Re: [edk2] [Patch 2/2] NetworkPkg: Read TlsCipherList variable and configure it for HTTPS session.

[Wu, Jiaxin]

Thanks Laszlo, I will integrate your comments into the new patch.

Best Regards!
Jiaxin 

> -Original Message-
> From: Laszlo Ersek [mailto:ler...@redhat.com]
> Sent: Friday, February 9, 2018 6:16 PM
> To: Wu, Jiaxin ; edk2-devel@lists.01.org
> Cc: Kinney, Michael D ; Zimmer, Vincent
> ; Yao, Jiewen ; Ye,
> Ting ; Fu, Siyuan 
> Subject: Re: [Patch 2/2] NetworkPkg: Read TlsCipherList variable and
> configure it for HTTPS session.
> 
> On 02/09/18 04:59, Jiaxin Wu wrote:
> > This patch is to read the TlsCipherList variable and configure it for the
> > later HTTPS session.
> >
> > If the variable is not set by any platform, EFI_NOT_FOUND will be returned
> > from GetVariable service. In such a case, the default CipherList created in
> > TlsDxe driver will be used.
> >
> > Cc: Laszlo Ersek 
> > Cc: Kinney Michael D 
> > Cc: Zimmer Vincent 
> > Cc: Yao Jiewen 
> > Cc: Ye Ting 
> > Cc: Fu Siyuan 
> > Contributed-under: TianoCore Contribution Agreement 1.0
> > Signed-off-by: Wu Jiaxin 
> > ---
> >  NetworkPkg/HttpDxe/HttpDriver.h   |  3 +-
> >  NetworkPkg/HttpDxe/HttpDxe.inf|  3 +-
> >  NetworkPkg/HttpDxe/HttpsSupport.c | 92
> ++-
> >  3 files changed, 95 insertions(+), 3 deletions(-)
> >
> > diff --git a/NetworkPkg/HttpDxe/HttpDriver.h
> b/NetworkPkg/HttpDxe/HttpDriver.h
> > index 93a412a..eba7d32 100644
> > --- a/NetworkPkg/HttpDxe/HttpDriver.h
> > +++ b/NetworkPkg/HttpDxe/HttpDriver.h
> > @@ -1,9 +1,9 @@
> >  /** @file
> >The header files of the driver binding and service binding protocol for
> HttpDxe driver.
> >
> > -  Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
> > +  Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
> >(C) Copyright 2016 Hewlett Packard Enterprise Development LP
> >
> >This program and the accompanying materials
> >are licensed and made available under the terms and conditions of the
> BSD License
> >which accompanies this distribution.  The full text of the license may be
> found at
> > @@ -59,10 +59,11 @@
> >  // Produced Protocols
> >  //
> >  #include 
> >
> >  #include 
> > +#include 
> >
> >  #include 
> >
> >  //
> >  // Driver Version
> > diff --git a/NetworkPkg/HttpDxe/HttpDxe.inf
> b/NetworkPkg/HttpDxe/HttpDxe.inf
> > index 20075f5..b1d7bd2 100644
> > --- a/NetworkPkg/HttpDxe/HttpDxe.inf
> > +++ b/NetworkPkg/HttpDxe/HttpDxe.inf
> > @@ -1,9 +1,9 @@
> >  ## @file
> >  #  Implementation of EFI HTTP protocol interfaces.
> >  #
> > -#  Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
> > +#  Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
> >  #
> >  #  This program and the accompanying materials
> >  #  are licensed and made available under the terms and conditions of the
> BSD License
> >  #  which accompanies this distribution. The full text of the license may be
> found at
> >  #  http://opensource.org/licenses/bsd-license.php.
> > @@ -72,10 +72,11 @@
> >gEfiTlsProtocolGuid  ## SOMETIMES_CONSUMES
> >gEfiTlsConfigurationProtocolGuid ## SOMETIMES_CONSUMES
> >
> >  [Guids]
> >gEfiTlsCaCertificateGuid ## SOMETIMES_CONSUMES  
> > ##
> Variable:L"TlsCaCertificate"
> > +  gTlsCipherListGuid   ## SOMETIMES_CONSUMES  
> > ##
> Variable:L"TlsCipherList"
> >
> >  [Pcd]
> >gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections   ##
> CONSUMES
> >gEfiNetworkPkgTokenSpaceGuid.PcdHttpsAuthenticationMode##
> SOMETIMES_CONSUMES
> >gEfiNetworkPkgTokenSpaceGuid.PcdHttpsHostPublicCert##
> SOMETIMES_CONSUMES
> > diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c
> b/NetworkPkg/HttpDxe/HttpsSupport.c
> > index 288082a..62cb867 100644
> > --- a/NetworkPkg/HttpDxe/HttpsSupport.c
> > +++ b/NetworkPkg/HttpDxe/HttpsSupport.c
> > @@ -1,9 +1,9 @@
> >  /** @file
> >Miscellaneous routines specific to Https for HttpDxe driver.
> >
> > -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
> > +Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
> >  (C) Copyright 2016 Hewlett Packard Enterprise Development LP
> >  This program and the accompanying materials
> >  are licensed and made available under the terms and conditions of the BSD
> License
> >  which accompanies this distribution.  The full text of the license may be
> found at
> >  http://opensource.org/licenses/bsd-license.php
> > @@ -492,10 +492,91 @@ TlsConfigCertificate (
> >
> >return Status;
> >  }
> >
> >  /**
> > +  Read the TlsCipherList variable and configure it for HTTPS session.
> > +
> > +  @param[in, out]  HttpInstance   The HTTP instance 

Re: [edk2] [Patch 2/2] NetworkPkg: Read TlsCipherList variable and configure it for HTTPS session.

[Laszlo Ersek]

On 02/09/18 04:59, Jiaxin Wu wrote:
> This patch is to read the TlsCipherList variable and configure it for the
> later HTTPS session.
> 
> If the variable is not set by any platform, EFI_NOT_FOUND will be returned
> from GetVariable service. In such a case, the default CipherList created in
> TlsDxe driver will be used.
> 
> Cc: Laszlo Ersek 
> Cc: Kinney Michael D 
> Cc: Zimmer Vincent 
> Cc: Yao Jiewen 
> Cc: Ye Ting 
> Cc: Fu Siyuan 
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Wu Jiaxin 
> ---
>  NetworkPkg/HttpDxe/HttpDriver.h   |  3 +-
>  NetworkPkg/HttpDxe/HttpDxe.inf|  3 +-
>  NetworkPkg/HttpDxe/HttpsSupport.c | 92 
> ++-
>  3 files changed, 95 insertions(+), 3 deletions(-)
> 
> diff --git a/NetworkPkg/HttpDxe/HttpDriver.h b/NetworkPkg/HttpDxe/HttpDriver.h
> index 93a412a..eba7d32 100644
> --- a/NetworkPkg/HttpDxe/HttpDriver.h
> +++ b/NetworkPkg/HttpDxe/HttpDriver.h
> @@ -1,9 +1,9 @@
>  /** @file
>The header files of the driver binding and service binding protocol for 
> HttpDxe driver.
>  
> -  Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
> +  Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
>(C) Copyright 2016 Hewlett Packard Enterprise Development LP
>  
>This program and the accompanying materials
>are licensed and made available under the terms and conditions of the BSD 
> License
>which accompanies this distribution.  The full text of the license may be 
> found at
> @@ -59,10 +59,11 @@
>  // Produced Protocols
>  //
>  #include 
>  
>  #include 
> +#include 
>  
>  #include 
>  
>  //
>  // Driver Version
> diff --git a/NetworkPkg/HttpDxe/HttpDxe.inf b/NetworkPkg/HttpDxe/HttpDxe.inf
> index 20075f5..b1d7bd2 100644
> --- a/NetworkPkg/HttpDxe/HttpDxe.inf
> +++ b/NetworkPkg/HttpDxe/HttpDxe.inf
> @@ -1,9 +1,9 @@
>  ## @file
>  #  Implementation of EFI HTTP protocol interfaces.
>  #
> -#  Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
> +#  Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
>  #
>  #  This program and the accompanying materials
>  #  are licensed and made available under the terms and conditions of the BSD 
> License
>  #  which accompanies this distribution. The full text of the license may be 
> found at
>  #  http://opensource.org/licenses/bsd-license.php.
> @@ -72,10 +72,11 @@
>gEfiTlsProtocolGuid  ## SOMETIMES_CONSUMES
>gEfiTlsConfigurationProtocolGuid ## SOMETIMES_CONSUMES
>  
>  [Guids]
>gEfiTlsCaCertificateGuid ## SOMETIMES_CONSUMES  ## 
> Variable:L"TlsCaCertificate"
> +  gTlsCipherListGuid   ## SOMETIMES_CONSUMES  ## 
> Variable:L"TlsCipherList"
>  
>  [Pcd]
>gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections   ## CONSUMES
>gEfiNetworkPkgTokenSpaceGuid.PcdHttpsAuthenticationMode## 
