + +**/ +EFI_STATUS +EFIAPI +TlsSetSessionId ( + IN VOID *Tls, + IN UINT8 *SessionId, + IN UINT16 SessionIdLen + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Adds the CA to the cert store when requesting Server or Client authentic= ation. + + This function adds the CA certificate to the list of CAs when requesting + Server or Client authentication for the chosen TLS connection. + + @param[in] Tls Pointer to the TLS object. + @param[in] Data Pointer to the data buffer of a DER-encoded bina= ry + X.509 certificate or PEM-encoded X.509 certifica= te. + @param[in] DataSize The size of data buffer in bytes. + + @retval EFI_SUCCESS The operation succeeded. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_OUT_OF_RESOURCES Required resources could not be allocat= ed. + @retval EFI_ABORTED Invalid X.509 certificate. + +**/ +EFI_STATUS +EFIAPI +TlsSetCaCertificate ( + IN VOID *Tls, + IN VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Loads the local public certificate into the specified TLS object. + + This function loads the X.509 certificate into the specified TLS object + for TLS negotiation. + + @param[in] Tls Pointer to the TLS object. + @param[in] Data Pointer to the data buffer of a DER-encoded bina= ry + X.509 certificate or PEM-encoded X.509 certifica= te. + @param[in] DataSize The size of data buffer in bytes. + + @retval EFI_SUCCESS The operation succeeded. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_OUT_OF_RESOURCES Required resources could not be allocat= ed. + @retval EFI_ABORTED Invalid X.509 certificate. + +**/ +EFI_STATUS +EFIAPI +TlsSetHostPublicCert ( + IN VOID *Tls, + IN VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Adds the local private key to the specified TLS object. + + This function adds the local private key (PEM-encoded RSA or PKCS#8 priv= ate + key) into the specified TLS object for TLS negotiation. + + @param[in] Tls Pointer to the TLS object. + @param[in] Data Pointer to the data buffer of a PEM-encoded RSA + or PKCS#8 private key. + @param[in] DataSize The size of data buffer in bytes. + + @retval EFI_SUCCESS The operation succeeded. + @retval EFI_UNSUPPORTED This function is not supported. + @retval EFI_ABORTED Invalid private key data. + +**/ +EFI_STATUS +EFIAPI +TlsSetHostPrivateKey ( + IN VOID *Tls, + IN VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Adds the CA-supplied certificate revocation list for certificate validat= ion. + + This function adds the CA-supplied certificate revocation list data for + certificate validity checking. + + @param[in] Data Pointer to the data buffer of a DER-encoded CRL = data. + @param[in] DataSize The size of data buffer in bytes. + + @retval EFI_SUCCESS The operation succeeded. + @retval EFI_UNSUPPORTED This function is not supported. + @retval EFI_ABORTED Invalid CRL data. + +**/ +EFI_STATUS +EFIAPI +TlsSetCertRevocationList ( + IN VOID *Data, + IN UINTN DataSize + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Gets the protocol version used by the specified TLS connection. + + This function returns the protocol version used by the specified TLS + connection. + + If Tls is NULL, then ASSERT(). + + @param[in] Tls Pointer to the TLS object. + + @return The protocol version of the specified TLS connection. + +**/ +UINT16 +EFIAPI +TlsGetVersion ( + IN VOID *Tls + ) +{ + ASSERT(FALSE); + return 0; +} + +/** + Gets the connection end of the specified TLS connection. + + This function returns the connection end (as client or as server) used by + the specified TLS connection. + + If Tls is NULL, then ASSERT(). + + @param[in] Tls Pointer to the TLS object. + + @return The connection end used by the specified TLS connection. + +**/ +UINT8 +EFIAPI +TlsGetConnectionEnd ( + IN VOID *Tls + ) +{ + ASSERT(FALSE); + return 0; +} + +/** + Gets the cipher suite used by the specified TLS connection. + + This function returns current cipher suite used by the specified + TLS connection. + + @param[in] Tls Pointer to the TLS object. + @param[in,out] CipherId The cipher suite used by the TLS object. + + @retval EFI_SUCCESS The cipher suite was returned successfull= y. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_UNSUPPORTED Unsupported cipher suite. + +**/ +EFI_STATUS +EFIAPI +TlsGetCurrentCipher ( + IN VOID *Tls, + IN OUT UINT16 *CipherId + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Gets the compression methods used by the specified TLS connection. + + This function returns current integrated compression methods used by + the specified TLS connection. + + @param[in] Tls Pointer to the TLS object. + @param[in,out] CompressionId The current compression method used by + the TLS object. + + @retval EFI_SUCCESS The compression method was returned succe= ssfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_ABORTED Invalid Compression method. + @retval EFI_UNSUPPORTED This function is not supported. + +**/ +EFI_STATUS +EFIAPI +TlsGetCurrentCompressionId ( + IN VOID *Tls, + IN OUT UINT8 *CompressionId + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Gets the verification mode currently set in the TLS connection. + + This function returns the peer verification mode currently set in the + specified TLS connection. + + If Tls is NULL, then ASSERT(). + + @param[in] Tls Pointer to the TLS object. + + @return The verification mode set in the specified TLS connection. + +**/ +UINT32 +EFIAPI +TlsGetVerify ( + IN VOID *Tls + ) +{ + ASSERT(FALSE); + return 0; +} + +/** + Gets the session ID used by the specified TLS connection. + + This function returns the TLS/SSL session ID currently used by the + specified TLS connection. + + @param[in] Tls Pointer to the TLS object. + @param[in,out] SessionId Buffer to contain the returned session I= D. + @param[in,out] SessionIdLen The length of Session ID in bytes. + + @retval EFI_SUCCESS The Session ID was returned successfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_UNSUPPORTED Invalid TLS/SSL session. + +**/ +EFI_STATUS +EFIAPI +TlsGetSessionId ( + IN VOID *Tls, + IN OUT UINT8 *SessionId, + IN OUT UINT16 *SessionIdLen + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Gets the client random data used in the specified TLS connection. + + This function returns the TLS/SSL client random data currently used in + the specified TLS connection. + + @param[in] Tls Pointer to the TLS object. + @param[in,out] ClientRandom Buffer to contain the returned client + random data (32 bytes). + +**/ +VOID +EFIAPI +TlsGetClientRandom ( + IN VOID *Tls, + IN OUT UINT8 *ClientRandom + ) +{ + ASSERT(FALSE); +} + +/** + Gets the server random data used in the specified TLS connection. + + This function returns the TLS/SSL server random data currently used in + the specified TLS connection. + + @param[in] Tls Pointer to the TLS object. + @param[in,out] ServerRandom Buffer to contain the returned server + random data (32 bytes). + +**/ +VOID +EFIAPI +TlsGetServerRandom ( + IN VOID *Tls, + IN OUT UINT8 *ServerRandom + ) +{ + ASSERT(FALSE); +} + +/** + Gets the master key data used in the specified TLS connection. + + This function returns the TLS/SSL master key material currently used in + the specified TLS connection. + + @param[in] Tls Pointer to the TLS object. + @param[in,out] KeyMaterial Buffer to contain the returned key materi= al. + + @retval EFI_SUCCESS Key material was returned successfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_UNSUPPORTED Invalid TLS/SSL session. + +**/ +EFI_STATUS +EFIAPI +TlsGetKeyMaterial ( + IN VOID *Tls, + IN OUT UINT8 *KeyMaterial + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Gets the CA Certificate from the cert store. + + This function returns the CA certificate for the chosen + TLS connection. + + @param[in] Tls Pointer to the TLS object. + @param[out] Data Pointer to the data buffer to receive the CA + certificate data sent to the client. + @param[in,out] DataSize The size of data buffer in bytes. + + @retval EFI_SUCCESS The operation succeeded. + @retval EFI_UNSUPPORTED This function is not supported. + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data. + +**/ +EFI_STATUS +EFIAPI +TlsGetCaCertificate ( + IN VOID *Tls, + OUT VOID *Data, + IN OUT UINTN *DataSize + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Gets the local public Certificate set in the specified TLS object. + + This function returns the local public certificate which was currently s= et + in the specified TLS object. + + @param[in] Tls Pointer to the TLS object. + @param[out] Data Pointer to the data buffer to receive the lo= cal + public certificate. + @param[in,out] DataSize The size of data buffer in bytes. + + @retval EFI_SUCCESS The operation succeeded. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_NOT_FOUND The certificate is not found. + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data. + +**/ +EFI_STATUS +EFIAPI +TlsGetHostPublicCert ( + IN VOID *Tls, + OUT VOID *Data, + IN OUT UINTN *DataSize + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Gets the local private key set in the specified TLS object. + + This function returns the local private key data which was currently set + in the specified TLS object. + + @param[in] Tls Pointer to the TLS object. + @param[out] Data Pointer to the data buffer to receive the lo= cal + private key data. + @param[in,out] DataSize The size of data buffer in bytes. + + @retval EFI_SUCCESS The operation succeeded. + @retval EFI_UNSUPPORTED This function is not supported. + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data. + +**/ +EFI_STATUS +EFIAPI +TlsGetHostPrivateKey ( + IN VOID *Tls, + OUT VOID *Data, + IN OUT UINTN *DataSize + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Gets the CA-supplied certificate revocation list data set in the specifi= ed + TLS object. + + This function returns the CA-supplied certificate revocation list data w= hich + was currently set in the specified TLS object. + + @param[out] Data Pointer to the data buffer to receive the CR= L data. + @param[in,out] DataSize The size of data buffer in bytes. + + @retval EFI_SUCCESS The operation succeeded. + @retval EFI_UNSUPPORTED This function is not supported. + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data. + +**/ +EFI_STATUS +EFIAPI +TlsGetCertRevocationList ( + OUT VOID *Data, + IN OUT UINTN *DataSize + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} diff --git a/CryptoPkg/Library/TlsLibNull/TlsInitNull.c b/CryptoPkg/Library= /TlsLibNull/TlsInitNull.c new file mode 100644 index 0000000000..3e44117b82 --- /dev/null +++ b/CryptoPkg/Library/TlsLibNull/TlsInitNull.c @@ -0,0 +1,111 @@ +/** @file + SSL/TLS Initialization Null Library Wrapper Implementation. + +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalTlsLib.h" + +/** + Initializes the library. + + This function registers ciphers and digests used directly and indirectly + by SSL/TLS, and initializes the readable error messages. + This function must be called before any other action takes places. + + @retval TRUE The library has been initialized. + @retval FALSE Failed to initialize the library. + +**/ +BOOLEAN +EFIAPI +TlsInitialize ( + VOID + ) +{ + ASSERT(FALSE); + return FALSE; +} + +/** + Free an allocated SSL_CTX object. + + @param[in] TlsCtx Pointer to the SSL_CTX object to be released. + +**/ +VOID +EFIAPI +TlsCtxFree ( + IN VOID *TlsCtx + ) +{ + ASSERT(FALSE); + return; +} + +/** + Creates a new SSL_CTX object as framework to establish TLS/SSL enabled + connections. + + @param[in] MajorVer Major Version of TLS/SSL Protocol. + @param[in] MinorVer Minor Version of TLS/SSL Protocol. + + @return Pointer to an allocated SSL_CTX object. + If the creation failed, TlsCtxNew() returns NULL. + +**/ +VOID * +EFIAPI +TlsCtxNew ( + IN UINT8 MajorVer, + IN UINT8 MinorVer + ) +{ + ASSERT(FALSE); + return NULL; +} + +/** + Free an allocated TLS object. + + This function removes the TLS object pointed to by Tls and frees up the + allocated memory. If Tls is NULL, nothing is done. + + @param[in] Tls Pointer to the TLS object to be freed. + +**/ +VOID +EFIAPI +TlsFree ( + IN VOID *Tls + ) +{ + ASSERT(FALSE); +} + +/** + Create a new TLS object for a connection. + + This function creates a new TLS object for a connection. The new object + inherits the setting of the underlying context TlsCtx: connection method, + options, verification setting. + + @param[in] TlsCtx Pointer to the SSL_CTX object. + + @return Pointer to an allocated SSL object. + If the creation failed, TlsNew() returns NULL. + +**/ +VOID * +EFIAPI +TlsNew ( + IN VOID *TlsCtx + ) +{ + ASSERT(FALSE); + return NULL; +} + diff --git a/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf b/CryptoPkg/Librar= y/TlsLibNull/TlsLibNull.inf new file mode 100644 index 0000000000..33f0e7493f --- /dev/null +++ b/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf @@ -0,0 +1,38 @@ +## @file +# SSL/TLS Wrapper Null Library Instance. +# +# Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
+# (C) Copyright 2016 Hewlett Packard Enterprise Development LP
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D TlsLibNull + MODULE_UNI_FILE =3D TlsLibNull.uni + FILE_GUID =3D 705a5b3b-cfa5-42ea-87f0-f2b8d44ec521 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D TlsLib + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 +# + +[Sources] + InternalTlsLib.h + TlsInitNull.c + TlsConfigNull.c + TlsProcessNull.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseCryptLib + DebugLib + BaseLib diff --git a/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni b/CryptoPkg/Librar= y/TlsLibNull/TlsLibNull.uni new file mode 100644 index 0000000000..869f3fcf78 --- /dev/null +++ b/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni @@ -0,0 +1,13 @@ +// /** @file +// SSL/TLS Wrapper Null Library Instance. +// +// Copyright (c) 2016, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "SSL/TLS Wrapper N= ull Library Instance" + +#string STR_MODULE_DESCRIPTION #language en-US "This module provi= des SSL/TLS Wrapper Null Library Instance." diff --git a/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c b/CryptoPkg/Libr= ary/TlsLibNull/TlsProcessNull.c new file mode 100644 index 0000000000..2949d4c885 --- /dev/null +++ b/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c @@ -0,0 +1,247 @@ +/** @file + SSL/TLS Process Null Library Wrapper Implementation. + The process includes the TLS handshake and packet I/O. + +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalTlsLib.h" + +/** + Checks if the TLS handshake was done. + + This function will check if the specified TLS handshake was done. + + @param[in] Tls Pointer to the TLS object for handshake state checkin= g. + + @retval TRUE The TLS handshake was done. + @retval FALSE The TLS handshake was not done. + +**/ +BOOLEAN +EFIAPI +TlsInHandshake ( + IN VOID *Tls + ) +{ + ASSERT(FALSE); + return FALSE; +} + +/** + Perform a TLS/SSL handshake. + + This function will perform a TLS/SSL handshake. + + @param[in] Tls Pointer to the TLS object for handshake = operation. + @param[in] BufferIn Pointer to the most recently received TL= S Handshake packet. + @param[in] BufferInSize Packet size in bytes for the most recent= ly received TLS + Handshake packet. + @param[out] BufferOut Pointer to the buffer to hold the built = packet. + @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On = input, it is + the buffer size provided by the caller. = On output, it + is the buffer size in fact needed to con= tain the + packet. + + @retval EFI_SUCCESS The required TLS packet is built success= fully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions = is TRUE: + Tls is NULL. + BufferIn is NULL but BufferInSize is NOT= 0. + BufferInSize is 0 but BufferIn is NOT NU= LL. + BufferOutSize is NULL. + BufferOut is NULL if *BufferOutSize is n= ot zero. + @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the r= esponse packet. + @retval EFI_ABORTED Something wrong during handshake. + +**/ +EFI_STATUS +EFIAPI +TlsDoHandshake ( + IN VOID *Tls, + IN UINT8 *BufferIn, OPTIONAL + IN UINTN BufferInSize, OPTIONAL + OUT UINT8 *BufferOut, OPTIONAL + IN OUT UINTN *BufferOutSize + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Handle Alert message recorded in BufferIn. If BufferIn is NULL and Buffe= rInSize is zero, + TLS session has errors and the response packet needs to be Alert message= based on error type. + + @param[in] Tls Pointer to the TLS object for state chec= king. + @param[in] BufferIn Pointer to the most recently received TL= S Alert packet. + @param[in] BufferInSize Packet size in bytes for the most recent= ly received TLS + Alert packet. + @param[out] BufferOut Pointer to the buffer to hold the built = packet. + @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On = input, it is + the buffer size provided by the caller. = On output, it + is the buffer size in fact needed to con= tain the + packet. + + @retval EFI_SUCCESS The required TLS packet is built success= fully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions = is TRUE: + Tls is NULL. + BufferIn is NULL but BufferInSize is NOT= 0. + BufferInSize is 0 but BufferIn is NOT NU= LL. + BufferOutSize is NULL. + BufferOut is NULL if *BufferOutSize is n= ot zero. + @retval EFI_ABORTED An error occurred. + @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the r= esponse packet. + +**/ +EFI_STATUS +EFIAPI +TlsHandleAlert ( + IN VOID *Tls, + IN UINT8 *BufferIn, OPTIONAL + IN UINTN BufferInSize, OPTIONAL + OUT UINT8 *BufferOut, OPTIONAL + IN OUT UINTN *BufferOutSize + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Build the CloseNotify packet. + + @param[in] Tls Pointer to the TLS object for state chec= king. + @param[in, out] Buffer Pointer to the buffer to hold the built = packet. + @param[in, out] BufferSize Pointer to the buffer size in bytes. On = input, it is + the buffer size provided by the caller. = On output, it + is the buffer size in fact needed to con= tain the + packet. + + @retval EFI_SUCCESS The required TLS packet is built success= fully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions = is TRUE: + Tls is NULL. + BufferSize is NULL. + Buffer is NULL if *BufferSize is not zer= o. + @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the resp= onse packet. + +**/ +EFI_STATUS +EFIAPI +TlsCloseNotify ( + IN VOID *Tls, + IN OUT UINT8 *Buffer, + IN OUT UINTN *BufferSize + ) +{ + ASSERT(FALSE); + return EFI_UNSUPPORTED; +} + +/** + Attempts to read bytes from one TLS object and places the data in Buffer. + + This function will attempt to read BufferSize bytes from the TLS object + and places the data in Buffer. + + @param[in] Tls Pointer to the TLS object. + @param[in,out] Buffer Pointer to the buffer to store the data. + @param[in] BufferSize The size of Buffer in bytes. + + @retval >0 The amount of data successfully read from the TLS object. + @retval <=3D0 No data was successfully read. + +**/ +INTN +EFIAPI +TlsCtrlTrafficOut ( + IN VOID *Tls, + IN OUT VOID *Buffer, + IN UINTN BufferSize + ) +{ + ASSERT(FALSE); + return 0; +} + +/** + Attempts to write data from the buffer to TLS object. + + This function will attempt to write BufferSize bytes data from the Buffer + to the TLS object. + + @param[in] Tls Pointer to the TLS object. + @param[in] Buffer Pointer to the data buffer. + @param[in] BufferSize The size of Buffer in bytes. + + @retval >0 The amount of data successfully written to the TLS object. + @retval <=3D0 No data was successfully written. + +**/ +INTN +EFIAPI +TlsCtrlTrafficIn ( + IN VOID *Tls, + IN VOID *Buffer, + IN UINTN BufferSize + ) +{ + ASSERT(FALSE); + return 0; +} +/** + Attempts to read bytes from the specified TLS connection into the buffer. + + This function tries to read BufferSize bytes data from the specified TLS + connection into the Buffer. + + @param[in] Tls Pointer to the TLS connection for data rea= ding. + @param[in,out] Buffer Pointer to the data buffer. + @param[in] BufferSize The size of Buffer in bytes. + + @retval >0 The read operation was successful, and return value is the + number of bytes actually read from the TLS connection. + @retval <=3D0 The read operation was not successful. + +**/ +INTN +EFIAPI +TlsRead ( + IN VOID *Tls, + IN OUT VOID *Buffer, + IN UINTN BufferSize + ) +{ + ASSERT(FALSE); + return 0; +} + +/** + Attempts to write data to a TLS connection. + + This function tries to write BufferSize bytes data from the Buffer into = the + specified TLS connection. + + @param[in] Tls Pointer to the TLS connection for data writing. + @param[in] Buffer Pointer to the data buffer. + @param[in] BufferSize The size of Buffer in bytes. + + @retval >0 The write operation was successful, and return value is t= he + number of bytes actually written to the TLS connection. + @retval <=3D0 The write operation was not successful. + +**/ +INTN +EFIAPI +TlsWrite ( + IN VOID *Tls, + IN VOID *Buffer, + IN UINTN BufferSize + ) +{ + ASSERT(FALSE); + return 0; +} + --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#49363): https://edk2.groups.io/g/devel/message/49363 Mute This Topic: https://groups.io/mt/36450840/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-