Changeset 80721 in vbox for trunk/src/VBox/Devices/EFI/FirmwareNew/NetworkPkg/HttpDxe/HttpsSupport.c
- Timestamp:
- Sep 11, 2019 8:46:37 AM (5 years ago)
- Location:
- trunk/src/VBox/Devices/EFI/FirmwareNew
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
NetworkPkg/HttpDxe/HttpsSupport.c (modified) (10 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/Devices/EFI/FirmwareNew
-
Property svn:mergeinfo
changed from (toggle deleted branches)
to (toggle deleted branches)/vendor/edk2/current 103735-103757,103769-103776,129194-129237 /vendor/edk2/current 103735-103757,103769-103776,129194-133213
-
Property svn:mergeinfo
changed from (toggle deleted branches)
-
trunk/src/VBox/Devices/EFI/FirmwareNew/NetworkPkg/HttpDxe/HttpsSupport.c
r77662 r80721 2 2 Miscellaneous routines specific to Https for HttpDxe driver. 3 3 4 Copyright (c) 2016 - 201 7, Intel Corporation. All rights reserved.<BR>4 Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> 5 5 (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 9 http://opensource.org/licenses/bsd-license.php 10 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 6 SPDX-License-Identifier: BSD-2-Clause-Patent 13 7 14 8 **/ … … 385 379 EFI_SIGNATURE_LIST *CertList; 386 380 EFI_SIGNATURE_DATA *Cert; 381 UINTN CertArraySizeInBytes; 387 382 UINTN CertCount; 388 383 UINT32 ItemDataSize; … … 424 419 // 425 420 // GetVariable still error or the variable is corrupted. 426 // Fall back to the default value. 427 // 428 FreePool (CACert); 429 430 return EFI_NOT_FOUND; 421 // 422 goto FreeCACert; 431 423 } 432 424 433 425 ASSERT (CACert != NULL); 426 427 // 428 // Sanity check 429 // 430 Status = EFI_INVALID_PARAMETER; 431 CertCount = 0; 432 ItemDataSize = (UINT32) CACertSize; 433 while (ItemDataSize > 0) { 434 if (ItemDataSize < sizeof (EFI_SIGNATURE_LIST)) { 435 DEBUG ((DEBUG_ERROR, "%a: truncated EFI_SIGNATURE_LIST header\n", 436 __FUNCTION__)); 437 goto FreeCACert; 438 } 439 440 CertList = (EFI_SIGNATURE_LIST *) (CACert + (CACertSize - ItemDataSize)); 441 442 if (CertList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST)) { 443 DEBUG ((DEBUG_ERROR, 444 "%a: SignatureListSize too small for EFI_SIGNATURE_LIST\n", 445 __FUNCTION__)); 446 goto FreeCACert; 447 } 448 449 if (CertList->SignatureListSize > ItemDataSize) { 450 DEBUG ((DEBUG_ERROR, "%a: truncated EFI_SIGNATURE_LIST body\n", 451 __FUNCTION__)); 452 goto FreeCACert; 453 } 454 455 if (!CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { 456 DEBUG ((DEBUG_ERROR, "%a: only X509 certificates are supported\n", 457 __FUNCTION__)); 458 Status = EFI_UNSUPPORTED; 459 goto FreeCACert; 460 } 461 462 if (CertList->SignatureHeaderSize != 0) { 463 DEBUG ((DEBUG_ERROR, "%a: SignatureHeaderSize must be 0 for X509\n", 464 __FUNCTION__)); 465 goto FreeCACert; 466 } 467 468 if (CertList->SignatureSize < sizeof (EFI_SIGNATURE_DATA)) { 469 DEBUG ((DEBUG_ERROR, 470 "%a: SignatureSize too small for EFI_SIGNATURE_DATA\n", __FUNCTION__)); 471 goto FreeCACert; 472 } 473 474 CertArraySizeInBytes = (CertList->SignatureListSize - 475 sizeof (EFI_SIGNATURE_LIST)); 476 if (CertArraySizeInBytes % CertList->SignatureSize != 0) { 477 DEBUG ((DEBUG_ERROR, 478 "%a: EFI_SIGNATURE_DATA array not a multiple of SignatureSize\n", 479 __FUNCTION__)); 480 goto FreeCACert; 481 } 482 483 CertCount += CertArraySizeInBytes / CertList->SignatureSize; 484 ItemDataSize -= CertList->SignatureListSize; 485 } 486 if (CertCount == 0) { 487 DEBUG ((DEBUG_ERROR, "%a: no X509 certificates provided\n", __FUNCTION__)); 488 goto FreeCACert; 489 } 434 490 435 491 // … … 452 508 ); 453 509 if (EFI_ERROR (Status)) { 454 FreePool (CACert); 455 return Status; 510 goto FreeCACert; 456 511 } 457 512 … … 463 518 } 464 519 520 FreeCACert: 465 521 FreePool (CACert); 522 return Status; 523 } 524 525 /** 526 Read the HttpTlsCipherList variable and configure it for HTTPS session. 527 528 @param[in, out] HttpInstance The HTTP instance private data. 529 530 @retval EFI_SUCCESS The prefered HTTP TLS CipherList is configured. 531 @retval EFI_NOT_FOUND Fail to get 'HttpTlsCipherList' variable. 532 @retval EFI_INVALID_PARAMETER The contents of variable are invalid. 533 @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources. 534 535 @retval Others Other error as indicated. 536 537 **/ 538 EFI_STATUS 539 TlsConfigCipherList ( 540 IN OUT HTTP_PROTOCOL *HttpInstance 541 ) 542 { 543 EFI_STATUS Status; 544 UINT8 *CipherList; 545 UINTN CipherListSize; 546 547 CipherList = NULL; 548 CipherListSize = 0; 549 550 // 551 // Try to read the HttpTlsCipherList variable. 552 // 553 Status = gRT->GetVariable ( 554 EDKII_HTTP_TLS_CIPHER_LIST_VARIABLE, 555 &gEdkiiHttpTlsCipherListGuid, 556 NULL, 557 &CipherListSize, 558 NULL 559 ); 560 ASSERT (EFI_ERROR (Status)); 561 if (Status != EFI_BUFFER_TOO_SMALL) { 562 return Status; 563 } 564 565 if (CipherListSize % sizeof (EFI_TLS_CIPHER) != 0) { 566 return EFI_INVALID_PARAMETER; 567 } 568 569 // 570 // Allocate buffer and read the config variable. 571 // 572 CipherList = AllocatePool (CipherListSize); 573 if (CipherList == NULL) { 574 return EFI_OUT_OF_RESOURCES; 575 } 576 577 Status = gRT->GetVariable ( 578 EDKII_HTTP_TLS_CIPHER_LIST_VARIABLE, 579 &gEdkiiHttpTlsCipherListGuid, 580 NULL, 581 &CipherListSize, 582 CipherList 583 ); 584 if (EFI_ERROR (Status)) { 585 // 586 // GetVariable still error or the variable is corrupted. 587 // 588 goto ON_EXIT; 589 } 590 591 ASSERT (CipherList != NULL); 592 593 Status = HttpInstance->Tls->SetSessionData ( 594 HttpInstance->Tls, 595 EfiTlsCipherList, 596 CipherList, 597 CipherListSize 598 ); 599 600 ON_EXIT: 601 FreePool (CipherList); 602 466 603 return Status; 467 604 } … … 523 660 ); 524 661 if (EFI_ERROR (Status)) { 662 return Status; 663 } 664 665 // 666 // Tls Cipher List 667 // 668 Status = TlsConfigCipherList (HttpInstance); 669 if (EFI_ERROR (Status) && Status != EFI_NOT_FOUND) { 670 DEBUG ((EFI_D_ERROR, "TlsConfigCipherList: return %r error.\n", Status)); 525 671 return Status; 526 672 } … … 862 1008 // Allocate buffer to receive one TLS header. 863 1009 // 864 Len = sizeof (TLS_RECORD_HEADER);1010 Len = TLS_RECORD_HEADER_LENGTH; 865 1011 PduHdr = NetbufAlloc (Len); 866 1012 if (PduHdr == NULL) { … … 1303 1449 @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure. 1304 1450 @param[in] Message Pointer to the message buffer needed to processed. 1451 If ProcessMode is EfiTlsEncrypt, the message contain the TLS 1452 header and plain text TLS APP payload. 1453 If ProcessMode is EfiTlsDecrypt, the message contain the TLS 1454 header and cipher text TLS APP payload. 1305 1455 @param[in] MessageSize Pointer to the message buffer size. 1306 1456 @param[in] ProcessMode Process mode. 1307 1457 @param[in, out] Fragment Only one Fragment returned after the Message is 1308 1458 processed successfully. 1459 If ProcessMode is EfiTlsEncrypt, the fragment contain the TLS 1460 header and cipher text TLS APP payload. 1461 If ProcessMode is EfiTlsDecrypt, the fragment contain the TLS 1462 header and plain text TLS APP payload. 1309 1463 1310 1464 @retval EFI_SUCCESS Message is processed successfully. … … 1409 1563 1410 1564 if (OriginalFragmentTable != NULL) { 1565 if( FragmentTable == OriginalFragmentTable) { 1566 FragmentTable = NULL; 1567 } 1411 1568 FreePool (OriginalFragmentTable); 1412 1569 OriginalFragmentTable = NULL; … … 1593 1750 } 1594 1751 1595 CopyMem (BufferIn, TempFragment.Bulk + sizeof (TLS_RECORD_HEADER), BufferInSize);1752 CopyMem (BufferIn, TempFragment.Bulk + TLS_RECORD_HEADER_LENGTH, BufferInSize); 1596 1753 1597 1754 //
Note:
See TracChangeset
for help on using the changeset viewer.
