diff options
| author | Sean Brogan <sean.brogan@microsoft.com> | 2019-09-25 10:14:40 -0700 |
|---|---|---|
| committer | Michael D Kinney <michael.d.kinney@intel.com> | 2019-10-23 14:42:28 -0700 |
| commit | 79cd636f3ee1d89cf8282067ec33c59e1f2a6666 (patch) | |
| tree | 3d75e0408765d44322fabdc8fa2ea6c187003732 /CryptoPkg | |
| parent | 412c963842741fd0fd78d73a91809dbc10c8368e (diff) | |
| download | edk2-79cd636f3ee1d89cf8282067ec33c59e1f2a6666.tar.gz edk2-79cd636f3ee1d89cf8282067ec33c59e1f2a6666.tar.bz2 edk2-79cd636f3ee1d89cf8282067ec33c59e1f2a6666.zip | |
CryptoPkg: Add Null instance of the TlsLib class
https://bugzilla.tianocore.org/show_bug.cgi?id=2258
Add a Null instance of the TlsLib class. This lib instance
can be used as a template for new implementations of the TlsLib
class and can also be used to reduce CI build times for build
checks that depend on the TlsLib class.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Diffstat (limited to 'CryptoPkg')
| -rw-r--r-- | CryptoPkg/CryptoPkg.dsc | 1 | ||||
| -rw-r--r-- | CryptoPkg/Library/TlsLibNull/InternalTlsLib.h | 16 | ||||
| -rw-r--r-- | CryptoPkg/Library/TlsLibNull/TlsConfigNull.c | 622 | ||||
| -rw-r--r-- | CryptoPkg/Library/TlsLibNull/TlsInitNull.c | 111 | ||||
| -rw-r--r-- | CryptoPkg/Library/TlsLibNull/TlsLibNull.inf | 38 | ||||
| -rw-r--r-- | CryptoPkg/Library/TlsLibNull/TlsLibNull.uni | 13 | ||||
| -rw-r--r-- | CryptoPkg/Library/TlsLibNull/TlsProcessNull.c | 247 |
7 files changed, 1048 insertions, 0 deletions
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index f2670513a6..0128ecdf69 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -116,6 +116,7 @@ CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
CryptoPkg/Library/TlsLib/TlsLib.inf
+ CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
CryptoPkg/Library/OpensslLib/OpensslLib.inf
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
diff --git a/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h b/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h new file mode 100644 index 0000000000..888c9066bf --- /dev/null +++ b/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h @@ -0,0 +1,16 @@ +/** @file
+ Internal include file for TlsLibNull.
+
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef __INTERNAL_TLS_LIB_NULL_H__
+#define __INTERNAL_TLS_LIB_NULL_H__
+
+#include <Library/BaseCryptLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseLib.h>
+
+#endif
diff --git a/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c b/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c new file mode 100644 index 0000000000..8033a61790 --- /dev/null +++ b/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c @@ -0,0 +1,622 @@ +/** @file
+ SSL/TLS Configuration Null Library Wrapper Implementation.
+
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalTlsLib.h"
+
+/**
+ Set a new TLS/SSL method for a particular TLS object.
+
+ This function sets a new TLS/SSL method for a particular TLS object.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] MajorVer Major Version of TLS/SSL Protocol.
+ @param[in] MinorVer Minor Version of TLS/SSL Protocol.
+
+ @retval EFI_SUCCESS The TLS/SSL method was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetVersion (
+ IN VOID *Tls,
+ IN UINT8 MajorVer,
+ IN UINT8 MinorVer
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Set TLS object to work in client or server mode.
+
+ This function prepares a TLS object to work in client or server mode.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] IsServer Work in server mode.
+
+ @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetConnectionEnd (
+ IN VOID *Tls,
+ IN BOOLEAN IsServer
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Set the ciphers list to be used by the TLS object.
+
+ This function sets the ciphers for use by a specified TLS object.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] CipherId Array of UINT16 cipher identifiers. Each UINT16
+ cipher identifier comes from the TLS Cipher Suite
+ Registry of the IANA, interpreting Byte1 and Byte2
+ in network (big endian) byte order.
+ @param[in] CipherNum The number of cipher in the list.
+
+ @retval EFI_SUCCESS The ciphers list was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED No supported TLS cipher was found in CipherId.
+ @retval EFI_OUT_OF_RESOURCES Memory allocation failed.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetCipherList (
+ IN VOID *Tls,
+ IN UINT16 *CipherId,
+ IN UINTN CipherNum
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Set the compression method for TLS/SSL operations.
+
+ This function handles TLS/SSL integrated compression methods.
+
+ @param[in] CompMethod The compression method ID.
+
+ @retval EFI_SUCCESS The compression method for the communication was
+ set successfully.
+ @retval EFI_UNSUPPORTED Unsupported compression method.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetCompressionMethod (
+ IN UINT8 CompMethod
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Set peer certificate verification mode for the TLS connection.
+
+ This function sets the verification mode flags for the TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] VerifyMode A set of logically or'ed verification mode flags.
+
+**/
+VOID
+EFIAPI
+TlsSetVerify (
+ IN VOID *Tls,
+ IN UINT32 VerifyMode
+ )
+{
+ ASSERT(FALSE);
+}
+
+// MU_CHANGE - Proposed fixes for TCBZ960, invalid domain name (CN) accepted. [BEGIN]
+/**
+ Set the specified host name to be verified.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Flags The setting flags during the validation.
+ @param[in] HostName The specified host name to be verified.
+
+ @retval EFI_SUCCESS The HostName setting was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_ABORTED Invalid HostName setting.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetVerifyHost (
+ IN VOID *Tls,
+ IN UINT32 Flags,
+ IN CHAR8 *HostName
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+// MU_CHANGE - Proposed fixes for TCBZ960, invalid domain name (CN) accepted. [END]
+
+/**
+ Sets a TLS/SSL session ID to be used during TLS/SSL connect.
+
+ This function sets a session ID to be used when the TLS/SSL connection is
+ to be established.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] SessionId Session ID data used for session resumption.
+ @param[in] SessionIdLen Length of Session ID in bytes.
+
+ @retval EFI_SUCCESS Session ID was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED No available session for ID setting.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetSessionId (
+ IN VOID *Tls,
+ IN UINT8 *SessionId,
+ IN UINT16 SessionIdLen
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Adds the CA to the cert store when requesting Server or Client authentication.
+
+ This function adds the CA certificate to the list of CAs when requesting
+ Server or Client authentication for the chosen TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Data Pointer to the data buffer of a DER-encoded binary
+ X.509 certificate or PEM-encoded X.509 certificate.
+ @param[in] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.
+ @retval EFI_ABORTED Invalid X.509 certificate.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetCaCertificate (
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Loads the local public certificate into the specified TLS object.
+
+ This function loads the X.509 certificate into the specified TLS object
+ for TLS negotiation.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Data Pointer to the data buffer of a DER-encoded binary
+ X.509 certificate or PEM-encoded X.509 certificate.
+ @param[in] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.
+ @retval EFI_ABORTED Invalid X.509 certificate.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetHostPublicCert (
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Adds the local private key to the specified TLS object.
+
+ This function adds the local private key (PEM-encoded RSA or PKCS#8 private
+ key) into the specified TLS object for TLS negotiation.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Data Pointer to the data buffer of a PEM-encoded RSA
+ or PKCS#8 private key.
+ @param[in] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_ABORTED Invalid private key data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetHostPrivateKey (
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Adds the CA-supplied certificate revocation list for certificate validation.
+
+ This function adds the CA-supplied certificate revocation list data for
+ certificate validity checking.
+
+ @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.
+ @param[in] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_ABORTED Invalid CRL data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetCertRevocationList (
+ IN VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Gets the protocol version used by the specified TLS connection.
+
+ This function returns the protocol version used by the specified TLS
+ connection.
+
+ If Tls is NULL, then ASSERT().
+
+ @param[in] Tls Pointer to the TLS object.
+
+ @return The protocol version of the specified TLS connection.
+
+**/
+UINT16
+EFIAPI
+TlsGetVersion (
+ IN VOID *Tls
+ )
+{
+ ASSERT(FALSE);
+ return 0;
+}
+
+/**
+ Gets the connection end of the specified TLS connection.
+
+ This function returns the connection end (as client or as server) used by
+ the specified TLS connection.
+
+ If Tls is NULL, then ASSERT().
+
+ @param[in] Tls Pointer to the TLS object.
+
+ @return The connection end used by the specified TLS connection.
+
+**/
+UINT8
+EFIAPI
+TlsGetConnectionEnd (
+ IN VOID *Tls
+ )
+{
+ ASSERT(FALSE);
+ return 0;
+}
+
+/**
+ Gets the cipher suite used by the specified TLS connection.
+
+ This function returns current cipher suite used by the specified
+ TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] CipherId The cipher suite used by the TLS object.
+
+ @retval EFI_SUCCESS The cipher suite was returned successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED Unsupported cipher suite.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetCurrentCipher (
+ IN VOID *Tls,
+ IN OUT UINT16 *CipherId
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Gets the compression methods used by the specified TLS connection.
+
+ This function returns current integrated compression methods used by
+ the specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] CompressionId The current compression method used by
+ the TLS object.
+
+ @retval EFI_SUCCESS The compression method was returned successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_ABORTED Invalid Compression method.
+ @retval EFI_UNSUPPORTED This function is not supported.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetCurrentCompressionId (
+ IN VOID *Tls,
+ IN OUT UINT8 *CompressionId
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Gets the verification mode currently set in the TLS connection.
+
+ This function returns the peer verification mode currently set in the
+ specified TLS connection.
+
+ If Tls is NULL, then ASSERT().
+
+ @param[in] Tls Pointer to the TLS object.
+
+ @return The verification mode set in the specified TLS connection.
+
+**/
+UINT32
+EFIAPI
+TlsGetVerify (
+ IN VOID *Tls
+ )
+{
+ ASSERT(FALSE);
+ return 0;
+}
+
+/**
+ Gets the session ID used by the specified TLS connection.
+
+ This function returns the TLS/SSL session ID currently used by the
+ specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] SessionId Buffer to contain the returned session ID.
+ @param[in,out] SessionIdLen The length of Session ID in bytes.
+
+ @retval EFI_SUCCESS The Session ID was returned successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetSessionId (
+ IN VOID *Tls,
+ IN OUT UINT8 *SessionId,
+ IN OUT UINT16 *SessionIdLen
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Gets the client random data used in the specified TLS connection.
+
+ This function returns the TLS/SSL client random data currently used in
+ the specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] ClientRandom Buffer to contain the returned client
+ random data (32 bytes).
+
+**/
+VOID
+EFIAPI
+TlsGetClientRandom (
+ IN VOID *Tls,
+ IN OUT UINT8 *ClientRandom
+ )
+{
+ ASSERT(FALSE);
+}
+
+/**
+ Gets the server random data used in the specified TLS connection.
+
+ This function returns the TLS/SSL server random data currently used in
+ the specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] ServerRandom Buffer to contain the returned server
+ random data (32 bytes).
+
+**/
+VOID
+EFIAPI
+TlsGetServerRandom (
+ IN VOID *Tls,
+ IN OUT UINT8 *ServerRandom
+ )
+{
+ ASSERT(FALSE);
+}
+
+/**
+ Gets the master key data used in the specified TLS connection.
+
+ This function returns the TLS/SSL master key material currently used in
+ the specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] KeyMaterial Buffer to contain the returned key material.
+
+ @retval EFI_SUCCESS Key material was returned successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetKeyMaterial (
+ IN VOID *Tls,
+ IN OUT UINT8 *KeyMaterial
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Gets the CA Certificate from the cert store.
+
+ This function returns the CA certificate for the chosen
+ TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[out] Data Pointer to the data buffer to receive the CA
+ certificate data sent to the client.
+ @param[in,out] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetCaCertificate (
+ IN VOID *Tls,
+ OUT VOID *Data,
+ IN OUT UINTN *DataSize
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Gets the local public Certificate set in the specified TLS object.
+
+ This function returns the local public certificate which was currently set
+ in the specified TLS object.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[out] Data Pointer to the data buffer to receive the local
+ public certificate.
+ @param[in,out] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_NOT_FOUND The certificate is not found.
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetHostPublicCert (
+ IN VOID *Tls,
+ OUT VOID *Data,
+ IN OUT UINTN *DataSize
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Gets the local private key set in the specified TLS object.
+
+ This function returns the local private key data which was currently set
+ in the specified TLS object.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[out] Data Pointer to the data buffer to receive the local
+ private key data.
+ @param[in,out] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetHostPrivateKey (
+ IN VOID *Tls,
+ OUT VOID *Data,
+ IN OUT UINTN *DataSize
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Gets the CA-supplied certificate revocation list data set in the specified
+ TLS object.
+
+ This function returns the CA-supplied certificate revocation list data which
+ was currently set in the specified TLS object.
+
+ @param[out] Data Pointer to the data buffer to receive the CRL data.
+ @param[in,out] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetCertRevocationList (
+ OUT VOID *Data,
+ IN OUT UINTN *DataSize
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
diff --git a/CryptoPkg/Library/TlsLibNull/TlsInitNull.c b/CryptoPkg/Library/TlsLibNull/TlsInitNull.c new file mode 100644 index 0000000000..3e44117b82 --- /dev/null +++ b/CryptoPkg/Library/TlsLibNull/TlsInitNull.c @@ -0,0 +1,111 @@ +/** @file
+ SSL/TLS Initialization Null Library Wrapper Implementation.
+
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalTlsLib.h"
+
+/**
+ Initializes the library.
+
+ This function registers ciphers and digests used directly and indirectly
+ by SSL/TLS, and initializes the readable error messages.
+ This function must be called before any other action takes places.
+
+ @retval TRUE The library has been initialized.
+ @retval FALSE Failed to initialize the library.
+
+**/
+BOOLEAN
+EFIAPI
+TlsInitialize (
+ VOID
+ )
+{
+ ASSERT(FALSE);
+ return FALSE;
+}
+
+/**
+ Free an allocated SSL_CTX object.
+
+ @param[in] TlsCtx Pointer to the SSL_CTX object to be released.
+
+**/
+VOID
+EFIAPI
+TlsCtxFree (
+ IN VOID *TlsCtx
+ )
+{
+ ASSERT(FALSE);
+ return;
+}
+
+/**
+ Creates a new SSL_CTX object as framework to establish TLS/SSL enabled
+ connections.
+
+ @param[in] MajorVer Major Version of TLS/SSL Protocol.
+ @param[in] MinorVer Minor Version of TLS/SSL Protocol.
+
+ @return Pointer to an allocated SSL_CTX object.
+ If the creation failed, TlsCtxNew() returns NULL.
+
+**/
+VOID *
+EFIAPI
+TlsCtxNew (
+ IN UINT8 MajorVer,
+ IN UINT8 MinorVer
+ )
+{
+ ASSERT(FALSE);
+ return NULL;
+}
+
+/**
+ Free an allocated TLS object.
+
+ This function removes the TLS object pointed to by Tls and frees up the
+ allocated memory. If Tls is NULL, nothing is done.
+
+ @param[in] Tls Pointer to the TLS object to be freed.
+
+**/
+VOID
+EFIAPI
+TlsFree (
+ IN VOID *Tls
+ )
+{
+ ASSERT(FALSE);
+}
+
+/**
+ Create a new TLS object for a connection.
+
+ This function creates a new TLS object for a connection. The new object
+ inherits the setting of the underlying context TlsCtx: connection method,
+ options, verification setting.
+
+ @param[in] TlsCtx Pointer to the SSL_CTX object.
+
+ @return Pointer to an allocated SSL object.
+ If the creation failed, TlsNew() returns NULL.
+
+**/
+VOID *
+EFIAPI
+TlsNew (
+ IN VOID *TlsCtx
+ )
+{
+ ASSERT(FALSE);
+ return NULL;
+}
+
diff --git a/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf b/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf new file mode 100644 index 0000000000..33f0e7493f --- /dev/null +++ b/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf @@ -0,0 +1,38 @@ +## @file
+# SSL/TLS Wrapper Null Library Instance.
+#
+# Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
+# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = TlsLibNull
+ MODULE_UNI_FILE = TlsLibNull.uni
+ FILE_GUID = 705a5b3b-cfa5-42ea-87f0-f2b8d44ec521
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TlsLib
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
+#
+
+[Sources]
+ InternalTlsLib.h
+ TlsInitNull.c
+ TlsConfigNull.c
+ TlsProcessNull.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseCryptLib
+ DebugLib
+ BaseLib
diff --git a/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni b/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni new file mode 100644 index 0000000000..869f3fcf78 --- /dev/null +++ b/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni @@ -0,0 +1,13 @@ +// /** @file
+// SSL/TLS Wrapper Null Library Instance.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "SSL/TLS Wrapper Null Library Instance"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module provides SSL/TLS Wrapper Null Library Instance."
diff --git a/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c b/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c new file mode 100644 index 0000000000..2949d4c885 --- /dev/null +++ b/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c @@ -0,0 +1,247 @@ +/** @file
+ SSL/TLS Process Null Library Wrapper Implementation.
+ The process includes the TLS handshake and packet I/O.
+
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalTlsLib.h"
+
+/**
+ Checks if the TLS handshake was done.
+
+ This function will check if the specified TLS handshake was done.
+
+ @param[in] Tls Pointer to the TLS object for handshake state checking.
+
+ @retval TRUE The TLS handshake was done.
+ @retval FALSE The TLS handshake was not done.
+
+**/
+BOOLEAN
+EFIAPI
+TlsInHandshake (
+ IN VOID *Tls
+ )
+{
+ ASSERT(FALSE);
+ return FALSE;
+}
+
+/**
+ Perform a TLS/SSL handshake.
+
+ This function will perform a TLS/SSL handshake.
+
+ @param[in] Tls Pointer to the TLS object for handshake operation.
+ @param[in] BufferIn Pointer to the most recently received TLS Handshake packet.
+ @param[in] BufferInSize Packet size in bytes for the most recently received TLS
+ Handshake packet.
+ @param[out] BufferOut Pointer to the buffer to hold the built packet.
+ @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
+ the buffer size provided by the caller. On output, it
+ is the buffer size in fact needed to contain the
+ packet.
+
+ @retval EFI_SUCCESS The required TLS packet is built successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ Tls is NULL.
+ BufferIn is NULL but BufferInSize is NOT 0.
+ BufferInSize is 0 but BufferIn is NOT NULL.
+ BufferOutSize is NULL.
+ BufferOut is NULL if *BufferOutSize is not zero.
+ @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
+ @retval EFI_ABORTED Something wrong during handshake.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsDoHandshake (
+ IN VOID *Tls,
+ IN UINT8 *BufferIn, OPTIONAL
+ IN UINTN BufferInSize, OPTIONAL
+ OUT UINT8 *BufferOut, OPTIONAL
+ IN OUT UINTN *BufferOutSize
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero,
+ TLS session has errors and the response packet needs to be Alert message based on error type.
+
+ @param[in] Tls Pointer to the TLS object for state checking.
+ @param[in] BufferIn Pointer to the most recently received TLS Alert packet.
+ @param[in] BufferInSize Packet size in bytes for the most recently received TLS
+ Alert packet.
+ @param[out] BufferOut Pointer to the buffer to hold the built packet.
+ @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
+ the buffer size provided by the caller. On output, it
+ is the buffer size in fact needed to contain the
+ packet.
+
+ @retval EFI_SUCCESS The required TLS packet is built successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ Tls is NULL.
+ BufferIn is NULL but BufferInSize is NOT 0.
+ BufferInSize is 0 but BufferIn is NOT NULL.
+ BufferOutSize is NULL.
+ BufferOut is NULL if *BufferOutSize is not zero.
+ @retval EFI_ABORTED An error occurred.
+ @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsHandleAlert (
+ IN VOID *Tls,
+ IN UINT8 *BufferIn, OPTIONAL
+ IN UINTN BufferInSize, OPTIONAL
+ OUT UINT8 *BufferOut, OPTIONAL
+ IN OUT UINTN *BufferOutSize
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Build the CloseNotify packet.
+
+ @param[in] Tls Pointer to the TLS object for state checking.
+ @param[in, out] Buffer Pointer to the buffer to hold the built packet.
+ @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
+ the buffer size provided by the caller. On output, it
+ is the buffer size in fact needed to contain the
+ packet.
+
+ @retval EFI_SUCCESS The required TLS packet is built successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ Tls is NULL.
+ BufferSize is NULL.
+ Buffer is NULL if *BufferSize is not zero.
+ @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsCloseNotify (
+ IN VOID *Tls,
+ IN OUT UINT8 *Buffer,
+ IN OUT UINTN *BufferSize
+ )
+{
+ ASSERT(FALSE);
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Attempts to read bytes from one TLS object and places the data in Buffer.
+
+ This function will attempt to read BufferSize bytes from the TLS object
+ and places the data in Buffer.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] Buffer Pointer to the buffer to store the data.
+ @param[in] BufferSize The size of Buffer in bytes.
+
+ @retval >0 The amount of data successfully read from the TLS object.
+ @retval <=0 No data was successfully read.
+
+**/
+INTN
+EFIAPI
+TlsCtrlTrafficOut (
+ IN VOID *Tls,
+ IN OUT VOID *Buffer,
+ IN UINTN BufferSize
+ )
+{
+ ASSERT(FALSE);
+ return 0;
+}
+
+/**
+ Attempts to write data from the buffer to TLS object.
+
+ This function will attempt to write BufferSize bytes data from the Buffer
+ to the TLS object.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Buffer Pointer to the data buffer.
+ @param[in] BufferSize The size of Buffer in bytes.
+
+ @retval >0 The amount of data successfully written to the TLS object.
+ @retval <=0 No data was successfully written.
+
+**/
+INTN
+EFIAPI
+TlsCtrlTrafficIn (
+ IN VOID *Tls,
+ IN VOID *Buffer,
+ IN UINTN BufferSize
+ )
+{
+ ASSERT(FALSE);
+ return 0;
+}
+/**
+ Attempts to read bytes from the specified TLS connection into the buffer.
+
+ This function tries to read BufferSize bytes data from the specified TLS
+ connection into the Buffer.
+
+ @param[in] Tls Pointer to the TLS connection for data reading.
+ @param[in,out] Buffer Pointer to the data buffer.
+ @param[in] BufferSize The size of Buffer in bytes.
+
+ @retval >0 The read operation was successful, and return value is the
+ number of bytes actually read from the TLS connection.
+ @retval <=0 The read operation was not successful.
+
+**/
+INTN
+EFIAPI
+TlsRead (
+ IN VOID *Tls,
+ IN OUT VOID *Buffer,
+ IN UINTN BufferSize
+ )
+{
+ ASSERT(FALSE);
+ return 0;
+}
+
+/**
+ Attempts to write data to a TLS connection.
+
+ This function tries to write BufferSize bytes data from the Buffer into the
+ specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS connection for data writing.
+ @param[in] Buffer Pointer to the data buffer.
+ @param[in] BufferSize The size of Buffer in bytes.
+
+ @retval >0 The write operation was successful, and return value is the
+ number of bytes actually written to the TLS connection.
+ @retval <=0 The write operation was not successful.
+
+**/
+INTN
+EFIAPI
+TlsWrite (
+ IN VOID *Tls,
+ IN VOID *Buffer,
+ IN UINTN BufferSize
+ )
+{
+ ASSERT(FALSE);
+ return 0;
+}
+
|