[PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: Thomas Palmer <thomas.palmer@hpe.com>
To: edk2-devel@lists.01.org
Cc: jiaxin.wu@intel.com, qin.long@intel.com,
	joseph.shifflett@hpe.com, Thomas Palmer <thomas.palmer@hpe.com>
Subject: [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries
Date: Tue,  2 Aug 2016 16:33:45 -0500	[thread overview]
Message-ID: <1470173625-16393-1-git-send-email-thomas.palmer@hpe.com> (raw)

The TlsCipherMappingTable will be used to control which ciphers UEFI
officially supports. When a user configures the ciphers, each cipher
is checked against this table and if not found is sent the
EFI_UNSUPPORTED error.

However, when an entry is present in TlsCipherMappingTable, but our
library does not have support for it, the user will not see any
error if other ciphers are being set at the same time.

This patch will remove entries from TlsLib's TlsCipherMappingTable
that our OpenSSL library is not configured to support. This restores
behavior of immediate feedback to user.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Thomas Palmer <thomas.palmer@hpe.com>
---
 CryptoPkg/Library/TlsLib/TlsLib.c | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/CryptoPkg/Library/TlsLib/TlsLib.c b/CryptoPkg/Library/TlsLib/TlsLib.c
index 1f3554a..aa08595 100644
--- a/CryptoPkg/Library/TlsLib/TlsLib.c
+++ b/CryptoPkg/Library/TlsLib/TlsLib.c
@@ -57,31 +57,24 @@ STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = {
   { 0x0002, "NULL-SHA" },                 /// TLS_RSA_WITH_NULL_SHA
   { 0x0004, "RC4-MD5" },                  /// TLS_RSA_WITH_RC4_128_MD5
   { 0x0005, "RC4-SHA" },                  /// TLS_RSA_WITH_RC4_128_SHA
-  { 0x0007, "IDEA-CBC-SHA" },             /// TLS_RSA_WITH_IDEA_CBC_SHA
-  { 0x0009, "DES-CBC-SHA" },              /// TLS_RSA_WITH_DES_CBC_SHA
   { 0x000A, "DES-CBC3-SHA" },             /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1
-  { 0x0013, "DHE-DSS-DES-CBC3-SHA" },     /// TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.0
   { 0x0016, "DHE-RSA-DES-CBC3-SHA" },     /// TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
   { 0x002F, "AES128-SHA" },               /// TLS_RSA_WITH_AES_128_CBC_SHA, mandatory TLS 1.2
   { 0x0030, "DH-DSS-AES128-SHA" },        /// TLS_DH_DSS_WITH_AES_128_CBC_SHA
   { 0x0031, "DH-RSA-AES128-SHA" },        /// TLS_DH_RSA_WITH_AES_128_CBC_SHA
-  { 0x0032, "DHE-DSS-AES128-SHA" },       /// TLS_DHE_DSS_WITH_AES_128_CBC_SHA
   { 0x0033, "DHE-RSA-AES128-SHA" },       /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA
   { 0x0035, "AES256-SHA" },               /// TLS_RSA_WITH_AES_256_CBC_SHA
   { 0x0036, "DH-DSS-AES256-SHA" },        /// TLS_DH_DSS_WITH_AES_256_CBC_SHA
   { 0x0037, "DH-RSA-AES256-SHA" },        /// TLS_DH_RSA_WITH_AES_256_CBC_SHA
-  { 0x0038, "DHE-DSS-AES256-SHA" },       /// TLS_DHE_DSS_WITH_AES_256_CBC_SHA
   { 0x0039, "DHE-RSA-AES256-SHA" },       /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA
   { 0x003B, "NULL-SHA256" },              /// TLS_RSA_WITH_NULL_SHA256
   { 0x003C, "AES128-SHA256" },            /// TLS_RSA_WITH_AES_128_CBC_SHA256
   { 0x003D, "AES256-SHA256" },            /// TLS_RSA_WITH_AES_256_CBC_SHA256
   { 0x003E, "DH-DSS-AES128-SHA256" },     /// TLS_DH_DSS_WITH_AES_128_CBC_SHA256
   { 0x003F, "DH-RSA-AES128-SHA256" },     /// TLS_DH_RSA_WITH_AES_128_CBC_SHA256
-  { 0x0040, "DHE-DSS-AES128-SHA256" },    /// TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
   { 0x0067, "DHE-RSA-AES128-SHA256" },    /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
   { 0x0068, "DH-DSS-AES256-SHA256" },     /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256
   { 0x0069, "DH-RSA-AES256-SHA256" },     /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256
-  { 0x006A, "DHE-DSS-AES256-SHA256" },    /// TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
   { 0x006B, "DHE-RSA-AES256-SHA256" }     /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
 };
 
-- 
1.9.1

next             reply	other threads:[~2016-08-02 21:33 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-08-02 21:33 Thomas Palmer [this message]
2016-08-03  3:33 ` [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries Wu, Jiaxin
2016-08-08 15:48 ` Samer El Haj Mahmoud

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:1f3554a dfblob:aa08595 )
 OR (
bs:"[PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1470173625-16393-1-git-send-email-thomas.palmer@hpe.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox