[edk2-devel] [PATCH] Changes to support SNI feature in CryptoPkg

Prarthana Sagar V via groups.io posted 1 patch 1 week, 2 days ago
Failed in applying to current master (apply log)
CryptoPkg/Library/TlsLib/TlsConfig.c | 71 ++++++++++++++++++++++++++++
1 file changed, 71 insertions(+)
[edk2-devel] [PATCH] Changes to support SNI feature in CryptoPkg
Posted by Prarthana Sagar V via groups.io 1 week, 2 days ago
---
 CryptoPkg/Library/TlsLib/TlsConfig.c | 71 ++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)

diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
index 0673c9d532..aac1a88edf 100644
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -594,6 +594,77 @@ TlsSetVerifyHost (
   return (ParamStatus == 1) ? EFI_SUCCESS : EFI_ABORTED;

 }



+/**

+  Callback function to get the server name.

+

+  @param[in]  SSL

+  @param[in]  INT32

+  @param[in]  Arg

+

+  @retval  INT32

+**/

+static

+INT32

+SslServerNameCallback(SSL *Ssl, INT32 *Ad, VOID *Arg)

+{

+    const CHAR8 *HostName = NULL;

+    TLS_EXT_CTX *TlsCtx  = (TLS_EXT_CTX*)Arg;

+

+    HostName = SSL_get_servername (Ssl, TLSEXT_NAMETYPE_host_name);

+

+    if (SSL_get_servername_type(Ssl) != -1) {

+        TlsCtx->Ack = !SSL_session_reused(Ssl) && HostName != NULL;

+       }

+    return SSL_TLSEXT_ERR_OK;

+}

+

+/**

+  Set the specified server name in Server/Client.

+

+  @param[in]  Tls           Pointer to the TLS object.

+  @param[in]  SslCtx        Pointer to the SSL object.

+  @param[in]  HostName      The specified server name to be set.

+

+  @retval  EFI_SUCCESS      The Server Name was set successfully.

+  @retval  EFI_UNSUPPORTED  Failed to set the Server Name.

+**/

+EFI_STATUS

+TlsSetServerName (

+  VOID            *Tls,

+  VOID            *SslCtx,

+  CHAR8           *HostName

+)

+{

+    SSL_CTX           *Ctx;

+    TLS_CONNECTION    *TlsConn;

+    UINT32            RetVal;

+    TLS_EXT_CTX       *TlsExtCtx = NULL;

+

+    TlsConn = (TLS_CONNECTION*) Tls;

+

+    Ctx    = SSL_get_SSL_CTX (TlsConn->Ssl);

+

+    TlsExtCtx = AllocateZeroPool (sizeof(TLS_EXT_CTX));

+

+    RetVal = SSL_CTX_set_tlsext_servername_callback(Ctx, SslServerNameCallback);

+    if (!RetVal) {

+        return EFI_UNSUPPORTED;

+    }

+

+    RetVal = SSL_CTX_set_tlsext_servername_arg(Ctx, &TlsExtCtx);

+    if (!RetVal) {

+        return EFI_UNSUPPORTED;

+    }

+

+    TlsConn->Ssl->options = SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;

+    RetVal = SSL_set_tlsext_host_name(TlsConn->Ssl, HostName);

+

+    if (!RetVal) {

+        return EFI_UNSUPPORTED;

+    }

+    return EFI_SUCCESS;

+}

+

 /**

   Sets a TLS/SSL session ID to be used during TLS/SSL connect.



--
2.26.0.windows.1
-The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#92061): https://edk2.groups.io/g/devel/message/92061
Mute This Topic: https://groups.io/mt/92779099/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-