* [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries
@ 2016-08-02 21:33 Thomas Palmer
2016-08-03 3:33 ` Wu, Jiaxin
2016-08-08 15:48 ` Samer El Haj Mahmoud
0 siblings, 2 replies; 3+ messages in thread
From: Thomas Palmer @ 2016-08-02 21:33 UTC (permalink / raw)
To: edk2-devel; +Cc: jiaxin.wu, qin.long, joseph.shifflett, Thomas Palmer
The TlsCipherMappingTable will be used to control which ciphers UEFI
officially supports. When a user configures the ciphers, each cipher
is checked against this table and if not found is sent the
EFI_UNSUPPORTED error.
However, when an entry is present in TlsCipherMappingTable, but our
library does not have support for it, the user will not see any
error if other ciphers are being set at the same time.
This patch will remove entries from TlsLib's TlsCipherMappingTable
that our OpenSSL library is not configured to support. This restores
behavior of immediate feedback to user.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Thomas Palmer <thomas.palmer@hpe.com>
---
CryptoPkg/Library/TlsLib/TlsLib.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/CryptoPkg/Library/TlsLib/TlsLib.c b/CryptoPkg/Library/TlsLib/TlsLib.c
index 1f3554a..aa08595 100644
--- a/CryptoPkg/Library/TlsLib/TlsLib.c
+++ b/CryptoPkg/Library/TlsLib/TlsLib.c
@@ -57,31 +57,24 @@ STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = {
{ 0x0002, "NULL-SHA" }, /// TLS_RSA_WITH_NULL_SHA
{ 0x0004, "RC4-MD5" }, /// TLS_RSA_WITH_RC4_128_MD5
{ 0x0005, "RC4-SHA" }, /// TLS_RSA_WITH_RC4_128_SHA
- { 0x0007, "IDEA-CBC-SHA" }, /// TLS_RSA_WITH_IDEA_CBC_SHA
- { 0x0009, "DES-CBC-SHA" }, /// TLS_RSA_WITH_DES_CBC_SHA
{ 0x000A, "DES-CBC3-SHA" }, /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1
- { 0x0013, "DHE-DSS-DES-CBC3-SHA" }, /// TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.0
{ 0x0016, "DHE-RSA-DES-CBC3-SHA" }, /// TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
{ 0x002F, "AES128-SHA" }, /// TLS_RSA_WITH_AES_128_CBC_SHA, mandatory TLS 1.2
{ 0x0030, "DH-DSS-AES128-SHA" }, /// TLS_DH_DSS_WITH_AES_128_CBC_SHA
{ 0x0031, "DH-RSA-AES128-SHA" }, /// TLS_DH_RSA_WITH_AES_128_CBC_SHA
- { 0x0032, "DHE-DSS-AES128-SHA" }, /// TLS_DHE_DSS_WITH_AES_128_CBC_SHA
{ 0x0033, "DHE-RSA-AES128-SHA" }, /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA
{ 0x0035, "AES256-SHA" }, /// TLS_RSA_WITH_AES_256_CBC_SHA
{ 0x0036, "DH-DSS-AES256-SHA" }, /// TLS_DH_DSS_WITH_AES_256_CBC_SHA
{ 0x0037, "DH-RSA-AES256-SHA" }, /// TLS_DH_RSA_WITH_AES_256_CBC_SHA
- { 0x0038, "DHE-DSS-AES256-SHA" }, /// TLS_DHE_DSS_WITH_AES_256_CBC_SHA
{ 0x0039, "DHE-RSA-AES256-SHA" }, /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA
{ 0x003B, "NULL-SHA256" }, /// TLS_RSA_WITH_NULL_SHA256
{ 0x003C, "AES128-SHA256" }, /// TLS_RSA_WITH_AES_128_CBC_SHA256
{ 0x003D, "AES256-SHA256" }, /// TLS_RSA_WITH_AES_256_CBC_SHA256
{ 0x003E, "DH-DSS-AES128-SHA256" }, /// TLS_DH_DSS_WITH_AES_128_CBC_SHA256
{ 0x003F, "DH-RSA-AES128-SHA256" }, /// TLS_DH_RSA_WITH_AES_128_CBC_SHA256
- { 0x0040, "DHE-DSS-AES128-SHA256" }, /// TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
{ 0x0067, "DHE-RSA-AES128-SHA256" }, /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
{ 0x0068, "DH-DSS-AES256-SHA256" }, /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256
{ 0x0069, "DH-RSA-AES256-SHA256" }, /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256
- { 0x006A, "DHE-DSS-AES256-SHA256" }, /// TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
{ 0x006B, "DHE-RSA-AES256-SHA256" } /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
};
--
1.9.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries
2016-08-02 21:33 [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries Thomas Palmer
@ 2016-08-03 3:33 ` Wu, Jiaxin
2016-08-08 15:48 ` Samer El Haj Mahmoud
1 sibling, 0 replies; 3+ messages in thread
From: Wu, Jiaxin @ 2016-08-03 3:33 UTC (permalink / raw)
To: Thomas Palmer, edk2-devel@lists.01.org
Cc: Long, Qin, joseph.shifflett@hpe.com
Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com>
Best Regards!
Jiaxin
> -----Original Message-----
> From: Thomas Palmer [mailto:thomas.palmer@hpe.com]
> Sent: Wednesday, August 3, 2016 5:34 AM
> To: edk2-devel@lists.01.org
> Cc: Wu, Jiaxin <jiaxin.wu@intel.com>; Long, Qin <qin.long@intel.com>;
> joseph.shifflett@hpe.com; Thomas Palmer <thomas.palmer@hpe.com>
> Subject: [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable
> entries
>
> The TlsCipherMappingTable will be used to control which ciphers UEFI
> officially supports. When a user configures the ciphers, each cipher is
> checked against this table and if not found is sent the EFI_UNSUPPORTED
> error.
>
> However, when an entry is present in TlsCipherMappingTable, but our library
> does not have support for it, the user will not see any error if other ciphers
> are being set at the same time.
>
> This patch will remove entries from TlsLib's TlsCipherMappingTable that our
> OpenSSL library is not configured to support. This restores behavior of
> immediate feedback to user.
>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Thomas Palmer <thomas.palmer@hpe.com>
> ---
> CryptoPkg/Library/TlsLib/TlsLib.c | 7 -------
> 1 file changed, 7 deletions(-)
>
> diff --git a/CryptoPkg/Library/TlsLib/TlsLib.c
> b/CryptoPkg/Library/TlsLib/TlsLib.c
> index 1f3554a..aa08595 100644
> --- a/CryptoPkg/Library/TlsLib/TlsLib.c
> +++ b/CryptoPkg/Library/TlsLib/TlsLib.c
> @@ -57,31 +57,24 @@ STATIC CONST TLS_CIPHER_PAIR
> TlsCipherMappingTable[] = {
> { 0x0002, "NULL-SHA" }, /// TLS_RSA_WITH_NULL_SHA
> { 0x0004, "RC4-MD5" }, /// TLS_RSA_WITH_RC4_128_MD5
> { 0x0005, "RC4-SHA" }, /// TLS_RSA_WITH_RC4_128_SHA
> - { 0x0007, "IDEA-CBC-SHA" }, /// TLS_RSA_WITH_IDEA_CBC_SHA
> - { 0x0009, "DES-CBC-SHA" }, /// TLS_RSA_WITH_DES_CBC_SHA
> { 0x000A, "DES-CBC3-SHA" }, /// TLS_RSA_WITH_3DES_EDE_CBC_SHA,
> mandatory TLS 1.1
> - { 0x0013, "DHE-DSS-DES-CBC3-SHA" }, ///
> TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.0
> { 0x0016, "DHE-RSA-DES-CBC3-SHA" }, ///
> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> { 0x002F, "AES128-SHA" }, /// TLS_RSA_WITH_AES_128_CBC_SHA,
> mandatory TLS 1.2
> { 0x0030, "DH-DSS-AES128-SHA" }, ///
> TLS_DH_DSS_WITH_AES_128_CBC_SHA
> { 0x0031, "DH-RSA-AES128-SHA" }, ///
> TLS_DH_RSA_WITH_AES_128_CBC_SHA
> - { 0x0032, "DHE-DSS-AES128-SHA" }, ///
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA
> { 0x0033, "DHE-RSA-AES128-SHA" }, ///
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA
> { 0x0035, "AES256-SHA" }, /// TLS_RSA_WITH_AES_256_CBC_SHA
> { 0x0036, "DH-DSS-AES256-SHA" }, ///
> TLS_DH_DSS_WITH_AES_256_CBC_SHA
> { 0x0037, "DH-RSA-AES256-SHA" }, ///
> TLS_DH_RSA_WITH_AES_256_CBC_SHA
> - { 0x0038, "DHE-DSS-AES256-SHA" }, ///
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA
> { 0x0039, "DHE-RSA-AES256-SHA" }, ///
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> { 0x003B, "NULL-SHA256" }, /// TLS_RSA_WITH_NULL_SHA256
> { 0x003C, "AES128-SHA256" }, ///
> TLS_RSA_WITH_AES_128_CBC_SHA256
> { 0x003D, "AES256-SHA256" }, ///
> TLS_RSA_WITH_AES_256_CBC_SHA256
> { 0x003E, "DH-DSS-AES128-SHA256" }, ///
> TLS_DH_DSS_WITH_AES_128_CBC_SHA256
> { 0x003F, "DH-RSA-AES128-SHA256" }, ///
> TLS_DH_RSA_WITH_AES_128_CBC_SHA256
> - { 0x0040, "DHE-DSS-AES128-SHA256" }, ///
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
> { 0x0067, "DHE-RSA-AES128-SHA256" }, ///
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> { 0x0068, "DH-DSS-AES256-SHA256" }, ///
> TLS_DH_DSS_WITH_AES_256_CBC_SHA256
> { 0x0069, "DH-RSA-AES256-SHA256" }, ///
> TLS_DH_RSA_WITH_AES_256_CBC_SHA256
> - { 0x006A, "DHE-DSS-AES256-SHA256" }, ///
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
> { 0x006B, "DHE-RSA-AES256-SHA256" } ///
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
> };
>
> --
> 1.9.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries
2016-08-02 21:33 [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries Thomas Palmer
2016-08-03 3:33 ` Wu, Jiaxin
@ 2016-08-08 15:48 ` Samer El Haj Mahmoud
1 sibling, 0 replies; 3+ messages in thread
From: Samer El Haj Mahmoud @ 2016-08-08 15:48 UTC (permalink / raw)
To: Thomas Palmer, edk2-devel@lists.01.org
Cc: jiaxin.wu@intel.com, qin.long@intel.com, Samer El Haj Mahmoud
Reviewed-by: Samer El-Haj-Mahmoud <smahmoud@lenovo.com>
Samer El-Haj-Mahmoud
SESM - OS / SW Architect
Systems Management Development, Data Center Group
Lenovo United States
+1.919.908.5833
+1.512.659.1523
smahmoud@lenovo.com
Lenovo.com /us
Twitter | Facebook | Instagram | Blogs | Forums
-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Thomas Palmer
Sent: Tuesday, August 2, 2016 5:34 PM
To: edk2-devel@lists.01.org
Cc: jiaxin.wu@intel.com; qin.long@intel.com
Subject: [edk2] [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries
The TlsCipherMappingTable will be used to control which ciphers UEFI officially supports. When a user configures the ciphers, each cipher is checked against this table and if not found is sent the EFI_UNSUPPORTED error.
However, when an entry is present in TlsCipherMappingTable, but our library does not have support for it, the user will not see any error if other ciphers are being set at the same time.
