From: "Gerd Hoffmann" <kraxel@redhat.com>
To: Laszlo Ersek <lersek@redhat.com>
Cc: devel@edk2.groups.io, Yi Li <yi1.li@intel.com>,
Guomin Jiang <guomin.jiang@intel.com>,
Xiaoyu Lu <xiaoyu1.lu@intel.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Oliver Steffen <osteffen@redhat.com>
Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/TlsLib: fix tls cipher configuration
Date: Wed, 4 Oct 2023 11:19:48 +0200 [thread overview]
Message-ID: <2dvgzez67f7hcs2m7scppnvmknbspsuyvghzuil4wd3sstbekg@qrgjwqsejp4j> (raw)
In-Reply-To: <028c50b9-dc23-781b-ce1a-c817a81f9e6e@redhat.com>
Hi,
> > + CHAR8 *CipherString;
> > + CHAR8 *CipherStringPosition;
> > +
> > + STACK_OF (SSL_CIPHER) *OpensslCipherStack;
>
> Surprisingly, this does pass uncrustify. :) OK.
Wasn't my idea, uncrustify actually formatted it that way for me ;)
> > - Mapping = TlsGetCipherMapping (CipherId[Index]);
> > - if (Mapping == NULL) {
> > + for (StackIdx = 0; StackIdx < sk_SSL_CIPHER_num (OpensslCipherStack); StackIdx++) {
>
> Surprisingly, StackIdx really does have to be INT32 type here; through
> multiple macro definitions, sk_SSL_CIPHER_num() seems to expand to
> OPENSSL_sk_num(), and that returns a plain "int". OK.
Yep. Initially I had UINTN, but that caused CI errors due to the type
mismatch ...
> Then this loop will never run (which is fine), but *after* the loop, our
> condition for "not found" will not hold, because StackIdx will be zero,
> but sk_SSL_CIPHER_num() will return (-1).
Good point, missed that.
> but it's probably better to just skip the whole outer loop if
> "OpensslCipherStack" is NULL (as no lookup will succeed).
Agree, will do it that way.
> (4) Why AsciiStrnLenS(), and not AsciiStrLen()?
No good reason. I just looked up the edk2 name of strlen using
'git grep strlen CryptoPkg/Library/Include', and this is the
result I got ;)
> > - Mapping = MappedCipher[Index];
> > + OpensslCipher = MappedCipher[Index];
> > + OpensslCipherName = SSL_CIPHER_get_name (OpensslCipher);
> > + OpensslCipherNameSize = AsciiStrnLenS (OpensslCipherName, MAX_STRING_SIZE);
>
> (5) Better call this "OpensslCipherNameLength" ("Size" suggests
> including the terminating NUL).
OK.
> (8) Can you
>
> - assign <https://bugzilla.tianocore.org/show_bug.cgi?id=2541> to yourself,
>
> - link this patch into a comment on that BZ,
>
> - and reference the BZ URL in the commit message?
Will do.
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109311): https://edk2.groups.io/g/devel/message/109311
Mute This Topic: https://groups.io/mt/101657203/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
prev parent reply other threads:[~2023-10-04 9:20 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-29 13:23 [edk2-devel] [PATCH 1/1] CryptoPkg/TlsLib: fix tls cipher configuration Gerd Hoffmann
2023-09-30 23:20 ` Laszlo Ersek
2023-10-04 9:19 ` Gerd Hoffmann [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2dvgzez67f7hcs2m7scppnvmknbspsuyvghzuil4wd3sstbekg@qrgjwqsejp4j \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox