From: Laszlo Ersek <lersek@redhat.com>
To: edk2-devel@lists.01.org
Cc: Jiaxin Wu <jiaxin.wu@intel.com>, Qin Long <qin.long@intel.com>,
Siyuan Fu <siyuan.fu@intel.com>, Ting Ye <ting.ye@intel.com>
Subject: [PATCH v2 5/9] CryptoPkg/TlsLib: replace TlsGetCipherString() with TlsGetCipherMapping()
Date: Wed, 11 Apr 2018 12:42:43 +0200 [thread overview]
Message-ID: <20180411104247.3758-6-lersek@redhat.com> (raw)
In-Reply-To: <20180411104247.3758-1-lersek@redhat.com>
In the following patches it will be useful if the IANA CipherId lookup
returns a pointer to the whole matching IANA-to-OpenSSL mapping structure,
not just the OpenSSL cipher suite name. Rename TLS_CIPHER_PAIR and
TlsGetCipherString() to TLS_CIPHER_MAPPING and TlsGetCipherMapping()
respectively, and make the function return a pointer to
TLS_CIPHER_MAPPING.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Qin Long <qin.long@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
Notes:
v2:
- no change
CryptoPkg/Library/TlsLib/TlsConfig.c | 37 +++++++++++---------
1 file changed, 20 insertions(+), 17 deletions(-)
diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
index 2ffe58ad29a2..507489386b8e 100644
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -21,19 +21,19 @@ typedef struct {
//
UINT16 IanaCipher;
//
// OpenSSL-used Cipher Suite String
//
CONST CHAR8 *OpensslCipher;
-} TLS_CIPHER_PAIR;
+} TLS_CIPHER_MAPPING;
//
// The mapping table between IANA/IETF Cipher Suite definitions and
// OpenSSL-used Cipher Suite name.
//
-STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = {
+STATIC CONST TLS_CIPHER_MAPPING TlsCipherMappingTable[] = {
{ 0x0001, "NULL-MD5" }, /// TLS_RSA_WITH_NULL_MD5
{ 0x0002, "NULL-SHA" }, /// TLS_RSA_WITH_NULL_SHA
{ 0x0004, "RC4-MD5" }, /// TLS_RSA_WITH_RC4_128_MD5
{ 0x0005, "RC4-SHA" }, /// TLS_RSA_WITH_RC4_128_SHA
{ 0x000A, "DES-CBC3-SHA" }, /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1
{ 0x0016, "DHE-RSA-DES-CBC3-SHA" }, /// TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
@@ -54,42 +54,42 @@ STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = {
{ 0x0068, "DH-DSS-AES256-SHA256" }, /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256
{ 0x0069, "DH-RSA-AES256-SHA256" }, /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256
{ 0x006B, "DHE-RSA-AES256-SHA256" } /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
};
/**
- Gets the OpenSSL cipher suite string for the supplied IANA TLS cipher suite.
+ Gets the OpenSSL cipher suite mapping for the supplied IANA TLS cipher suite.
@param[in] CipherId The supplied IANA TLS cipher suite ID.
- @return The corresponding OpenSSL cipher suite string if found,
+ @return The corresponding OpenSSL cipher suite mapping if found,
NULL otherwise.
**/
STATIC
-CONST CHAR8 *
-TlsGetCipherString (
+CONST TLS_CIPHER_MAPPING *
+TlsGetCipherMapping (
IN UINT16 CipherId
)
{
- CONST TLS_CIPHER_PAIR *CipherEntry;
- UINTN TableSize;
- UINTN Index;
+ CONST TLS_CIPHER_MAPPING *CipherEntry;
+ UINTN TableSize;
+ UINTN Index;
CipherEntry = TlsCipherMappingTable;
- TableSize = sizeof (TlsCipherMappingTable) / sizeof (TLS_CIPHER_PAIR);
+ TableSize = sizeof (TlsCipherMappingTable) / sizeof (TLS_CIPHER_MAPPING);
//
// Search Cipher Mapping Table for IANA-OpenSSL Cipher Translation
//
for (Index = 0; Index < TableSize; Index++, CipherEntry++) {
//
// Translate IANA cipher suite name to OpenSSL name.