This patch will remove entries from TlsLib's TlsCipherMappingTable that our OpenSSL library is not configured to support. This restores behavior of immediate feedback to user.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Thomas Palmer <thomas.palmer@hpe.com>
---
CryptoPkg/Library/TlsLib/TlsLib.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/CryptoPkg/Library/TlsLib/TlsLib.c b/CryptoPkg/Library/TlsLib/TlsLib.c
index 1f3554a..aa08595 100644
--- a/CryptoPkg/Library/TlsLib/TlsLib.c
+++ b/CryptoPkg/Library/TlsLib/TlsLib.c
@@ -57,31 +57,24 @@ STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = {
{ 0x0002, "NULL-SHA" }, /// TLS_RSA_WITH_NULL_SHA
{ 0x0004, "RC4-MD5" }, /// TLS_RSA_WITH_RC4_128_MD5
{ 0x0005, "RC4-SHA" }, /// TLS_RSA_WITH_RC4_128_SHA
- { 0x0007, "IDEA-CBC-SHA" }, /// TLS_RSA_WITH_IDEA_CBC_SHA
- { 0x0009, "DES-CBC-SHA" }, /// TLS_RSA_WITH_DES_CBC_SHA
{ 0x000A, "DES-CBC3-SHA" }, /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1
- { 0x0013, "DHE-DSS-DES-CBC3-SHA" }, /// TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.0
{ 0x0016, "DHE-RSA-DES-CBC3-SHA" }, /// TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
{ 0x002F, "AES128-SHA" }, /// TLS_RSA_WITH_AES_128_CBC_SHA, mandatory TLS 1.2
{ 0x0030, "DH-DSS-AES128-SHA" }, /// TLS_DH_DSS_WITH_AES_128_CBC_SHA
{ 0x0031, "DH-RSA-AES128-SHA" }, /// TLS_DH_RSA_WITH_AES_128_CBC_SHA
- { 0x0032, "DHE-DSS-AES128-SHA" }, /// TLS_DHE_DSS_WITH_AES_128_CBC_SHA
{ 0x0033, "DHE-RSA-AES128-SHA" }, /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA
{ 0x0035, "AES256-SHA" }, /// TLS_RSA_WITH_AES_256_CBC_SHA
{ 0x0036, "DH-DSS-AES256-SHA" }, /// TLS_DH_DSS_WITH_AES_256_CBC_SHA
{ 0x0037, "DH-RSA-AES256-SHA" }, /// TLS_DH_RSA_WITH_AES_256_CBC_SHA
- { 0x0038, "DHE-DSS-AES256-SHA" }, /// TLS_DHE_DSS_WITH_AES_256_CBC_SHA
{ 0x0039, "DHE-RSA-AES256-SHA" }, /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA
{ 0x003B, "NULL-SHA256" }, /// TLS_RSA_WITH_NULL_SHA256
{ 0x003C, "AES128-SHA256" }, /// TLS_RSA_WITH_AES_128_CBC_SHA256
{ 0x003D, "AES256-SHA256" }, /// TLS_RSA_WITH_AES_256_CBC_SHA256
{ 0x003E, "DH-DSS-AES128-SHA256" }, /// TLS_DH_DSS_WITH_AES_128_CBC_SHA256
{ 0x003F, "DH-RSA-AES128-SHA256" }, /// TLS_DH_RSA_WITH_AES_128_CBC_SHA256
- { 0x0040, "DHE-DSS-AES128-SHA256" }, /// TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
{ 0x0067, "DHE-RSA-AES128-SHA256" }, /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
{ 0x0068, "DH-DSS-AES256-SHA256" }, /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256
{ 0x0069, "DH-RSA-AES256-SHA256" }, /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256
- { 0x006A, "DHE-DSS-AES256-SHA256" }, /// TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
{ 0x006B, "DHE-RSA-AES256-SHA256" } /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
};
--
1.9.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-08-08 15:48 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-08-02 21:33 [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries Thomas Palmer
2016-08-03 3:33 ` Wu, Jiaxin
2016-08-08 15:48 ` Samer El Haj Mahmoud
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox