diff options
Diffstat (limited to 'CryptoPkg/Library/TlsLib')
| -rw-r--r-- | CryptoPkg/Library/TlsLib/InternalTlsLib.h | 7 | ||||
| -rw-r--r-- | CryptoPkg/Library/TlsLib/TlsConfig.c | 470 | ||||
| -rw-r--r-- | CryptoPkg/Library/TlsLib/TlsInit.c | 34 | ||||
| -rw-r--r-- | CryptoPkg/Library/TlsLib/TlsProcess.c | 201 |
4 files changed, 380 insertions, 332 deletions
diff --git a/CryptoPkg/Library/TlsLib/InternalTlsLib.h b/CryptoPkg/Library/TlsLib/InternalTlsLib.h index ce7f4ced4a..cf5ffe1b73 100644 --- a/CryptoPkg/Library/TlsLib/InternalTlsLib.h +++ b/CryptoPkg/Library/TlsLib/InternalTlsLib.h @@ -26,16 +26,15 @@ typedef struct { // Main SSL Connection which is created by a server or a client
// per established connection.
//
- SSL *Ssl;
+ SSL *Ssl;
//
// Memory BIO for the TLS/SSL Reading operations.
//
- BIO *InBio;
+ BIO *InBio;
//
// Memory BIO for the TLS/SSL Writing operations.
//
- BIO *OutBio;
+ BIO *OutBio;
} TLS_CONNECTION;
#endif
-
diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c index 739fc44194..0673c9d532 100644 --- a/CryptoPkg/Library/TlsLib/TlsConfig.c +++ b/CryptoPkg/Library/TlsLib/TlsConfig.c @@ -13,15 +13,15 @@ typedef struct { //
// IANA/IETF defined Cipher Suite ID
//
- UINT16 IanaCipher;
+ UINT16 IanaCipher;
//
// OpenSSL-used Cipher Suite String
//
- CONST CHAR8 *OpensslCipher;
+ CONST CHAR8 *OpensslCipher;
//
// Length of OpensslCipher
//
- UINTN OpensslCipherLength;
+ UINTN OpensslCipherLength;
} TLS_CIPHER_MAPPING;
//
@@ -38,30 +38,30 @@ typedef struct { //
// Keep the table uniquely sorted by the IanaCipher field, in increasing order.
//
-STATIC CONST TLS_CIPHER_MAPPING TlsCipherMappingTable[] = {
- MAP ( 0x0001, "NULL-MD5" ), /// TLS_RSA_WITH_NULL_MD5
- MAP ( 0x0002, "NULL-SHA" ), /// TLS_RSA_WITH_NULL_SHA
- MAP ( 0x0004, "RC4-MD5" ), /// TLS_RSA_WITH_RC4_128_MD5
- MAP ( 0x0005, "RC4-SHA" ), /// TLS_RSA_WITH_RC4_128_SHA
- MAP ( 0x000A, "DES-CBC3-SHA" ), /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1
- MAP ( 0x0016, "DHE-RSA-DES-CBC3-SHA" ), /// TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- MAP ( 0x002F, "AES128-SHA" ), /// TLS_RSA_WITH_AES_128_CBC_SHA, mandatory TLS 1.2
- MAP ( 0x0030, "DH-DSS-AES128-SHA" ), /// TLS_DH_DSS_WITH_AES_128_CBC_SHA
- MAP ( 0x0031, "DH-RSA-AES128-SHA" ), /// TLS_DH_RSA_WITH_AES_128_CBC_SHA
- MAP ( 0x0033, "DHE-RSA-AES128-SHA" ), /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- MAP ( 0x0035, "AES256-SHA" ), /// TLS_RSA_WITH_AES_256_CBC_SHA
- MAP ( 0x0036, "DH-DSS-AES256-SHA" ), /// TLS_DH_DSS_WITH_AES_256_CBC_SHA
- MAP ( 0x0037, "DH-RSA-AES256-SHA" ), /// TLS_DH_RSA_WITH_AES_256_CBC_SHA
- MAP ( 0x0039, "DHE-RSA-AES256-SHA" ), /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- MAP ( 0x003B, "NULL-SHA256" ), /// TLS_RSA_WITH_NULL_SHA256
- MAP ( 0x003C, "AES128-SHA256" ), /// TLS_RSA_WITH_AES_128_CBC_SHA256
- MAP ( 0x003D, "AES256-SHA256" ), /// TLS_RSA_WITH_AES_256_CBC_SHA256
- MAP ( 0x003E, "DH-DSS-AES128-SHA256" ), /// TLS_DH_DSS_WITH_AES_128_CBC_SHA256
- MAP ( 0x003F, "DH-RSA-AES128-SHA256" ), /// TLS_DH_RSA_WITH_AES_128_CBC_SHA256
- MAP ( 0x0067, "DHE-RSA-AES128-SHA256" ), /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- MAP ( 0x0068, "DH-DSS-AES256-SHA256" ), /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256
- MAP ( 0x0069, "DH-RSA-AES256-SHA256" ), /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256
- MAP ( 0x006B, "DHE-RSA-AES256-SHA256" ), /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+STATIC CONST TLS_CIPHER_MAPPING TlsCipherMappingTable[] = {
+ MAP (0x0001, "NULL-MD5"), /// TLS_RSA_WITH_NULL_MD5
+ MAP (0x0002, "NULL-SHA"), /// TLS_RSA_WITH_NULL_SHA
+ MAP (0x0004, "RC4-MD5"), /// TLS_RSA_WITH_RC4_128_MD5
+ MAP (0x0005, "RC4-SHA"), /// TLS_RSA_WITH_RC4_128_SHA
+ MAP (0x000A, "DES-CBC3-SHA"), /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1
+ MAP (0x0016, "DHE-RSA-DES-CBC3-SHA"), /// TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ MAP (0x002F, "AES128-SHA"), /// TLS_RSA_WITH_AES_128_CBC_SHA, mandatory TLS 1.2
+ MAP (0x0030, "DH-DSS-AES128-SHA"), /// TLS_DH_DSS_WITH_AES_128_CBC_SHA
+ MAP (0x0031, "DH-RSA-AES128-SHA"), /// TLS_DH_RSA_WITH_AES_128_CBC_SHA
+ MAP (0x0033, "DHE-RSA-AES128-SHA"), /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ MAP (0x0035, "AES256-SHA"), /// TLS_RSA_WITH_AES_256_CBC_SHA
+ MAP (0x0036, "DH-DSS-AES256-SHA"), /// TLS_DH_DSS_WITH_AES_256_CBC_SHA
+ MAP (0x0037, "DH-RSA-AES256-SHA"), /// TLS_DH_RSA_WITH_AES_256_CBC_SHA
+ MAP (0x0039, "DHE-RSA-AES256-SHA"), /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ MAP (0x003B, "NULL-SHA256"), /// TLS_RSA_WITH_NULL_SHA256
+ MAP (0x003C, "AES128-SHA256"), /// TLS_RSA_WITH_AES_128_CBC_SHA256
+ MAP (0x003D, "AES256-SHA256"), /// TLS_RSA_WITH_AES_256_CBC_SHA256
+ MAP (0x003E, "DH-DSS-AES128-SHA256"), /// TLS_DH_DSS_WITH_AES_128_CBC_SHA256
+ MAP (0x003F, "DH-RSA-AES128-SHA256"), /// TLS_DH_RSA_WITH_AES_128_CBC_SHA256
+ MAP (0x0067, "DHE-RSA-AES128-SHA256"), /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ MAP (0x0068, "DH-DSS-AES256-SHA256"), /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256
+ MAP (0x0069, "DH-RSA-AES256-SHA256"), /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256
+ MAP (0x006B, "DHE-RSA-AES256-SHA256"), /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
};
/**
@@ -76,12 +76,12 @@ STATIC CONST TLS_CIPHER_MAPPING TlsCipherMappingTable[] = { STATIC
CONST TLS_CIPHER_MAPPING *
TlsGetCipherMapping (
- IN UINT16 CipherId
+ IN UINT16 CipherId
)
{
- INTN Left;
- INTN Right;
- INTN Middle;
+ INTN Left;
+ INTN Right;
+ INTN Middle;
//
// Binary Search Cipher Mapping Table for IANA-OpenSSL Cipher Translation
@@ -102,7 +102,7 @@ TlsGetCipherMapping ( if (CipherId < TlsCipherMappingTable[Middle].IanaCipher) {
Right = Middle - 1;
} else {
- Left = Middle + 1;
+ Left = Middle + 1;
}
}
@@ -129,16 +129,16 @@ TlsGetCipherMapping ( EFI_STATUS
EFIAPI
TlsSetVersion (
- IN VOID *Tls,
- IN UINT8 MajorVer,
- IN UINT8 MinorVer
+ IN VOID *Tls,
+ IN UINT8 MajorVer,
+ IN UINT8 MinorVer
)
{
TLS_CONNECTION *TlsConn;
UINT16 ProtoVersion;
TlsConn = (TLS_CONNECTION *)Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL) {
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -148,35 +148,35 @@ TlsSetVersion ( // Bound TLS method to the particular specified version.
//
switch (ProtoVersion) {
- case TLS1_VERSION:
- //
- // TLS 1.0
- //
- SSL_set_min_proto_version (TlsConn->Ssl, TLS1_VERSION);
- SSL_set_max_proto_version (TlsConn->Ssl, TLS1_VERSION);
- break;
- case TLS1_1_VERSION:
- //
- // TLS 1.1
- //
- SSL_set_min_proto_version (TlsConn->Ssl, TLS1_1_VERSION);
- SSL_set_max_proto_version (TlsConn->Ssl, TLS1_1_VERSION);
- break;
- case TLS1_2_VERSION:
- //
- // TLS 1.2
- //
- SSL_set_min_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
- SSL_set_max_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
- break;
- default:
- //
- // Unsupported Protocol Version
- //
- return EFI_UNSUPPORTED;
+ case TLS1_VERSION:
+ //
+ // TLS 1.0
+ //
+ SSL_set_min_proto_version (TlsConn->Ssl, TLS1_VERSION);
+ SSL_set_max_proto_version (TlsConn->Ssl, TLS1_VERSION);
+ break;
+ case TLS1_1_VERSION:
+ //
+ // TLS 1.1
+ //
+ SSL_set_min_proto_version (TlsConn->Ssl, TLS1_1_VERSION);
+ SSL_set_max_proto_version (TlsConn->Ssl, TLS1_1_VERSION);
+ break;
+ case TLS1_2_VERSION:
+ //
+ // TLS 1.2
+ //
+ SSL_set_min_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
+ SSL_set_max_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
+ break;
+ default:
+ //
+ // Unsupported Protocol Version
+ //
+ return EFI_UNSUPPORTED;
}
- return EFI_SUCCESS;;
+ return EFI_SUCCESS;
}
/**
@@ -195,14 +195,14 @@ TlsSetVersion ( EFI_STATUS
EFIAPI
TlsSetConnectionEnd (
- IN VOID *Tls,
- IN BOOLEAN IsServer
+ IN VOID *Tls,
+ IN BOOLEAN IsServer
)
{
TLS_CONNECTION *TlsConn;
- TlsConn = (TLS_CONNECTION *) Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL) {
+ TlsConn = (TLS_CONNECTION *)Tls;
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -216,7 +216,7 @@ TlsSetConnectionEnd ( // Set TLS to work in Server mode.
// It is unsupported for UEFI version currently.
//
- //SSL_set_accept_state (TlsConn->Ssl);
+ // SSL_set_accept_state (TlsConn->Ssl);
return EFI_UNSUPPORTED;
}
@@ -244,24 +244,24 @@ TlsSetConnectionEnd ( EFI_STATUS
EFIAPI
TlsSetCipherList (
- IN VOID *Tls,
- IN UINT16 *CipherId,
- IN UINTN CipherNum
+ IN VOID *Tls,
+ IN UINT16 *CipherId,
+ IN UINTN CipherNum
)
{
- TLS_CONNECTION *TlsConn;
- EFI_STATUS Status;
- CONST TLS_CIPHER_MAPPING **MappedCipher;
- UINTN MappedCipherBytes;
- UINTN MappedCipherCount;
- UINTN CipherStringSize;
- UINTN Index;
- CONST TLS_CIPHER_MAPPING *Mapping;
- CHAR8 *CipherString;
- CHAR8 *CipherStringPosition;
-
- TlsConn = (TLS_CONNECTION *) Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {
+ TLS_CONNECTION *TlsConn;
+ EFI_STATUS Status;
+ CONST TLS_CIPHER_MAPPING **MappedCipher;
+ UINTN MappedCipherBytes;
+ UINTN MappedCipherCount;
+ UINTN CipherStringSize;
+ UINTN Index;
+ CONST TLS_CIPHER_MAPPING *Mapping;
+ CHAR8 *CipherString;
+ CHAR8 *CipherStringPosition;
+
+ TlsConn = (TLS_CONNECTION *)Tls;
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (CipherId == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -269,11 +269,15 @@ TlsSetCipherList ( // Allocate the MappedCipher array for recording the mappings that we find
// for the input IANA identifiers in CipherId.
//
- Status = SafeUintnMult (CipherNum, sizeof (*MappedCipher),
- &MappedCipherBytes);
+ Status = SafeUintnMult (
+ CipherNum,
+ sizeof (*MappedCipher),
+ &MappedCipherBytes
+ );
if (EFI_ERROR (Status)) {
return EFI_OUT_OF_RESOURCES;
}
+
MappedCipher = AllocatePool (MappedCipherBytes);
if (MappedCipher == NULL) {
return EFI_OUT_OF_RESOURCES;
@@ -284,15 +288,20 @@ TlsSetCipherList ( // CipherString.
//
MappedCipherCount = 0;
- CipherStringSize = 0;
+ CipherStringSize = 0;
for (Index = 0; Index < CipherNum; Index++) {
//
// Look up the IANA-to-OpenSSL mapping.
//
Mapping = TlsGetCipherMapping (CipherId[Index]);
if (Mapping == NULL) {
- DEBUG ((DEBUG_VERBOSE, "%a:%a: skipping CipherId=0x%04x\n",
- gEfiCallerBaseName, __FUNCTION__, CipherId[Index]));
+ DEBUG ((
+ DEBUG_VERBOSE,
+ "%a:%a: skipping CipherId=0x%04x\n",
+ gEfiCallerBaseName,
+ __FUNCTION__,
+ CipherId[Index]
+ ));
//
// Skipping the cipher is valid because CipherId is an ordered
// preference list of ciphers, thus we can filter it as long as we
@@ -300,6 +309,7 @@ TlsSetCipherList ( //
continue;
}
+
//
// Accumulate Mapping->OpensslCipherLength into CipherStringSize. If this
// is not the first successful mapping, account for a colon (":") prefix
@@ -312,12 +322,17 @@ TlsSetCipherList ( goto FreeMappedCipher;
}
}
- Status = SafeUintnAdd (CipherStringSize, Mapping->OpensslCipherLength,
- &CipherStringSize);
+
+ Status = SafeUintnAdd (
+ CipherStringSize,
+ Mapping->OpensslCipherLength,
+ &CipherStringSize
+ );
if (EFI_ERROR (Status)) {
Status = EFI_OUT_OF_RESOURCES;
goto FreeMappedCipher;
}
+
//
// Record the mapping.
//
@@ -329,16 +344,22 @@ TlsSetCipherList ( // terminating NUL character in CipherStringSize; allocate CipherString.
//
if (MappedCipherCount == 0) {
- DEBUG ((DEBUG_ERROR, "%a:%a: no CipherId could be mapped\n",
- gEfiCallerBaseName, __FUNCTION__));
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a:%a: no CipherId could be mapped\n",
+ gEfiCallerBaseName,
+ __FUNCTION__
+ ));
Status = EFI_UNSUPPORTED;
goto FreeMappedCipher;
}
+
Status = SafeUintnAdd (CipherStringSize, 1, &CipherStringSize);
if (EFI_ERROR (Status)) {
Status = EFI_OUT_OF_RESOURCES;
goto FreeMappedCipher;
}
+
CipherString = AllocatePool (CipherStringSize);
if (CipherString == NULL) {
Status = EFI_OUT_OF_RESOURCES;
@@ -358,8 +379,12 @@ TlsSetCipherList ( if (Index > 0) {
*(CipherStringPosition++) = ':';
}
- CopyMem (CipherStringPosition, Mapping->OpensslCipher,
- Mapping->OpensslCipherLength);
+
+ CopyMem (
+ CipherStringPosition,
+ Mapping->OpensslCipher,
+ Mapping->OpensslCipherLength
+ );
CipherStringPosition += Mapping->OpensslCipherLength;
}
@@ -376,28 +401,35 @@ TlsSetCipherList ( // DebugLib instances.)
//
DEBUG_CODE_BEGIN ();
- UINTN FullLength;
- UINTN SegmentLength;
-
- FullLength = CipherStringSize - 1;
- DEBUG ((DEBUG_VERBOSE, "%a:%a: CipherString={\n", gEfiCallerBaseName,
- __FUNCTION__));
- for (CipherStringPosition = CipherString;
- CipherStringPosition < CipherString + FullLength;
- CipherStringPosition += SegmentLength) {
- SegmentLength = FullLength - (CipherStringPosition - CipherString);
- if (SegmentLength > 79) {
- SegmentLength = 79;
- }
- DEBUG ((DEBUG_VERBOSE, "%.*a\n", SegmentLength, CipherStringPosition));
+ UINTN FullLength;
+ UINTN SegmentLength;
+
+ FullLength = CipherStringSize - 1;
+ DEBUG ((
+ DEBUG_VERBOSE,
+ "%a:%a: CipherString={\n",
+ gEfiCallerBaseName,
+ __FUNCTION__
+ ));
+ for (CipherStringPosition = CipherString;
+ CipherStringPosition < CipherString + FullLength;
+ CipherStringPosition += SegmentLength)
+ {
+ SegmentLength = FullLength - (CipherStringPosition - CipherString);
+ if (SegmentLength > 79) {
+ SegmentLength = 79;
}
- DEBUG ((DEBUG_VERBOSE, "}\n"));
- //
- // Restore the pre-debug value of CipherStringPosition by skipping over the
- // trailing NUL.
- //
- CipherStringPosition++;
- ASSERT (CipherStringPosition == CipherString + CipherStringSize);
+
+ DEBUG ((DEBUG_VERBOSE, "%.*a\n", SegmentLength, CipherStringPosition));
+ }
+
+ DEBUG ((DEBUG_VERBOSE, "}\n"));
+ //
+ // Restore the pre-debug value of CipherStringPosition by skipping over the
+ // trailing NUL.
+ //
+ CipherStringPosition++;
+ ASSERT (CipherStringPosition == CipherString + CipherStringSize);
DEBUG_CODE_END ();
//
@@ -434,7 +466,7 @@ FreeMappedCipher: EFI_STATUS
EFIAPI
TlsSetCompressionMethod (
- IN UINT8 CompMethod
+ IN UINT8 CompMethod
)
{
COMP_METHOD *Cm;
@@ -451,7 +483,7 @@ TlsSetCompressionMethod ( //
return EFI_SUCCESS;
} else if (CompMethod == 1) {
- Cm = COMP_zlib();
+ Cm = COMP_zlib ();
} else {
return EFI_UNSUPPORTED;
}
@@ -480,14 +512,14 @@ TlsSetCompressionMethod ( VOID
EFIAPI
TlsSetVerify (
- IN VOID *Tls,
- IN UINT32 VerifyMode
+ IN VOID *Tls,
+ IN UINT32 VerifyMode
)
{
TLS_CONNECTION *TlsConn;
- TlsConn = (TLS_CONNECTION *) Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL) {
+ TlsConn = (TLS_CONNECTION *)Tls;
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL)) {
return;
}
@@ -512,23 +544,23 @@ TlsSetVerify ( EFI_STATUS
EFIAPI
TlsSetVerifyHost (
- IN VOID *Tls,
- IN UINT32 Flags,
- IN CHAR8 *HostName
+ IN VOID *Tls,
+ IN UINT32 Flags,
+ IN CHAR8 *HostName
)
{
- TLS_CONNECTION *TlsConn;
- X509_VERIFY_PARAM *VerifyParam;
- UINTN BinaryAddressSize;
- UINT8 BinaryAddress[MAX (NS_INADDRSZ, NS_IN6ADDRSZ)];
- INTN ParamStatus;
-
- TlsConn = (TLS_CONNECTION *) Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL || HostName == NULL) {
- return EFI_INVALID_PARAMETER;
+ TLS_CONNECTION *TlsConn;
+ X509_VERIFY_PARAM *VerifyParam;
+ UINTN BinaryAddressSize;
+ UINT8 BinaryAddress[MAX (NS_INADDRSZ, NS_IN6ADDRSZ)];
+ INTN ParamStatus;
+
+ TlsConn = (TLS_CONNECTION *)Tls;
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (HostName == NULL)) {
+ return EFI_INVALID_PARAMETER;
}
- SSL_set_hostflags(TlsConn->Ssl, Flags);
+ SSL_set_hostflags (TlsConn->Ssl, Flags);
VerifyParam = SSL_get0_param (TlsConn->Ssl);
ASSERT (VerifyParam != NULL);
@@ -541,11 +573,20 @@ TlsSetVerifyHost ( }
if (BinaryAddressSize > 0) {
- DEBUG ((DEBUG_VERBOSE, "%a:%a: parsed \"%a\" as an IPv%c address "
- "literal\n", gEfiCallerBaseName, __FUNCTION__, HostName,
- (UINTN)((BinaryAddressSize == NS_IN6ADDRSZ) ? '6' : '4')));
- ParamStatus = X509_VERIFY_PARAM_set1_ip (VerifyParam, BinaryAddress,
- BinaryAddressSize);
+ DEBUG ((
+ DEBUG_VERBOSE,
+ "%a:%a: parsed \"%a\" as an IPv%c address "
+ "literal\n",
+ gEfiCallerBaseName,
+ __FUNCTION__,
+ HostName,
+ (UINTN)((BinaryAddressSize == NS_IN6ADDRSZ) ? '6' : '4')
+ ));
+ ParamStatus = X509_VERIFY_PARAM_set1_ip (
+ VerifyParam,
+ BinaryAddress,
+ BinaryAddressSize
+ );
} else {
ParamStatus = X509_VERIFY_PARAM_set1_host (VerifyParam, HostName, 0);
}
@@ -571,18 +612,18 @@ TlsSetVerifyHost ( EFI_STATUS
EFIAPI
TlsSetSessionId (
- IN VOID *Tls,
- IN UINT8 *SessionId,
- IN UINT16 SessionIdLen
+ IN VOID *Tls,
+ IN UINT8 *SessionId,
+ IN UINT16 SessionIdLen
)
{
TLS_CONNECTION *TlsConn;
SSL_SESSION *Session;
- TlsConn = (TLS_CONNECTION *) Tls;
+ TlsConn = (TLS_CONNECTION *)Tls;
Session = NULL;
- if (TlsConn == NULL || TlsConn->Ssl == NULL || SessionId == NULL) {
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (SessionId == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -616,9 +657,9 @@ TlsSetSessionId ( EFI_STATUS
EFIAPI
TlsSetCaCertificate (
- IN VOID *Tls,
- IN VOID *Data,
- IN UINTN DataSize
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize
)
{
BIO *BioCert;
@@ -634,10 +675,10 @@ TlsSetCaCertificate ( Cert = NULL;
X509Store = NULL;
Status = EFI_SUCCESS;
- TlsConn = (TLS_CONNECTION *) Tls;
+ TlsConn = (TLS_CONNECTION *)Tls;
Ret = 0;
- if (TlsConn == NULL || TlsConn->Ssl == NULL || Data == NULL || DataSize == 0) {
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (Data == NULL) || (DataSize == 0)) {
return EFI_INVALID_PARAMETER;
}
@@ -645,7 +686,7 @@ TlsSetCaCertificate ( // DER-encoded binary X.509 certificate or PEM-encoded X.509 certificate.
// Determine whether certificate is from DER encoding, if so, translate it to X509 structure.
//
- Cert = d2i_X509 (NULL, (const unsigned char ** )&Data, (long) DataSize);
+ Cert = d2i_X509 (NULL, (const unsigned char **)&Data, (long)DataSize);
if (Cert == NULL) {
//
// Certificate is from PEM encoding.
@@ -656,7 +697,7 @@ TlsSetCaCertificate ( goto ON_EXIT;
}
- if (BIO_write (BioCert, Data, (UINT32) DataSize) <= 0) {
+ if (BIO_write (BioCert, Data, (UINT32)DataSize) <= 0) {
Status = EFI_ABORTED;
goto ON_EXIT;
}
@@ -671,8 +712,8 @@ TlsSetCaCertificate ( SslCtx = SSL_get_SSL_CTX (TlsConn->Ssl);
X509Store = SSL_CTX_get_cert_store (SslCtx);
if (X509Store == NULL) {
- Status = EFI_ABORTED;
- goto ON_EXIT;
+ Status = EFI_ABORTED;
+ goto ON_EXIT;
}
//
@@ -684,8 +725,9 @@ TlsSetCaCertificate ( //
// Ignore "already in table" errors
//
- if (!(ERR_GET_FUNC (ErrorCode) == X509_F_X509_STORE_ADD_CERT &&
- ERR_GET_REASON (ErrorCode) == X509_R_CERT_ALREADY_IN_HASH_TABLE)) {
+ if (!((ERR_GET_FUNC (ErrorCode) == X509_F_X509_STORE_ADD_CERT) &&
+ (ERR_GET_REASON (ErrorCode) == X509_R_CERT_ALREADY_IN_HASH_TABLE)))
+ {
Status = EFI_ABORTED;
goto ON_EXIT;
}
@@ -723,9 +765,9 @@ ON_EXIT: EFI_STATUS
EFIAPI
TlsSetHostPublicCert (
- IN VOID *Tls,
- IN VOID *Data,
- IN UINTN DataSize
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize
)
{
BIO *BioCert;
@@ -736,9 +778,9 @@ TlsSetHostPublicCert ( BioCert = NULL;
Cert = NULL;
Status = EFI_SUCCESS;
- TlsConn = (TLS_CONNECTION *) Tls;
+ TlsConn = (TLS_CONNECTION *)Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL || Data == NULL || DataSize == 0) {
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (Data == NULL) || (DataSize == 0)) {
return EFI_INVALID_PARAMETER;
}
@@ -746,7 +788,7 @@ TlsSetHostPublicCert ( // DER-encoded binary X.509 certificate or PEM-encoded X.509 certificate.
// Determine whether certificate is from DER encoding, if so, translate it to X509 structure.
//
- Cert = d2i_X509 (NULL, (const unsigned char ** )&Data, (long) DataSize);
+ Cert = d2i_X509 (NULL, (const unsigned char **)&Data, (long)DataSize);
if (Cert == NULL) {
//
// Certificate is from PEM encoding.
@@ -757,7 +799,7 @@ TlsSetHostPublicCert ( goto ON_EXIT;
}
- if (BIO_write (BioCert, Data, (UINT32) DataSize) <= 0) {
+ if (BIO_write (BioCert, Data, (UINT32)DataSize) <= 0) {
Status = EFI_ABORTED;
goto ON_EXIT;
}
@@ -805,9 +847,9 @@ ON_EXIT: EFI_STATUS
EFIAPI
TlsSetHostPrivateKey (
- IN VOID *Tls,
- IN VOID *Data,
- IN UINTN DataSize
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize
)
{
return EFI_UNSUPPORTED;
@@ -830,8 +872,8 @@ TlsSetHostPrivateKey ( EFI_STATUS
EFIAPI
TlsSetCertRevocationList (
- IN VOID *Data,
- IN UINTN DataSize
+ IN VOID *Data,
+ IN UINTN DataSize
)
{
return EFI_UNSUPPORTED;
@@ -853,12 +895,12 @@ TlsSetCertRevocationList ( UINT16
EFIAPI
TlsGetVersion (
- IN VOID *Tls
+ IN VOID *Tls
)
{
TLS_CONNECTION *TlsConn;
- TlsConn = (TLS_CONNECTION *) Tls;
+ TlsConn = (TLS_CONNECTION *)Tls;
ASSERT (TlsConn != NULL);
@@ -881,12 +923,12 @@ TlsGetVersion ( UINT8
EFIAPI
TlsGetConnectionEnd (
- IN VOID *Tls
+ IN VOID *Tls
)
{
TLS_CONNECTION *TlsConn;
- TlsConn = (TLS_CONNECTION *) Tls;
+ TlsConn = (TLS_CONNECTION *)Tls;
ASSERT (TlsConn != NULL);
@@ -910,17 +952,17 @@ TlsGetConnectionEnd ( EFI_STATUS
EFIAPI
TlsGetCurrentCipher (
- IN VOID *Tls,
- IN OUT UINT16 *CipherId
+ IN VOID *Tls,
+ IN OUT UINT16 *CipherId
)
{
TLS_CONNECTION *TlsConn;
CONST SSL_CIPHER *Cipher;
- TlsConn = (TLS_CONNECTION *) Tls;
+ TlsConn = (TLS_CONNECTION *)Tls;
Cipher = NULL;
- if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (CipherId == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -953,8 +995,8 @@ TlsGetCurrentCipher ( EFI_STATUS
EFIAPI
TlsGetCurrentCompressionId (
- IN VOID *Tls,
- IN OUT UINT8 *CompressionId
+ IN VOID *Tls,
+ IN OUT UINT8 *CompressionId
)
{
return EFI_UNSUPPORTED;
@@ -976,12 +1018,12 @@ TlsGetCurrentCompressionId ( UINT32
EFIAPI
TlsGetVerify (
- IN VOID *Tls
+ IN VOID *Tls
)
{
TLS_CONNECTION *TlsConn;
- TlsConn = (TLS_CONNECTION *) Tls;
+ TlsConn = (TLS_CONNECTION *)Tls;
ASSERT (TlsConn != NULL);
@@ -1006,19 +1048,19 @@ TlsGetVerify ( EFI_STATUS
EFIAPI
TlsGetSessionId (
- IN VOID *Tls,
- IN OUT UINT8 *SessionId,
- IN OUT UINT16 *SessionIdLen
+ IN VOID *Tls,
+ IN OUT UINT8 *SessionId,
+ IN OUT UINT16 *SessionIdLen
)
{
TLS_CONNECTION *TlsConn;
SSL_SESSION *Session;
CONST UINT8 *SslSessionId;
- TlsConn = (TLS_CONNECTION *) Tls;
+ TlsConn = (TLS_CONNECTION *)Tls;
Session = NULL;
- if (TlsConn == NULL || TlsConn->Ssl == NULL || SessionId == NULL || SessionIdLen == NULL) {
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (SessionId == NULL) || (SessionIdLen == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -1047,15 +1089,15 @@ TlsGetSessionId ( VOID
EFIAPI
TlsGetClientRandom (
- IN VOID *Tls,
- IN OUT UINT8 *ClientRandom
+ IN VOID *Tls,
+ IN OUT UINT8 *ClientRandom
)
{
TLS_CONNECTION *TlsConn;
- TlsConn = (TLS_CONNECTION *) Tls;
+ TlsConn = (TLS_CONNECTION *)Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL || ClientRandom == NULL) {
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (ClientRandom == NULL)) {
return;
}
@@ -1076,15 +1118,15 @@ TlsGetClientRandom ( VOID
EFIAPI
TlsGetServerRandom (
- IN VOID *Tls,
- IN OUT UINT8 *ServerRandom
+ IN VOID *Tls,
+ IN OUT UINT8 *ServerRandom
)
{
TLS_CONNECTION *TlsConn;
- TlsConn = (TLS_CONNECTION *) Tls;
+ TlsConn = (TLS_CONNECTION *)Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL || ServerRandom == NULL) {
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (ServerRandom == NULL)) {
return;
}
@@ -1108,17 +1150,17 @@ TlsGetServerRandom ( EFI_STATUS
EFIAPI
TlsGetKeyMaterial (
- IN VOID *Tls,
- IN OUT UINT8 *KeyMaterial
+ IN VOID *Tls,
+ IN OUT UINT8 *KeyMaterial
)
{
TLS_CONNECTION *TlsConn;
SSL_SESSION *Session;
- TlsConn = (TLS_CONNECTION *) Tls;
+ TlsConn = (TLS_CONNECTION *)Tls;
Session = NULL;
- if (TlsConn == NULL || TlsConn->Ssl == NULL || KeyMaterial == NULL) {
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (KeyMaterial == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -1152,9 +1194,9 @@ TlsGetKeyMaterial ( EFI_STATUS
EFIAPI
TlsGetCaCertificate (
- IN VOID *Tls,
- OUT VOID *Data,
- IN OUT UINTN *DataSize
+ IN VOID *Tls,
+ OUT VOID *Data,
+ IN OUT UINTN *DataSize
)
{
return EFI_UNSUPPORTED;
@@ -1180,22 +1222,22 @@ TlsGetCaCertificate ( EFI_STATUS
EFIAPI
TlsGetHostPublicCert (
- IN VOID *Tls,
- OUT VOID *Data,
- IN OUT UINTN *DataSize
+ IN VOID *Tls,
+ OUT VOID *Data,
+ IN OUT UINTN *DataSize
)
{
X509 *Cert;
TLS_CONNECTION *TlsConn;
Cert = NULL;
- TlsConn = (TLS_CONNECTION *) Tls;
+ TlsConn = (TLS_CONNECTION *)Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL || DataSize == NULL || (*DataSize != 0 && Data == NULL)) {
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL) || (DataSize == NULL) || ((*DataSize != 0) && (Data == NULL))) {
return EFI_INVALID_PARAMETER;
}
- Cert = SSL_get_certificate(TlsConn->Ssl);
+ Cert = SSL_get_certificate (TlsConn->Ssl);
if (Cert == NULL) {
return EFI_NOT_FOUND;
}
@@ -1203,12 +1245,12 @@ TlsGetHostPublicCert ( //
// Only DER encoding is supported currently.
//
- if (*DataSize < (UINTN) i2d_X509 (Cert, NULL)) {
- *DataSize = (UINTN) i2d_X509 (Cert, NULL);
+ if (*DataSize < (UINTN)i2d_X509 (Cert, NULL)) {
+ *DataSize = (UINTN)i2d_X509 (Cert, NULL);
return EFI_BUFFER_TOO_SMALL;
}
- *DataSize = (UINTN) i2d_X509 (Cert, (unsigned char **) &Data);
+ *DataSize = (UINTN)i2d_X509 (Cert, (unsigned char **)&Data);
return EFI_SUCCESS;
}
@@ -1232,9 +1274,9 @@ TlsGetHostPublicCert ( EFI_STATUS
EFIAPI
TlsGetHostPrivateKey (
- IN VOID *Tls,
- OUT VOID *Data,
- IN OUT UINTN *DataSize
+ IN VOID *Tls,
+ OUT VOID *Data,
+ IN OUT UINTN *DataSize
)
{
return EFI_UNSUPPORTED;
@@ -1258,8 +1300,8 @@ TlsGetHostPrivateKey ( EFI_STATUS
EFIAPI
TlsGetCertRevocationList (
- OUT VOID *Data,
- IN OUT UINTN *DataSize
+ OUT VOID *Data,
+ IN OUT UINTN *DataSize
)
{
return EFI_UNSUPPORTED;
diff --git a/CryptoPkg/Library/TlsLib/TlsInit.c b/CryptoPkg/Library/TlsLib/TlsInit.c index f9ad6f6b94..8d707f8285 100644 --- a/CryptoPkg/Library/TlsLib/TlsInit.c +++ b/CryptoPkg/Library/TlsLib/TlsInit.c @@ -26,7 +26,7 @@ TlsInitialize ( VOID
)
{
- INTN Ret;
+ INTN Ret;
//
// Performs initialization of crypto and ssl library, and loads required
@@ -55,7 +55,7 @@ TlsInitialize ( VOID
EFIAPI
TlsCtxFree (
- IN VOID *TlsCtx
+ IN VOID *TlsCtx
)
{
if (TlsCtx == NULL) {
@@ -63,7 +63,7 @@ TlsCtxFree ( }
if (TlsCtx != NULL) {
- SSL_CTX_free ((SSL_CTX *) (TlsCtx));
+ SSL_CTX_free ((SSL_CTX *)(TlsCtx));
}
}
@@ -81,8 +81,8 @@ TlsCtxFree ( VOID *
EFIAPI
TlsCtxNew (
- IN UINT8 MajorVer,
- IN UINT8 MinorVer
+ IN UINT8 MajorVer,
+ IN UINT8 MinorVer
)
{
SSL_CTX *TlsCtx;
@@ -106,7 +106,7 @@ TlsCtxNew ( //
SSL_CTX_set_min_proto_version (TlsCtx, ProtoVersion);
- return (VOID *) TlsCtx;
+ return (VOID *)TlsCtx;
}
/**
@@ -121,12 +121,12 @@ TlsCtxNew ( VOID
EFIAPI
TlsFree (
- IN VOID *Tls
+ IN VOID *Tls
)
{
TLS_CONNECTION *TlsConn;
- TlsConn = (TLS_CONNECTION *) Tls;
+ TlsConn = (TLS_CONNECTION *)Tls;
if (TlsConn == NULL) {
return;
}
@@ -157,7 +157,7 @@ TlsFree ( VOID *
EFIAPI
TlsNew (
- IN VOID *TlsCtx
+ IN VOID *TlsCtx
)
{
TLS_CONNECTION *TlsConn;
@@ -169,7 +169,7 @@ TlsNew ( //
// Allocate one new TLS_CONNECTION object
//
- TlsConn = (TLS_CONNECTION *) OPENSSL_malloc (sizeof (TLS_CONNECTION));
+ TlsConn = (TLS_CONNECTION *)OPENSSL_malloc (sizeof (TLS_CONNECTION));
if (TlsConn == NULL) {
return NULL;
}
@@ -179,9 +179,9 @@ TlsNew ( //
// Create a new SSL Object
//
- TlsConn->Ssl = SSL_new ((SSL_CTX *) TlsCtx);
+ TlsConn->Ssl = SSL_new ((SSL_CTX *)TlsCtx);
if (TlsConn->Ssl == NULL) {
- TlsFree ((VOID *) TlsConn);
+ TlsFree ((VOID *)TlsConn);
return NULL;
}
@@ -202,7 +202,7 @@ TlsNew ( //
TlsConn->InBio = BIO_new (BIO_s_mem ());
if (TlsConn->InBio == NULL) {
- TlsFree ((VOID *) TlsConn);
+ TlsFree ((VOID *)TlsConn);
return NULL;
}
@@ -219,7 +219,7 @@ TlsNew ( //
TlsConn->OutBio = BIO_new (BIO_s_mem ());
if (TlsConn->OutBio == NULL) {
- TlsFree ((VOID *) TlsConn);
+ TlsFree ((VOID *)TlsConn);
return NULL;
}
@@ -244,9 +244,10 @@ TlsNew ( if (X509Store == NULL) {
X509Store = X509_STORE_new ();
if (X509Store == NULL) {
- TlsFree ((VOID *) TlsConn);
+ TlsFree ((VOID *)TlsConn);
return NULL;
}
+
SSL_CTX_set1_verify_cert_store (SslCtx, X509Store);
X509_STORE_free (X509Store);
}
@@ -258,6 +259,5 @@ TlsNew ( X509Store,
X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME
);
- return (VOID *) TlsConn;
+ return (VOID *)TlsConn;
}
-
diff --git a/CryptoPkg/Library/TlsLib/TlsProcess.c b/CryptoPkg/Library/TlsLib/TlsProcess.c index f64184e348..0f2ad7a9fb 100644 --- a/CryptoPkg/Library/TlsLib/TlsProcess.c +++ b/CryptoPkg/Library/TlsLib/TlsProcess.c @@ -10,7 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "InternalTlsLib.h"
-#define MAX_BUFFER_SIZE 32768
+#define MAX_BUFFER_SIZE 32768
/**
Checks if the TLS handshake was done.
@@ -26,13 +26,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent BOOLEAN
EFIAPI
TlsInHandshake (
- IN VOID *Tls
+ IN VOID *Tls
)
{
TLS_CONNECTION *TlsConn;
- TlsConn = (TLS_CONNECTION *) Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL) {
+ TlsConn = (TLS_CONNECTION *)Tls;
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL)) {
return FALSE;
}
@@ -71,11 +71,11 @@ TlsInHandshake ( EFI_STATUS
EFIAPI
TlsDoHandshake (
- IN VOID *Tls,
- IN UINT8 *BufferIn OPTIONAL,
- IN UINTN BufferInSize OPTIONAL,
- OUT UINT8 *BufferOut OPTIONAL,
- IN OUT UINTN *BufferOutSize
+ IN VOID *Tls,
+ IN UINT8 *BufferIn OPTIONAL,
+ IN UINTN BufferInSize OPTIONAL,
+ OUT UINT8 *BufferOut OPTIONAL,
+ IN OUT UINTN *BufferOutSize
)
{
TLS_CONNECTION *TlsConn;
@@ -83,45 +83,47 @@ TlsDoHandshake ( INTN Ret;
UINTN ErrorCode;
- TlsConn = (TLS_CONNECTION *) Tls;
+ TlsConn = (TLS_CONNECTION *)Tls;
PendingBufferSize = 0;
Ret = 1;
- if (TlsConn == NULL || \
- TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
- BufferOutSize == NULL || \
- (BufferIn == NULL && BufferInSize != 0) || \
- (BufferIn != NULL && BufferInSize == 0) || \
- (BufferOut == NULL && *BufferOutSize != 0)) {
+ if ((TlsConn == NULL) || \
+ (TlsConn->Ssl == NULL) || (TlsConn->InBio == NULL) || (TlsConn->OutBio == NULL) || \
+ (BufferOutSize == NULL) || \
+ ((BufferIn == NULL) && (BufferInSize != 0)) || \
+ ((BufferIn != NULL) && (BufferInSize == 0)) || \
+ ((BufferOut == NULL) && (*BufferOutSize != 0)))
+ {
return EFI_INVALID_PARAMETER;
}
- if(BufferIn == NULL && BufferInSize == 0) {
+ if ((BufferIn == NULL) && (BufferInSize == 0)) {
//
// If RequestBuffer is NULL and RequestSize is 0, and TLS session
// status is EfiTlsSessionNotStarted, the TLS session will be initiated
// and the response packet needs to be ClientHello.
//
- PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
+ PendingBufferSize = (UINTN)BIO_ctrl_pending (TlsConn->OutBio);
if (PendingBufferSize == 0) {
SSL_set_connect_state (TlsConn->Ssl);
- Ret = SSL_do_handshake (TlsConn->Ssl);
- PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
+ Ret = SSL_do_handshake (TlsConn->Ssl);
+ PendingBufferSize = (UINTN)BIO_ctrl_pending (TlsConn->OutBio);
}
} else {
- PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
+ PendingBufferSize = (UINTN)BIO_ctrl_pending (TlsConn->OutBio);
if (PendingBufferSize == 0) {
- BIO_write (TlsConn->InBio, BufferIn, (UINT32) BufferInSize);
- Ret = SSL_do_handshake (TlsConn->Ssl);
- PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
+ BIO_write (TlsConn->InBio, BufferIn, (UINT32)BufferInSize);
+ Ret = SSL_do_handshake (TlsConn->Ssl);
+ PendingBufferSize = (UINTN)BIO_ctrl_pending (TlsConn->OutBio);
}
}
if (Ret < 1) {
- Ret = SSL_get_error (TlsConn->Ssl, (int) Ret);
- if (Ret == SSL_ERROR_SSL ||
- Ret == SSL_ERROR_SYSCALL ||
- Ret == SSL_ERROR_ZERO_RETURN) {
+ Ret = SSL_get_error (TlsConn->Ssl, (int)Ret);
+ if ((Ret == SSL_ERROR_SSL) ||
+ (Ret == SSL_ERROR_SYSCALL) ||
+ (Ret == SSL_ERROR_ZERO_RETURN))
+ {
DEBUG ((
DEBUG_ERROR,
"%a SSL_HANDSHAKE_ERROR State=0x%x SSL_ERROR_%a\n",
@@ -130,21 +132,23 @@ TlsDoHandshake ( Ret == SSL_ERROR_SSL ? "SSL" : Ret == SSL_ERROR_SYSCALL ? "SYSCALL" : "ZERO_RETURN"
));
DEBUG_CODE_BEGIN ();
- while (TRUE) {
- ErrorCode = ERR_get_error ();
- if (ErrorCode == 0) {
- break;
- }
- DEBUG ((
- DEBUG_ERROR,
- "%a ERROR 0x%x=L%x:F%x:R%x\n",
- __FUNCTION__,
- ErrorCode,
- ERR_GET_LIB (ErrorCode),
- ERR_GET_FUNC (ErrorCode),
- ERR_GET_REASON (ErrorCode)
- ));
+ while (TRUE) {
+ ErrorCode = ERR_get_error ();
+ if (ErrorCode == 0) {
+ break;
}
+
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a ERROR 0x%x=L%x:F%x:R%x\n",
+ __FUNCTION__,
+ ErrorCode,
+ ERR_GET_LIB (ErrorCode),
+ ERR_GET_FUNC (ErrorCode),
+ ERR_GET_REASON (ErrorCode)
+ ));
+ }
+
DEBUG_CODE_END ();
return EFI_ABORTED;
}
@@ -156,7 +160,7 @@ TlsDoHandshake ( }
if (PendingBufferSize > 0) {
- *BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32) PendingBufferSize);
+ *BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32)PendingBufferSize);
} else {
*BufferOutSize = 0;
}
@@ -192,11 +196,11 @@ TlsDoHandshake ( EFI_STATUS
EFIAPI
TlsHandleAlert (
- IN VOID *Tls,
- IN UINT8 *BufferIn OPTIONAL,
- IN UINTN BufferInSize OPTIONAL,
- OUT UINT8 *BufferOut OPTIONAL,
- IN OUT UINTN *BufferOutSize
+ IN VOID *Tls,
+ IN UINT8 *BufferIn OPTIONAL,
+ IN UINTN BufferInSize OPTIONAL,
+ OUT UINT8 *BufferOut OPTIONAL,
+ IN OUT UINTN *BufferOutSize
)
{
TLS_CONNECTION *TlsConn;
@@ -204,28 +208,29 @@ TlsHandleAlert ( UINT8 *TempBuffer;
INTN Ret;
- TlsConn = (TLS_CONNECTION *) Tls;
+ TlsConn = (TLS_CONNECTION *)Tls;
PendingBufferSize = 0;
TempBuffer = NULL;
Ret = 0;
- if (TlsConn == NULL || \
- TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
- BufferOutSize == NULL || \
- (BufferIn == NULL && BufferInSize != 0) || \
- (BufferIn != NULL && BufferInSize == 0) || \
- (BufferOut == NULL && *BufferOutSize != 0)) {
+ if ((TlsConn == NULL) || \
+ (TlsConn->Ssl == NULL) || (TlsConn->InBio == NULL) || (TlsConn->OutBio == NULL) || \
+ (BufferOutSize == NULL) || \
+ ((BufferIn == NULL) && (BufferInSize != 0)) || \
+ ((BufferIn != NULL) && (BufferInSize == 0)) || \
+ ((BufferOut == NULL) && (*BufferOutSize != 0)))
+ {
return EFI_INVALID_PARAMETER;
}
- PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
- if (PendingBufferSize == 0 && BufferIn != NULL && BufferInSize != 0) {
- Ret = BIO_write (TlsConn->InBio, BufferIn, (UINT32) BufferInSize);
- if (Ret != (INTN) BufferInSize) {
+ PendingBufferSize = (UINTN)BIO_ctrl_pending (TlsConn->OutBio);
+ if ((PendingBufferSize == 0) && (BufferIn != NULL) && (BufferInSize != 0)) {
+ Ret = BIO_write (TlsConn->InBio, BufferIn, (UINT32)BufferInSize);
+ if (Ret != (INTN)BufferInSize) {
return EFI_ABORTED;
}
- TempBuffer = (UINT8 *) OPENSSL_malloc (MAX_BUFFER_SIZE);
+ TempBuffer = (UINT8 *)OPENSSL_malloc (MAX_BUFFER_SIZE);
//
// ssl3_send_alert() will be called in ssl3_read_bytes() function.
@@ -235,7 +240,7 @@ TlsHandleAlert ( OPENSSL_free (TempBuffer);
- PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
+ PendingBufferSize = (UINTN)BIO_ctrl_pending (TlsConn->OutBio);
}
if (PendingBufferSize > *BufferOutSize) {
@@ -244,7 +249,7 @@ TlsHandleAlert ( }
if (PendingBufferSize > 0) {
- *BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32) PendingBufferSize);
+ *BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32)PendingBufferSize);
} else {
*BufferOutSize = 0;
}
@@ -273,31 +278,32 @@ TlsHandleAlert ( EFI_STATUS
EFIAPI
TlsCloseNotify (
- IN VOID *Tls,
- IN OUT UINT8 *Buffer,
- IN OUT UINTN *BufferSize
+ IN VOID *Tls,
+ IN OUT UINT8 *Buffer,
+ IN OUT UINTN *BufferSize
)
{
TLS_CONNECTION *TlsConn;
UINTN PendingBufferSize;
- TlsConn = (TLS_CONNECTION *) Tls;
+ TlsConn = (TLS_CONNECTION *)Tls;
PendingBufferSize = 0;
- if (TlsConn == NULL || \
- TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
- BufferSize == NULL || \
- (Buffer == NULL && *BufferSize != 0)) {
+ if ((TlsConn == NULL) || \
+ (TlsConn->Ssl == NULL) || (TlsConn->InBio == NULL) || (TlsConn->OutBio == NULL) || \
+ (BufferSize == NULL) || \
+ ((Buffer == NULL) && (*BufferSize != 0)))
+ {
return EFI_INVALID_PARAMETER;
}
- PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
+ PendingBufferSize = (UINTN)BIO_ctrl_pending (TlsConn->OutBio);
if (PendingBufferSize == 0) {
//
// ssl3_send_alert() and ssl3_dispatch_alert() function will be called.
//
SSL_shutdown (TlsConn->Ssl);
- PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
+ PendingBufferSize = (UINTN)BIO_ctrl_pending (TlsConn->OutBio);
}
if (PendingBufferSize > *BufferSize) {
@@ -306,7 +312,7 @@ TlsCloseNotify ( }
if (PendingBufferSize > 0) {
- *BufferSize = BIO_read (TlsConn->OutBio, Buffer, (UINT32) PendingBufferSize);
+ *BufferSize = BIO_read (TlsConn->OutBio, Buffer, (UINT32)PendingBufferSize);
} else {
*BufferSize = 0;
}
@@ -331,22 +337,22 @@ TlsCloseNotify ( INTN
EFIAPI
TlsCtrlTrafficOut (
- IN VOID *Tls,
- IN OUT VOID *Buffer,
- IN UINTN BufferSize
+ IN VOID *Tls,
+ IN OUT VOID *Buffer,
+ IN UINTN BufferSize
)
{
TLS_CONNECTION *TlsConn;
- TlsConn = (TLS_CONNECTION *) Tls;
- if (TlsConn == NULL || TlsConn->OutBio == 0) {
+ TlsConn = (TLS_CONNECTION *)Tls;
+ if ((TlsConn == NULL) || (TlsConn->OutBio == 0)) {
return -1;
}
//
// Read and return the amount of data from the BIO.
//
- return BIO_read (TlsConn->OutBio, Buffer, (UINT32) BufferSize);
+ return BIO_read (TlsConn->OutBio, Buffer, (UINT32)BufferSize);
}
/**
@@ -366,23 +372,24 @@ TlsCtrlTrafficOut ( INTN
EFIAPI
TlsCtrlTrafficIn (
- IN VOID *Tls,
- IN VOID *Buffer,
- IN UINTN BufferSize
+ IN VOID *Tls,
+ IN VOID *Buffer,
+ IN UINTN BufferSize
)
{
TLS_CONNECTION *TlsConn;
- TlsConn = (TLS_CONNECTION *) Tls;
- if (TlsConn == NULL || TlsConn->InBio == 0) {
+ TlsConn = (TLS_CONNECTION *)Tls;
+ if ((TlsConn == NULL) || (TlsConn->InBio == 0)) {
return -1;
}
//
// Write and return the amount of data to the BIO.
//
- return BIO_write (TlsConn->InBio, Buffer, (UINT32) BufferSize);
+ return BIO_write (TlsConn->InBio, Buffer, (UINT32)BufferSize);
}
+
/**
Attempts to read bytes from the specified TLS connection into the buffer.
@@ -401,22 +408,22 @@ TlsCtrlTrafficIn ( INTN
EFIAPI
TlsRead (
- IN VOID *Tls,
- IN OUT VOID *Buffer,
- IN UINTN BufferSize
+ IN VOID *Tls,
+ IN OUT VOID *Buffer,
+ IN UINTN BufferSize
)
{
TLS_CONNECTION *TlsConn;
- TlsConn = (TLS_CONNECTION *) Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL) {
+ TlsConn = (TLS_CONNECTION *)Tls;
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL)) {
return -1;
}
//
// Read bytes from the specified TLS connection.
//
- return SSL_read (TlsConn->Ssl, Buffer, (UINT32) BufferSize);
+ return SSL_read (TlsConn->Ssl, Buffer, (UINT32)BufferSize);
}
/**
@@ -437,20 +444,20 @@ TlsRead ( INTN
EFIAPI
TlsWrite (
- IN VOID *Tls,
- IN VOID *Buffer,
- IN UINTN BufferSize
+ IN VOID *Tls,
+ IN VOID *Buffer,
+ IN UINTN BufferSize
)
{
TLS_CONNECTION *TlsConn;
- TlsConn = (TLS_CONNECTION *) Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL) {
+ TlsConn = (TLS_CONNECTION *)Tls;
+ if ((TlsConn == NULL) || (TlsConn->Ssl == NULL)) {
return -1;
}
//
// Write bytes to the specified TLS connection.
//
- return SSL_write (TlsConn->Ssl, Buffer, (UINT32) BufferSize);
+ return SSL_write (TlsConn->Ssl, Buffer, (UINT32)BufferSize);
}
|