From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D830A226085CF for ; Tue, 3 Apr 2018 07:52:04 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 30BFF8182D0A; Tue, 3 Apr 2018 14:52:04 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-185.rdu2.redhat.com [10.10.120.185]) by smtp.corp.redhat.com (Postfix) with ESMTP id B02F42026E0E; Tue, 3 Apr 2018 14:52:02 +0000 (UTC) From: Laszlo Ersek To: edk2-devel-01 Cc: Jiaxin Wu , Qin Long , Siyuan Fu , Ting Ye Date: Tue, 3 Apr 2018 16:51:41 +0200 Message-Id: <20180403145149.8925-6-lersek@redhat.com> In-Reply-To: <20180403145149.8925-1-lersek@redhat.com> References: <20180403145149.8925-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Tue, 03 Apr 2018 14:52:04 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Tue, 03 Apr 2018 14:52:04 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'lersek@redhat.com' RCPT:'' Subject: [PATCH 05/13] CryptoPkg/TlsLib: replace TlsGetCipherString() with TlsGetCipherMapping() X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Apr 2018 14:52:05 -0000 In the following patches it will be useful if the IANA CipherId lookup returns a pointer to the whole matching IANA-to-OpenSSL mapping structure, not just the OpenSSL cipher suite name. Rename TLS_CIPHER_PAIR and TlsGetCipherString() to TLS_CIPHER_MAPPING and TlsGetCipherMapping() respectively, and make the function return a pointer to TLS_CIPHER_MAPPING. Cc: Jiaxin Wu Cc: Qin Long Cc: Siyuan Fu Cc: Ting Ye Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915 Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek --- CryptoPkg/Library/TlsLib/TlsConfig.c | 37 +++++++++++--------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c index 2ffe58ad29a2..507489386b8e 100644 --- a/CryptoPkg/Library/TlsLib/TlsConfig.c +++ b/CryptoPkg/Library/TlsLib/TlsConfig.c @@ -21,19 +21,19 @@ typedef struct { // UINT16 IanaCipher; // // OpenSSL-used Cipher Suite String // CONST CHAR8 *OpensslCipher; -} TLS_CIPHER_PAIR; +} TLS_CIPHER_MAPPING; // // The mapping table between IANA/IETF Cipher Suite definitions and // OpenSSL-used Cipher Suite name. // -STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = { +STATIC CONST TLS_CIPHER_MAPPING TlsCipherMappingTable[] = { { 0x0001, "NULL-MD5" }, /// TLS_RSA_WITH_NULL_MD5 { 0x0002, "NULL-SHA" }, /// TLS_RSA_WITH_NULL_SHA { 0x0004, "RC4-MD5" }, /// TLS_RSA_WITH_RC4_128_MD5 { 0x0005, "RC4-SHA" }, /// TLS_RSA_WITH_RC4_128_SHA { 0x000A, "DES-CBC3-SHA" }, /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1 { 0x0016, "DHE-RSA-DES-CBC3-SHA" }, /// TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA @@ -54,42 +54,42 @@ STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = { { 0x0068, "DH-DSS-AES256-SHA256" }, /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256 { 0x0069, "DH-RSA-AES256-SHA256" }, /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256 { 0x006B, "DHE-RSA-AES256-SHA256" } /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 }; /** - Gets the OpenSSL cipher suite string for the supplied IANA TLS cipher suite. + Gets the OpenSSL cipher suite mapping for the supplied IANA TLS cipher suite. @param[in] CipherId The supplied IANA TLS cipher suite ID. - @return The corresponding OpenSSL cipher suite string if found, + @return The corresponding OpenSSL cipher suite mapping if found, NULL otherwise. **/ STATIC -CONST CHAR8 * -TlsGetCipherString ( +CONST TLS_CIPHER_MAPPING * +TlsGetCipherMapping ( IN UINT16 CipherId ) { - CONST TLS_CIPHER_PAIR *CipherEntry; - UINTN TableSize; - UINTN Index; + CONST TLS_CIPHER_MAPPING *CipherEntry; + UINTN TableSize; + UINTN Index; CipherEntry = TlsCipherMappingTable; - TableSize = sizeof (TlsCipherMappingTable) / sizeof (TLS_CIPHER_PAIR); + TableSize = sizeof (TlsCipherMappingTable) / sizeof (TLS_CIPHER_MAPPING); // // Search Cipher Mapping Table for IANA-OpenSSL Cipher Translation // for (Index = 0; Index < TableSize; Index++, CipherEntry++) { // // Translate IANA cipher suite name to OpenSSL name. // if (CipherEntry->IanaCipher == CipherId) { - return CipherEntry->OpensslCipher; + return CipherEntry; } } // // No Cipher Mapping found, return NULL. // @@ -226,34 +226,37 @@ EFIAPI TlsSetCipherList ( IN VOID *Tls, IN UINT16 *CipherId, IN UINTN CipherNum ) { - TLS_CONNECTION *TlsConn; - UINTN Index; - CONST CHAR8 *MappingName; - CHAR8 CipherString[500]; + TLS_CONNECTION *TlsConn; + UINTN Index; + CONST TLS_CIPHER_MAPPING *Mapping; + CONST CHAR8 *MappingName; + CHAR8 CipherString[500]; TlsConn = (TLS_CONNECTION *) Tls; if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) { return EFI_INVALID_PARAMETER; } + Mapping = NULL; MappingName = NULL; memset (CipherString, 0, sizeof (CipherString)); for (Index = 0; Index < CipherNum; Index++) { // // Handling OpenSSL / RFC Cipher name mapping. // - MappingName = TlsGetCipherString (*(CipherId + Index)); - if (MappingName == NULL) { + Mapping = TlsGetCipherMapping (*(CipherId + Index)); + if (Mapping == NULL) { return EFI_UNSUPPORTED; } + MappingName = Mapping->OpensslCipher; if (Index != 0) { // // The ciphers were separated by a colon. // AsciiStrCatS (CipherString, sizeof (CipherString), ":"); -- 2.14.1.3.gb7cf6e02401b