Reviewed by Thomas Palmer <thomas.pal...@hpe.com> Sorry, I still have your other patches to look at. Will find time this week hopefully
-----Original Message----- From: Jiaxin Wu [mailto:jiaxin...@intel.com] Sent: Wednesday, July 20, 2016 12:01 AM To: edk2-devel@lists.01.org Cc: Long Qin <qin.l...@intel.com>; Ye Ting <ting...@intel.com>; Palmer, Thomas <thomas.pal...@hpe.com> Subject: [staging/HTTPS-TLS][PATCH] CryptoPkg: Multiple bugs fix in TlsLib This path made the following update: * Fix X64 build error * Correct and refine Set/Get compression method * Fix GetHostPublicCert() failure Cc: Long Qin <qin.l...@intel.com> Cc: Ye Ting <ting...@intel.com> Cc: Palmer Thomas <thomas.pal...@hpe.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin...@intel.com> --- CryptoPkg/Include/Library/TlsLib.h | 2 +- CryptoPkg/Library/TlsLib/TlsLib.c | 26 +++++++++++++++----------- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/CryptoPkg/Include/Library/TlsLib.h b/CryptoPkg/Include/Library/TlsLib.h index d62375b..e0c1b25 100644 --- a/CryptoPkg/Include/Library/TlsLib.h +++ b/CryptoPkg/Include/Library/TlsLib.h @@ -500,11 +500,11 @@ TlsGetCurrentCipher ( @param[in,out] CompressionId The current compression method used by the TLS object. @retval EFI_SUCCESS The compression method was returned successfully. @retval EFI_INVALID_PARAMETER The parameter is invalid. - @retval EFI_UNSUPPORTED Unsupported compression method. + @retval EFI_ABORTED Invalid Compression method. **/ EFI_STATUS EFIAPI TlsGetCurrentCompressionId ( diff --git a/CryptoPkg/Library/TlsLib/TlsLib.c b/CryptoPkg/Library/TlsLib/TlsLib.c index d9267f4..1f3554a 100644 --- a/CryptoPkg/Library/TlsLib/TlsLib.c +++ b/CryptoPkg/Library/TlsLib/TlsLib.c @@ -671,11 +671,11 @@ TlsDoHandshake ( PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio); } } if (Ret < 1) { - Ret = SSL_get_error (TlsConn->Ssl, Ret); + Ret = SSL_get_error (TlsConn->Ssl, (int) Ret); if (Ret == SSL_ERROR_SSL || Ret == SSL_ERROR_SYSCALL || Ret == SSL_ERROR_ZERO_RETURN) { DEBUG (( DEBUG_ERROR, @@ -1055,11 +1055,16 @@ TlsSetCompressionMethod ( Cm = NULL; Ret = 0; if (CompMethod == 0) { - Cm = NULL; + // + // TLS defines one standard compression method, CompressionMethod.null (0), + // which specifies that data exchanged via the record protocol will not be compressed. + // So, return EFI_SUCCESS directly (RFC 3749). + // + return EFI_SUCCESS; } else if (CompMethod == 1) { Cm = COMP_zlib(); } else { return EFI_UNSUPPORTED; } @@ -1067,11 +1072,11 @@ TlsSetCompressionMethod ( // // Adds the compression method to the list of available // compression methods. // Ret = SSL_COMP_add_compression_method (CompMethod, Cm); - if (Ret != 1) { + if (Ret != 0) { return EFI_UNSUPPORTED; } return EFI_SUCCESS; } @@ -1252,11 +1257,11 @@ TlsGetCurrentCipher ( @param[in,out] CompressionId The current compression method used by the TLS object. @retval EFI_SUCCESS The compression method was returned successfully. @retval EFI_INVALID_PARAMETER The parameter is invalid. - @retval EFI_UNSUPPORTED Unsupported compression method. + @retval EFI_ABORTED Invalid Compression method. **/ EFI_STATUS EFIAPI TlsGetCurrentCompressionId ( @@ -1279,17 +1284,16 @@ TlsGetCurrentCompressionId ( if (TlsConn == NULL || TlsConn->Ssl == NULL || CompressionId == NULL) { return EFI_INVALID_PARAMETER; } StackSslComp = SSL_COMP_get_compression_methods (); - if (StackSslComp == NULL) { - return EFI_UNSUPPORTED; - } CompMethod = SSL_get_current_compression (TlsConn->Ssl); - if (CompMethod == NULL) { - return EFI_UNSUPPORTED; + + if (StackSslComp == NULL || CompMethod == NULL) { + *CompressionId = 0; + return EFI_SUCCESS; } for (Index = 0; Index < (UINTN) sk_SSL_COMP_num (StackSslComp); Index++) { SslComp = sk_SSL_COMP_value (StackSslComp, (int) Index); if (AsciiStrCmp (SSL_COMP_get_name (CompMethod), SslComp->name) == 0) { @@ -1298,11 +1302,11 @@ TlsGetCurrentCompressionId ( SslComp = NULL; } if (SslComp == NULL) { - return EFI_UNSUPPORTED; + return EFI_ABORTED; } *CompressionId = (UINT8) (SslComp->id); return EFI_SUCCESS; @@ -1792,11 +1796,11 @@ TlsGetHostPublicCert ( if (*DataSize < (UINTN) i2d_X509 (Cert, NULL)) { *DataSize = (UINTN) i2d_X509 (Cert, NULL); return EFI_BUFFER_TOO_SMALL; } - i2d_X509 (Cert, Data); + *DataSize = (UINTN) i2d_X509 (Cert, (unsigned char **) &Data); return Status; } /** -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel