diff options
| author | Jiaxin Wu <jiaxin.wu@intel.com> | 2018-02-09 11:52:06 +0800 |
|---|---|---|
| committer | Jiaxin Wu <jiaxin.wu@intel.com> | 2018-02-14 07:31:49 +0800 |
| commit | 7ff68b5edc9fda1bd64a70c0e21949d566553484 (patch) | |
| tree | 2cd8c8a2ea42a8ed90818e85581443da66aaa80c /NetworkPkg | |
| parent | e34914db193f058e7d3782f0d971d8c81108d059 (diff) | |
| download | edk2-7ff68b5edc9fda1bd64a70c0e21949d566553484.tar.gz edk2-7ff68b5edc9fda1bd64a70c0e21949d566553484.tar.bz2 edk2-7ff68b5edc9fda1bd64a70c0e21949d566553484.zip | |
NetworkPkg: Read HttpTlsCipherList variable and configure it for HTTPS session.
v2:
* Refine the error handling returned from GetVariable.
This patch is to read the HttpTlsCipherList variable and configure it for the
later HTTPS session.
If the variable is not set by any platform, EFI_NOT_FOUND will be returned
from GetVariable service. In such a case, the default CipherList created in
TlsDxe driver will be used.
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Kinney Michael D <michael.d.kinney@intel.com>
Cc: Zimmer Vincent <vincent.zimmer@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Diffstat (limited to 'NetworkPkg')
| -rw-r--r-- | NetworkPkg/HttpDxe/HttpDriver.h | 3 | ||||
| -rw-r--r-- | NetworkPkg/HttpDxe/HttpDxe.inf | 3 | ||||
| -rw-r--r-- | NetworkPkg/HttpDxe/HttpsSupport.c | 92 |
3 files changed, 95 insertions, 3 deletions
diff --git a/NetworkPkg/HttpDxe/HttpDriver.h b/NetworkPkg/HttpDxe/HttpDriver.h index 93a412ae2f..3b7a7a22a5 100644 --- a/NetworkPkg/HttpDxe/HttpDriver.h +++ b/NetworkPkg/HttpDxe/HttpDriver.h @@ -1,7 +1,7 @@ /** @file
The header files of the driver binding and service binding protocol for HttpDxe driver.
- Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
@@ -61,6 +61,7 @@ #include <Protocol/Http.h>
#include <Guid/TlsAuthentication.h>
+#include <Guid/HttpTlsCipherList.h>
#include <IndustryStandard/Tls1.h>
diff --git a/NetworkPkg/HttpDxe/HttpDxe.inf b/NetworkPkg/HttpDxe/HttpDxe.inf index 51deec5a24..938e894d9f 100644 --- a/NetworkPkg/HttpDxe/HttpDxe.inf +++ b/NetworkPkg/HttpDxe/HttpDxe.inf @@ -1,7 +1,7 @@ ## @file
# Implementation of EFI HTTP protocol interfaces.
#
-# Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -74,6 +74,7 @@ [Guids]
gEfiTlsCaCertificateGuid ## SOMETIMES_CONSUMES ## Variable:L"TlsCaCertificate"
+ gEdkiiHttpTlsCipherListGuid ## SOMETIMES_CONSUMES ## Variable:L"HttpTlsCipherList"
[Pcd]
gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections ## CONSUMES
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c index 6aed61a3a4..f5e5911b86 100644 --- a/NetworkPkg/HttpDxe/HttpsSupport.c +++ b/NetworkPkg/HttpDxe/HttpsSupport.c @@ -1,7 +1,7 @@ /** @file
Miscellaneous routines specific to Https for HttpDxe driver.
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -467,6 +467,87 @@ TlsConfigCertificate ( }
/**
+ Read the HttpTlsCipherList variable and configure it for HTTPS session.
+
+ @param[in, out] HttpInstance The HTTP instance private data.
+
+ @retval EFI_SUCCESS The prefered HTTP TLS CipherList is configured.
+ @retval EFI_NOT_FOUND Fail to get 'HttpTlsCipherList' variable.
+ @retval EFI_INVALID_PARAMETER The contents of variable are invalid.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+
+ @retval Others Other error as indicated.
+
+**/
+EFI_STATUS
+TlsConfigCipherList (
+ IN OUT HTTP_PROTOCOL *HttpInstance
+ )
+{
+ EFI_STATUS Status;
+ UINT8 *CipherList;
+ UINTN CipherListSize;
+
+ CipherList = NULL;
+ CipherListSize = 0;
+
+ //
+ // Try to read the HttpTlsCipherList variable.
+ //
+ Status = gRT->GetVariable (
+ EDKII_HTTP_TLS_CIPHER_LIST_VARIABLE,
+ &gEdkiiHttpTlsCipherListGuid,
+ NULL,
+ &CipherListSize,
+ NULL
+ );
+ ASSERT (EFI_ERROR (Status));
+ if (Status != EFI_BUFFER_TOO_SMALL) {
+ return Status;
+ }
+
+ if (CipherListSize % sizeof (EFI_TLS_CIPHER) != 0) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // Allocate buffer and read the config variable.
+ //
+ CipherList = AllocatePool (CipherListSize);
+ if (CipherList == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ Status = gRT->GetVariable (
+ EDKII_HTTP_TLS_CIPHER_LIST_VARIABLE,
+ &gEdkiiHttpTlsCipherListGuid,
+ NULL,
+ &CipherListSize,
+ CipherList
+ );
+ if (EFI_ERROR (Status)) {
+ //
+ // GetVariable still error or the variable is corrupted.
+ //
+ goto ON_EXIT;
+ }
+
+ ASSERT (CipherList != NULL);
+
+ Status = HttpInstance->Tls->SetSessionData (
+ HttpInstance->Tls,
+ EfiTlsCipherList,
+ CipherList,
+ CipherListSize
+ );
+
+ON_EXIT:
+ FreePool (CipherList);
+
+ return Status;
+}
+
+/**
Configure TLS session data.
@param[in, out] HttpInstance The HTTP instance private data.
@@ -526,6 +607,15 @@ TlsConfigureSession ( }
//
+ // Tls Cipher List
+ //
+ Status = TlsConfigCipherList (HttpInstance);
+ if (EFI_ERROR (Status) && Status != EFI_NOT_FOUND) {
+ DEBUG ((EFI_D_ERROR, "TlsConfigCipherList: return %r error.\n", Status));
+ return Status;
+ }
+
+ //
// Tls Config Certificate
//
Status = TlsConfigCertificate (HttpInstance);
|