Re: [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries


Wu, Jiaxin <jiaxin.wu@...>
 

Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com>

Best Regards!
Jiaxin

-----Original Message-----
From: Thomas Palmer [mailto:thomas.palmer@hpe.com]
Sent: Wednesday, August 3, 2016 5:34 AM
To: edk2-devel@lists.01.org
Cc: Wu, Jiaxin <jiaxin.wu@intel.com>; Long, Qin <qin.long@intel.com>;
joseph.shifflett@hpe.com; Thomas Palmer <thomas.palmer@hpe.com>
Subject: [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable
entries

The TlsCipherMappingTable will be used to control which ciphers UEFI
officially supports. When a user configures the ciphers, each cipher is
checked against this table and if not found is sent the EFI_UNSUPPORTED
error.

However, when an entry is present in TlsCipherMappingTable, but our library
does not have support for it, the user will not see any error if other ciphers
are being set at the same time.

This patch will remove entries from TlsLib's TlsCipherMappingTable that our
OpenSSL library is not configured to support. This restores behavior of
immediate feedback to user.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Thomas Palmer <thomas.palmer@hpe.com>
---
CryptoPkg/Library/TlsLib/TlsLib.c | 7 -------
1 file changed, 7 deletions(-)

diff --git a/CryptoPkg/Library/TlsLib/TlsLib.c
b/CryptoPkg/Library/TlsLib/TlsLib.c
index 1f3554a..aa08595 100644
--- a/CryptoPkg/Library/TlsLib/TlsLib.c
+++ b/CryptoPkg/Library/TlsLib/TlsLib.c
@@ -57,31 +57,24 @@ STATIC CONST TLS_CIPHER_PAIR
TlsCipherMappingTable[] = {
{ 0x0002, "NULL-SHA" }, /// TLS_RSA_WITH_NULL_SHA
{ 0x0004, "RC4-MD5" }, /// TLS_RSA_WITH_RC4_128_MD5
{ 0x0005, "RC4-SHA" }, /// TLS_RSA_WITH_RC4_128_SHA
- { 0x0007, "IDEA-CBC-SHA" }, /// TLS_RSA_WITH_IDEA_CBC_SHA
- { 0x0009, "DES-CBC-SHA" }, /// TLS_RSA_WITH_DES_CBC_SHA
{ 0x000A, "DES-CBC3-SHA" }, /// TLS_RSA_WITH_3DES_EDE_CBC_SHA,
mandatory TLS 1.1
- { 0x0013, "DHE-DSS-DES-CBC3-SHA" }, ///
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.0
{ 0x0016, "DHE-RSA-DES-CBC3-SHA" }, ///
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
{ 0x002F, "AES128-SHA" }, /// TLS_RSA_WITH_AES_128_CBC_SHA,
mandatory TLS 1.2
{ 0x0030, "DH-DSS-AES128-SHA" }, ///
TLS_DH_DSS_WITH_AES_128_CBC_SHA
{ 0x0031, "DH-RSA-AES128-SHA" }, ///
TLS_DH_RSA_WITH_AES_128_CBC_SHA
- { 0x0032, "DHE-DSS-AES128-SHA" }, ///
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
{ 0x0033, "DHE-RSA-AES128-SHA" }, ///
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
{ 0x0035, "AES256-SHA" }, /// TLS_RSA_WITH_AES_256_CBC_SHA
{ 0x0036, "DH-DSS-AES256-SHA" }, ///
TLS_DH_DSS_WITH_AES_256_CBC_SHA
{ 0x0037, "DH-RSA-AES256-SHA" }, ///
TLS_DH_RSA_WITH_AES_256_CBC_SHA
- { 0x0038, "DHE-DSS-AES256-SHA" }, ///
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
{ 0x0039, "DHE-RSA-AES256-SHA" }, ///
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
{ 0x003B, "NULL-SHA256" }, /// TLS_RSA_WITH_NULL_SHA256
{ 0x003C, "AES128-SHA256" }, ///
TLS_RSA_WITH_AES_128_CBC_SHA256
{ 0x003D, "AES256-SHA256" }, ///
TLS_RSA_WITH_AES_256_CBC_SHA256
{ 0x003E, "DH-DSS-AES128-SHA256" }, ///
TLS_DH_DSS_WITH_AES_128_CBC_SHA256
{ 0x003F, "DH-RSA-AES128-SHA256" }, ///
TLS_DH_RSA_WITH_AES_128_CBC_SHA256
- { 0x0040, "DHE-DSS-AES128-SHA256" }, ///
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
{ 0x0067, "DHE-RSA-AES128-SHA256" }, ///
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
{ 0x0068, "DH-DSS-AES256-SHA256" }, ///
TLS_DH_DSS_WITH_AES_256_CBC_SHA256
{ 0x0069, "DH-RSA-AES256-SHA256" }, ///
TLS_DH_RSA_WITH_AES_256_CBC_SHA256
- { 0x006A, "DHE-DSS-AES256-SHA256" }, ///
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
{ 0x006B, "DHE-RSA-AES256-SHA256" } ///
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
};

--
1.9.1

Join devel@edk2.groups.io to automatically receive all group messages.