//
if (CipherEntry->IanaCipher == CipherId) {
- return CipherEntry->OpensslCipher;
+ return CipherEntry;
}
}
//
// No Cipher Mapping found, return NULL.
//
@@ -226,34 +226,37 @@ EFIAPI
TlsSetCipherList (
IN VOID *Tls,
IN UINT16 *CipherId,
IN UINTN CipherNum
)
{
- TLS_CONNECTION *TlsConn;
- UINTN Index;
- CONST CHAR8 *MappingName;
- CHAR8 CipherString[500];
+ TLS_CONNECTION *TlsConn;
+ UINTN Index;
+ CONST TLS_CIPHER_MAPPING *Mapping;
+ CONST CHAR8 *MappingName;
+ CHAR8 CipherString[500];
TlsConn = (TLS_CONNECTION *) Tls;
if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {
return EFI_INVALID_PARAMETER;
}
+ Mapping = NULL;
MappingName = NULL;
memset (CipherString, 0, sizeof (CipherString));
for (Index = 0; Index < CipherNum; Index++) {
//
// Handling OpenSSL / RFC Cipher name mapping.
//
- MappingName = TlsGetCipherString (*(CipherId + Index));
- if (MappingName == NULL) {
+ Mapping = TlsGetCipherMapping (*(CipherId + Index));
+ if (Mapping == NULL) {
return EFI_UNSUPPORTED;
}
+ MappingName = Mapping->OpensslCipher;
if (Index != 0) {
//
// The ciphers were separated by a colon.
//
AsciiStrCatS (CipherString, sizeof (CipherString), ":");
--
2.14.1.3.gb7cf6e02401b
next prev parent reply other threads:[~2018-04-11 10:42 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-11 10:42 [PATCH v2 0/9] {Ovmf, Mde, Network, Crypto}Pkg: fixes+features for setting HTTPS cipher suites Laszlo Ersek
2018-04-11 10:42 ` [PATCH v2 1/9] OvmfPkg/TlsAuthConfigLib: configure trusted cipher suites for HTTPS boot Laszlo Ersek
2018-04-12 7:08 ` Gary Lin
2018-04-12 8:49 ` Laszlo Ersek
2018-04-12 9:10 ` Gary Lin
2018-04-12 9:43 ` Laszlo Ersek
2018-04-12 10:17 ` Gary Lin
2018-04-12 17:10 ` Laszlo Ersek
2018-04-11 10:42 ` [PATCH v2 2/9] MdePkg/Include/Protocol/Tls.h: pack structures from the TLS RFC Laszlo Ersek
2018-04-11 10:42 ` [PATCH v2 3/9] NetworkPkg/TlsDxe: verify DataSize for EfiTlsCipherList Laszlo Ersek
2018-04-11 10:42 ` [PATCH v2 4/9] NetworkPkg/TlsDxe: clean up byte order conversion " Laszlo Ersek
2018-04-11 10:42 ` Laszlo Ersek [this message]
2018-04-11 10:42 ` [PATCH v2 6/9] CryptoPkg/TlsLib: use binary search in the TlsGetCipherMapping() function Laszlo Ersek
2018-04-11 10:42 ` [PATCH v2 7/9] CryptoPkg/TlsLib: pre-compute OpensslCipherLength in TlsCipherMappingTable Laszlo Ersek
2018-04-11 10:42 ` [PATCH v2 8/9] CryptoPkg/TlsLib: sanitize lib classes in internal header and INF Laszlo Ersek
2018-04-11 10:42 ` [PATCH v2 9/9] CryptoPkg/TlsLib: rewrite TlsSetCipherList() Laszlo Ersek
2018-04-12 6:32 ` [PATCH v2 0/9] {Ovmf, Mde, Network, Crypto}Pkg: fixes+features for setting HTTPS cipher suites Long, Qin
2018-04-12 8:51 ` Laszlo Ersek
2018-04-12 7:28 ` Wu, Jiaxin
2018-04-12 8:50 ` Laszlo Ersek
2018-04-13 12:10 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180411104247.3758-6-lersek@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox