VirtualBox

Ignore:
Timestamp:
Aug 14, 2024 1:16:30 PM (7 months ago)
Author:
vboxsync
svn:sync-xref-src-repo-rev:
164367
Message:

Devices/EFI/FirmwareNew: Merge edk2-stable-202405 and make it build on aarch64, bugref:4643

Location:
trunk/src/VBox/Devices/EFI/FirmwareNew
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Devices/EFI/FirmwareNew

  • trunk/src/VBox/Devices/EFI/FirmwareNew/CryptoPkg/Library/TlsLib/TlsConfig.c

    r101291 r105670  
    99
    1010#include "InternalTlsLib.h"
    11 
    12 typedef struct {
    13   //
    14   // IANA/IETF defined Cipher Suite ID
    15   //
    16   UINT16         IanaCipher;
    17   //
    18   // OpenSSL-used Cipher Suite String
    19   //
    20   CONST CHAR8    *OpensslCipher;
    21   //
    22   // Length of OpensslCipher
    23   //
    24   UINTN          OpensslCipherLength;
    25 } TLS_CIPHER_MAPPING;
    26 
    27 //
    28 // Create a TLS_CIPHER_MAPPING initializer from IanaCipher and OpensslCipher so
    29 // that OpensslCipherLength is filled in automatically. IanaCipher must be an
    30 // integer constant expression, and OpensslCipher must be a string literal.
    31 //
    32 #define MAP(IanaCipher, OpensslCipher) \
    33   { (IanaCipher), (OpensslCipher), sizeof (OpensslCipher) - 1 }
    34 
    35 //
    36 // The mapping table between IANA/IETF Cipher Suite definitions and
    37 // OpenSSL-used Cipher Suite name.
    38 //
    39 // Keep the table uniquely sorted by the IanaCipher field, in increasing order.
    40 //
    41 STATIC CONST TLS_CIPHER_MAPPING  TlsCipherMappingTable[] = {
    42   MAP (0x0001, "NULL-MD5"),                         /// TLS_RSA_WITH_NULL_MD5
    43   MAP (0x0002, "NULL-SHA"),                         /// TLS_RSA_WITH_NULL_SHA
    44   MAP (0x0004, "RC4-MD5"),                          /// TLS_RSA_WITH_RC4_128_MD5
    45   MAP (0x0005, "RC4-SHA"),                          /// TLS_RSA_WITH_RC4_128_SHA
    46   MAP (0x000A, "DES-CBC3-SHA"),                     /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1
    47   MAP (0x0016, "DHE-RSA-DES-CBC3-SHA"),             /// TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
    48   MAP (0x002F, "AES128-SHA"),                       /// TLS_RSA_WITH_AES_128_CBC_SHA, mandatory TLS 1.2
    49   MAP (0x0030, "DH-DSS-AES128-SHA"),                /// TLS_DH_DSS_WITH_AES_128_CBC_SHA
    50   MAP (0x0031, "DH-RSA-AES128-SHA"),                /// TLS_DH_RSA_WITH_AES_128_CBC_SHA
    51   MAP (0x0033, "DHE-RSA-AES128-SHA"),               /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    52   MAP (0x0035, "AES256-SHA"),                       /// TLS_RSA_WITH_AES_256_CBC_SHA
    53   MAP (0x0036, "DH-DSS-AES256-SHA"),                /// TLS_DH_DSS_WITH_AES_256_CBC_SHA
    54   MAP (0x0037, "DH-RSA-AES256-SHA"),                /// TLS_DH_RSA_WITH_AES_256_CBC_SHA
    55   MAP (0x0039, "DHE-RSA-AES256-SHA"),               /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    56   MAP (0x003B, "NULL-SHA256"),                      /// TLS_RSA_WITH_NULL_SHA256
    57   MAP (0x003C, "AES128-SHA256"),                    /// TLS_RSA_WITH_AES_128_CBC_SHA256
    58   MAP (0x003D, "AES256-SHA256"),                    /// TLS_RSA_WITH_AES_256_CBC_SHA256
    59   MAP (0x003E, "DH-DSS-AES128-SHA256"),             /// TLS_DH_DSS_WITH_AES_128_CBC_SHA256
    60   MAP (0x003F, "DH-RSA-AES128-SHA256"),             /// TLS_DH_RSA_WITH_AES_128_CBC_SHA256
    61   MAP (0x0067, "DHE-RSA-AES128-SHA256"),            /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
    62   MAP (0x0068, "DH-DSS-AES256-SHA256"),             /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256
    63   MAP (0x0069, "DH-RSA-AES256-SHA256"),             /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256
    64   MAP (0x006B, "DHE-RSA-AES256-SHA256"),            /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
    65   MAP (0x009F, "DHE-RSA-AES256-GCM-SHA384"),        /// TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    66   MAP (0xC02B, "ECDHE-ECDSA-AES128-GCM-SHA256"),    /// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    67   MAP (0xC02C, "ECDHE-ECDSA-AES256-GCM-SHA384"),    /// TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    68   MAP (0xC030, "ECDHE-RSA-AES256-GCM-SHA384"),      /// TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    69 };
    7011
    7112typedef struct {
     
    9637  { TlsSignatureAlgoEcdsa,     "ECDSA" },
    9738};
    98 
    99 /**
    100   Gets the OpenSSL cipher suite mapping for the supplied IANA TLS cipher suite.
    101 
    102   @param[in]  CipherId    The supplied IANA TLS cipher suite ID.
    103 
    104   @return  The corresponding OpenSSL cipher suite mapping if found,
    105            NULL otherwise.
    106 
    107 **/
    108 STATIC
    109 CONST TLS_CIPHER_MAPPING *
    110 TlsGetCipherMapping (
    111   IN     UINT16  CipherId
    112   )
    113 {
    114   INTN  Left;
    115   INTN  Right;
    116   INTN  Middle;
    117 
    118   //
    119   // Binary Search Cipher Mapping Table for IANA-OpenSSL Cipher Translation
    120   //
    121   Left  = 0;
    122   Right = ARRAY_SIZE (TlsCipherMappingTable) - 1;
    123 
    124   while (Right >= Left) {
    125     Middle = (Left + Right) / 2;
    126 
    127     if (CipherId == TlsCipherMappingTable[Middle].IanaCipher) {
    128       //
    129       // Translate IANA cipher suite ID to OpenSSL name.
    130       //
    131       return &TlsCipherMappingTable[Middle];
    132     }
    133 
    134     if (CipherId < TlsCipherMappingTable[Middle].IanaCipher) {
    135       Right = Middle - 1;
    136     } else {
    137       Left = Middle + 1;
    138     }
    139   }
    140 
    141   //
    142   // No Cipher Mapping found, return NULL.
    143   //
    144   return NULL;
    145 }
    14639
    14740/**
     
    282175  )
    283176{
    284   TLS_CONNECTION            *TlsConn;
    285   EFI_STATUS                Status;
    286   CONST TLS_CIPHER_MAPPING  **MappedCipher;
    287   UINTN                     MappedCipherBytes;
    288   UINTN                     MappedCipherCount;
    289   UINTN                     CipherStringSize;
    290   UINTN                     Index;
    291   CONST TLS_CIPHER_MAPPING  *Mapping;
    292   CHAR8                     *CipherString;
    293   CHAR8                     *CipherStringPosition;
     177  TLS_CONNECTION    *TlsConn;
     178  EFI_STATUS        Status;
     179  CONST SSL_CIPHER  **MappedCipher;
     180  UINTN             MappedCipherBytes;
     181  UINTN             MappedCipherCount;
     182  UINTN             CipherStringSize;
     183  UINTN             Index;
     184  INT32             StackIdx;
     185  CHAR8             *CipherString;
     186  CHAR8             *CipherStringPosition;
     187
     188  STACK_OF (SSL_CIPHER)      *OpensslCipherStack;
     189  CONST SSL_CIPHER  *OpensslCipher;
     190  CONST CHAR8       *OpensslCipherName;
     191  UINTN             OpensslCipherNameLength;
    294192
    295193  TlsConn = (TLS_CONNECTION *)Tls;
     
    316214  }
    317215
     216  OpensslCipherStack = SSL_get_ciphers (TlsConn->Ssl);
     217
    318218  //
    319219  // Map the cipher IDs, and count the number of bytes for the full
     
    322222  MappedCipherCount = 0;
    323223  CipherStringSize  = 0;
    324   for (Index = 0; Index < CipherNum; Index++) {
     224  for (Index = 0; OpensslCipherStack != NULL && Index < CipherNum; Index++) {
    325225    //
    326226    // Look up the IANA-to-OpenSSL mapping.
    327227    //
    328     Mapping = TlsGetCipherMapping (CipherId[Index]);
    329     if (Mapping == NULL) {
     228    for (StackIdx = 0; StackIdx < sk_SSL_CIPHER_num (OpensslCipherStack); StackIdx++) {
     229      OpensslCipher = sk_SSL_CIPHER_value (OpensslCipherStack, StackIdx);
     230      if (CipherId[Index] == SSL_CIPHER_get_protocol_id (OpensslCipher)) {
     231        break;
     232      }
     233    }
     234
     235    if (StackIdx == sk_SSL_CIPHER_num (OpensslCipherStack)) {
    330236      DEBUG ((
    331237        DEBUG_VERBOSE,
     
    344250
    345251    //
    346     // Accumulate Mapping->OpensslCipherLength into CipherStringSize. If this
     252    // Accumulate cipher name string length into CipherStringSize. If this
    347253    // is not the first successful mapping, account for a colon (":") prefix
    348254    // too.
     
    358264    Status = SafeUintnAdd (
    359265               CipherStringSize,
    360                Mapping->OpensslCipherLength,
     266               AsciiStrLen (SSL_CIPHER_get_name (OpensslCipher)),
    361267               &CipherStringSize
    362268               );
     
    369275    // Record the mapping.
    370276    //
    371     MappedCipher[MappedCipherCount++] = Mapping;
     277    MappedCipher[MappedCipherCount++] = OpensslCipher;
    372278  }
    373279
     
    404310  CipherStringPosition = CipherString;
    405311  for (Index = 0; Index < MappedCipherCount; Index++) {
    406     Mapping = MappedCipher[Index];
     312    OpensslCipher           = MappedCipher[Index];
     313    OpensslCipherName       = SSL_CIPHER_get_name (OpensslCipher);
     314    OpensslCipherNameLength = AsciiStrLen (OpensslCipherName);
    407315    //
    408316    // Append the colon (":") prefix except for the first mapping, then append
    409     // Mapping->OpensslCipher.
     317    // OpensslCipherName.
    410318    //
    411319    if (Index > 0) {
     
    415323    CopyMem (
    416324      CipherStringPosition,
    417       Mapping->OpensslCipher,
    418       Mapping->OpensslCipherLength
     325      OpensslCipherName,
     326      OpensslCipherNameLength
    419327      );
    420     CipherStringPosition += Mapping->OpensslCipherLength;
     328    CipherStringPosition += OpensslCipherNameLength;
    421329  }
    422330
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette