Re: [edk2] [Patch 3/3] NetworkPkg/HttpDxe: Handle the large data request via HTTPS channel.
Reviewed-by: Karunakar p-Original Message- From: Jiaxin Wu [mailto:jiaxin...@intel.com] Sent: Tuesday, March 20, 2018 6:07 AM To: edk2-devel@lists.01.org Cc: Karunakar P; Fu Siyuan; Ye Ting Subject: [Patch 3/3] NetworkPkg/HttpDxe: Handle the large data request via HTTPS channel. Cc: Karunakar P Cc: Fu Siyuan Cc: Ye Ting Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu --- NetworkPkg/HttpDxe/HttpProto.c| 121 +++--- NetworkPkg/HttpDxe/HttpsSupport.c | 17 +- NetworkPkg/HttpDxe/HttpsSupport.h | 12 +++- 3 files changed, 111 insertions(+), 39 deletions(-) diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c index d7fe271168..35c4a166c4 100644 --- a/NetworkPkg/HttpDxe/HttpProto.c +++ b/NetworkPkg/HttpDxe/HttpProto.c @@ -1,9 +1,9 @@ /** @file Miscellaneous routines for HttpDxe driver. -Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved. +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved. (C) Copyright 2016 Hewlett Packard Enterprise Development LP This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php @@ -1474,64 +1474,101 @@ HttpTransmitTcp ( EFI_STATUSStatus; EFI_TCP4_IO_TOKEN *Tx4Token; EFI_TCP4_PROTOCOL *Tcp4; EFI_TCP6_IO_TOKEN *Tx6Token; EFI_TCP6_PROTOCOL *Tcp6; - UINT8 *Buffer; - UINTN BufferSize; + UINT8 *TlsRecord; + UINT16PayloadSize; NET_FRAGMENT TempFragment; + NET_FRAGMENT Fragment; + UINTN RecordCount; + UINTN RemainingLen; Status= EFI_SUCCESS; - Buffer= NULL; + TlsRecord = NULL; + PayloadSize = 0; TempFragment.Len = 0; TempFragment.Bulk = NULL; + Fragment.Len = 0; + Fragment.Bulk = NULL; + RecordCount = 0; + RemainingLen = 0; // // Need to encrypt data. // if (HttpInstance->UseHttps) { // -// Build BufferOut data +// Allocate enough buffer for each TLS plaintext records. // -BufferSize = sizeof (TLS_RECORD_HEADER) + TxStringLen; -Buffer = AllocateZeroPool (BufferSize); -if (Buffer == NULL) { +TlsRecord = AllocateZeroPool (TLS_RECORD_HEADER_LENGTH + TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH); +if (TlsRecord == NULL) { Status = EFI_OUT_OF_RESOURCES; return Status; } -((TLS_RECORD_HEADER *) Buffer)->ContentType = TlsContentTypeApplicationData; -((TLS_RECORD_HEADER *) Buffer)->Version.Major = HttpInstance->TlsConfigData.Version.Major; -((TLS_RECORD_HEADER *) Buffer)->Version.Minor = HttpInstance->TlsConfigData.Version.Minor; -((TLS_RECORD_HEADER *) Buffer)->Length = (UINT16) (TxStringLen); -CopyMem (Buffer + sizeof (TLS_RECORD_HEADER), TxString, TxStringLen); - + // -// Encrypt Packet. +// Allocate enough buffer for all TLS ciphertext records. // -Status = TlsProcessMessage ( - HttpInstance, - Buffer, - BufferSize, - EfiTlsEncrypt, - - ); - -FreePool (Buffer); +RecordCount = TxStringLen / TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH + 1; +Fragment.Bulk = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH)); +if (Fragment.Bulk == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_ERROR; +} -if (EFI_ERROR (Status)) { - return Status; +// +// Encrypt each TLS plaintext records. +// +RemainingLen = TxStringLen; +while (RemainingLen != 0) { + PayloadSize = (UINT16) MIN + (TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH, RemainingLen); + + ((TLS_RECORD_HEADER *) TlsRecord)->ContentType = TlsContentTypeApplicationData; + ((TLS_RECORD_HEADER *) TlsRecord)->Version.Major = HttpInstance->TlsConfigData.Version.Major; + ((TLS_RECORD_HEADER *) TlsRecord)->Version.Minor = HttpInstance->TlsConfigData.Version.Minor; + ((TLS_RECORD_HEADER *) TlsRecord)->Length = PayloadSize; + + CopyMem (TlsRecord + TLS_RECORD_HEADER_LENGTH, TxString + + (TxStringLen - RemainingLen), PayloadSize); + + Status = TlsProcessMessage ( + HttpInstance, + TlsRecord, + TLS_RECORD_HEADER_LENGTH + PayloadSize, + EfiTlsEncrypt, + +
[edk2] [Patch 3/3] NetworkPkg/HttpDxe: Handle the large data request via HTTPS channel.
Cc: Karunakar PCc: Fu Siyuan Cc: Ye Ting Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu --- NetworkPkg/HttpDxe/HttpProto.c| 121 +++--- NetworkPkg/HttpDxe/HttpsSupport.c | 17 +- NetworkPkg/HttpDxe/HttpsSupport.h | 12 +++- 3 files changed, 111 insertions(+), 39 deletions(-) diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c index d7fe271168..35c4a166c4 100644 --- a/NetworkPkg/HttpDxe/HttpProto.c +++ b/NetworkPkg/HttpDxe/HttpProto.c @@ -1,9 +1,9 @@ /** @file Miscellaneous routines for HttpDxe driver. -Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved. +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved. (C) Copyright 2016 Hewlett Packard Enterprise Development LP This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php @@ -1474,64 +1474,101 @@ HttpTransmitTcp ( EFI_STATUSStatus; EFI_TCP4_IO_TOKEN *Tx4Token; EFI_TCP4_PROTOCOL *Tcp4; EFI_TCP6_IO_TOKEN *Tx6Token; EFI_TCP6_PROTOCOL *Tcp6; - UINT8 *Buffer; - UINTN BufferSize; + UINT8 *TlsRecord; + UINT16PayloadSize; NET_FRAGMENT TempFragment; + NET_FRAGMENT Fragment; + UINTN RecordCount; + UINTN RemainingLen; Status= EFI_SUCCESS; - Buffer= NULL; + TlsRecord = NULL; + PayloadSize = 0; TempFragment.Len = 0; TempFragment.Bulk = NULL; + Fragment.Len = 0; + Fragment.Bulk = NULL; + RecordCount = 0; + RemainingLen = 0; // // Need to encrypt data. // if (HttpInstance->UseHttps) { // -// Build BufferOut data +// Allocate enough buffer for each TLS plaintext records. // -BufferSize = sizeof (TLS_RECORD_HEADER) + TxStringLen; -Buffer = AllocateZeroPool (BufferSize); -if (Buffer == NULL) { +TlsRecord = AllocateZeroPool (TLS_RECORD_HEADER_LENGTH + TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH); +if (TlsRecord == NULL) { Status = EFI_OUT_OF_RESOURCES; return Status; } -((TLS_RECORD_HEADER *) Buffer)->ContentType = TlsContentTypeApplicationData; -((TLS_RECORD_HEADER *) Buffer)->Version.Major = HttpInstance->TlsConfigData.Version.Major; -((TLS_RECORD_HEADER *) Buffer)->Version.Minor = HttpInstance->TlsConfigData.Version.Minor; -((TLS_RECORD_HEADER *) Buffer)->Length = (UINT16) (TxStringLen); -CopyMem (Buffer + sizeof (TLS_RECORD_HEADER), TxString, TxStringLen); - + // -// Encrypt Packet. +// Allocate enough buffer for all TLS ciphertext records. // -Status = TlsProcessMessage ( - HttpInstance, - Buffer, - BufferSize, - EfiTlsEncrypt, - - ); - -FreePool (Buffer); +RecordCount = TxStringLen / TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH + 1; +Fragment.Bulk = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH)); +if (Fragment.Bulk == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_ERROR; +} -if (EFI_ERROR (Status)) { - return Status; +// +// Encrypt each TLS plaintext records. +// +RemainingLen = TxStringLen; +while (RemainingLen != 0) { + PayloadSize = (UINT16) MIN (TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH, RemainingLen); + + ((TLS_RECORD_HEADER *) TlsRecord)->ContentType = TlsContentTypeApplicationData; + ((TLS_RECORD_HEADER *) TlsRecord)->Version.Major = HttpInstance->TlsConfigData.Version.Major; + ((TLS_RECORD_HEADER *) TlsRecord)->Version.Minor = HttpInstance->TlsConfigData.Version.Minor; + ((TLS_RECORD_HEADER *) TlsRecord)->Length = PayloadSize; + + CopyMem (TlsRecord + TLS_RECORD_HEADER_LENGTH, TxString + (TxStringLen - RemainingLen), PayloadSize); + + Status = TlsProcessMessage ( + HttpInstance, + TlsRecord, + TLS_RECORD_HEADER_LENGTH + PayloadSize, + EfiTlsEncrypt, + + ); + if (EFI_ERROR (Status)) { +goto ON_ERROR; + } + + // + // Record the processed/encrypted Packet. + // + CopyMem (Fragment.Bulk + Fragment.Len, TempFragment.Bulk, TempFragment.Len); + Fragment.Len += TempFragment.Len; + + FreePool (TempFragment.Bulk); +