> SOMETIMES_CONSUMES
>gEfiNetworkPkgTokenSpaceGuid.PcdHttpsHostPublicCert## 
> SOMETIMES_CONSUMES
> diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c 
> b/NetworkPkg/HttpDxe/HttpsSupport.c
> index 288082a..62cb867 100644
> --- a/NetworkPkg/HttpDxe/HttpsSupport.c
> +++ b/NetworkPkg/HttpDxe/HttpsSupport.c
> @@ -1,9 +1,9 @@
>  /** @file
>Miscellaneous routines specific to Https for HttpDxe driver.
>  
> -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
> +Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
>  (C) Copyright 2016 Hewlett Packard Enterprise Development LP
>  This program and the accompanying materials
>  are licensed and made available under the terms and conditions of the BSD 
> License
>  which accompanies this distribution.  The full text of the license may be 
> found at
>  http://opensource.org/licenses/bsd-license.php
> @@ -492,10 +492,91 @@ TlsConfigCertificate (
>
>return Status;
>  }
>  
>  /**
> +  Read the TlsCipherList variable and configure it for HTTPS session.
> +
> +  @param[in, out]  HttpInstance   The HTTP instance private data.
> +
> +  @retval EFI_SUCCESSThe prefered TLS CipherList is configured.
> +  @retval EFI_NOT_FOUND  Fail to get 'TlsCipherList' variable.
> +  @retval EFI_INVALID_PARAMETER  The contents of variable are invalid.
> +  @retval EFI_OUT_OF_RESOURCES   Can't allocate memory resources.
> +
> +  @retval Others Other error as indicated.
> +
> +**/
> +EFI_STATUS
> +TlsConfigCipherList (
> +  IN OUT HTTP_PROTOCOL  *HttpInstance
> +  )
> +{
> +  EFI_STATUS  Status;
> +  UINT8   *CipherList;
> +  UINTN   CipherListSize;
> +
> +  CipherList = NULL;
> +  CipherListSize = 0;
> +
> +  //
> +  // Try to read the TlsCipherList variable.
> +  //
> +  Status  = gRT->GetVariable (
> + 

[edk2] [Patch 2/2] NetworkPkg: Read TlsCipherList variable and configure it for HTTPS session.

[Jiaxin Wu]

This patch is to read the TlsCipherList variable and configure it for the
later HTTPS session.

If the variable is not set by any platform, EFI_NOT_FOUND will be returned
from GetVariable service. In such a case, the default CipherList created in
TlsDxe driver will be used.

Cc: Laszlo Ersek 
Cc: Kinney Michael D 
Cc: Zimmer Vincent 
Cc: Yao Jiewen 
Cc: Ye Ting 
Cc: Fu Siyuan 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin 
---
 NetworkPkg/HttpDxe/HttpDriver.h   |  3 +-
 NetworkPkg/HttpDxe/HttpDxe.inf|  3 +-
 NetworkPkg/HttpDxe/HttpsSupport.c | 92 ++-
 3 files changed, 95 insertions(+), 3 deletions(-)

diff --git a/NetworkPkg/HttpDxe/HttpDriver.h b/NetworkPkg/HttpDxe/HttpDriver.h
index 93a412a..eba7d32 100644
--- a/NetworkPkg/HttpDxe/HttpDriver.h
+++ b/NetworkPkg/HttpDxe/HttpDriver.h
@@ -1,9 +1,9 @@
 /** @file
   The header files of the driver binding and service binding protocol for 
HttpDxe driver.
 
-  Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+  Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
   (C) Copyright 2016 Hewlett Packard Enterprise Development LP
 
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD 
License
   which accompanies this distribution.  The full text of the license may be 
found at
@@ -59,10 +59,11 @@
 // Produced Protocols
 //
 #include 
 
 #include 
+#include 
 
 #include 
 
 //
 // Driver Version
diff --git a/NetworkPkg/HttpDxe/HttpDxe.inf b/NetworkPkg/HttpDxe/HttpDxe.inf
index 20075f5..b1d7bd2 100644
--- a/NetworkPkg/HttpDxe/HttpDxe.inf
+++ b/NetworkPkg/HttpDxe/HttpDxe.inf
@@ -1,9 +1,9 @@
 ## @file
 #  Implementation of EFI HTTP protocol interfaces.
 #
-#  Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
+#  Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
 #
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD 
License
 #  which accompanies this distribution. The full text of the license may be 
found at
 #  http://opensource.org/licenses/bsd-license.php.
@@ -72,10 +72,11 @@
   gEfiTlsProtocolGuid  ## SOMETIMES_CONSUMES
   gEfiTlsConfigurationProtocolGuid ## SOMETIMES_CONSUMES
 
 [Guids]
   gEfiTlsCaCertificateGuid ## SOMETIMES_CONSUMES  ## 
Variable:L"TlsCaCertificate"
+  gTlsCipherListGuid   ## SOMETIMES_CONSUMES  ## 
Variable:L"TlsCipherList"
 
 [Pcd]
   gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections   ## CONSUMES
   gEfiNetworkPkgTokenSpaceGuid.PcdHttpsAuthenticationMode## 
SOMETIMES_CONSUMES
   gEfiNetworkPkgTokenSpaceGuid.PcdHttpsHostPublicCert## 
SOMETIMES_CONSUMES
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c 
b/NetworkPkg/HttpDxe/HttpsSupport.c
index 288082a..62cb867 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -1,9 +1,9 @@
 /** @file
   Miscellaneous routines specific to Https for HttpDxe driver.
 
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
 (C) Copyright 2016 Hewlett Packard Enterprise Development LP
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD 
License
 which accompanies this distribution.  The full text of the license may be 
found at
 http://opensource.org/licenses/bsd-license.php
@@ -492,10 +492,91 @@ TlsConfigCertificate (
   
   return Status;
 }
 
 /**
+  Read the TlsCipherList variable and configure it for HTTPS session.
+
+  @param[in, out]  HttpInstance   The HTTP instance private data.
+
+  @retval EFI_SUCCESSThe prefered TLS CipherList is configured.
+  @retval EFI_NOT_FOUND  Fail to get 'TlsCipherList' variable.
+  @retval EFI_INVALID_PARAMETER  The contents of variable are invalid.
+  @retval EFI_OUT_OF_RESOURCES   Can't allocate memory resources.
+
+  @retval Others Other error as indicated.
+
+**/
+EFI_STATUS
+TlsConfigCipherList (
+  IN OUT HTTP_PROTOCOL  *HttpInstance
+  )
+{
+  EFI_STATUS  Status;
+  UINT8   *CipherList;
+  UINTN   CipherListSize;
+
+  CipherList = NULL;
+  CipherListSize = 0;
+
+  //
+  // Try to read the TlsCipherList variable.
+  //
+  Status  = gRT->GetVariable (
+   EDKII_TLS_CIPHER_LIST_VARIABLE,
+   ,
+   NULL,
+   ,
+   NULL
+   );
+
+  if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
+return Status;
+  }
+
+  if (CipherListSize % sizeof (EFI_TLS_CIPHER) != 0) {