public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Samer El Haj Mahmoud <smahmoud@lenovo.com>
To: Thomas Palmer <thomas.palmer@hpe.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "jiaxin.wu@intel.com" <jiaxin.wu@intel.com>,
	"qin.long@intel.com" <qin.long@intel.com>,
	Samer El Haj Mahmoud <smahmoud@lenovo.com>
Subject: Re: [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries
Date: Mon, 8 Aug 2016 15:48:26 +0000	[thread overview]
Message-ID: <54EF1A77C479D840AF005ED34A3DC65969F865@USMAILMBX02.lenovo.com> (raw)
In-Reply-To: <1470173625-16393-1-git-send-email-thomas.palmer@hpe.com>

Reviewed-by: Samer El-Haj-Mahmoud <smahmoud@lenovo.com>




Samer El-Haj-Mahmoud
SESM - OS / SW Architect
Systems Management Development, Data Center Group
Lenovo United States
+1.919.908.5833
+1.512.659.1523
smahmoud@lenovo.com
 

Lenovo.com /us 
Twitter | Facebook | Instagram | Blogs | Forums






-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Thomas Palmer
Sent: Tuesday, August 2, 2016 5:34 PM
To: edk2-devel@lists.01.org
Cc: jiaxin.wu@intel.com; qin.long@intel.com
Subject: [edk2] [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries

The TlsCipherMappingTable will be used to control which ciphers UEFI officially supports. When a user configures the ciphers, each cipher is checked against this table and if not found is sent the EFI_UNSUPPORTED error.

However, when an entry is present in TlsCipherMappingTable, but our library does not have support for it, the user will not see any error if other ciphers are being set at the same time.

This patch will remove entries from TlsLib's TlsCipherMappingTable that our OpenSSL library is not configured to support. This restores behavior of immediate feedback to user.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Thomas Palmer <thomas.palmer@hpe.com>
---
 CryptoPkg/Library/TlsLib/TlsLib.c | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/CryptoPkg/Library/TlsLib/TlsLib.c b/CryptoPkg/Library/TlsLib/TlsLib.c
index 1f3554a..aa08595 100644
--- a/CryptoPkg/Library/TlsLib/TlsLib.c
+++ b/CryptoPkg/Library/TlsLib/TlsLib.c
@@ -57,31 +57,24 @@ STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = {
   { 0x0002, "NULL-SHA" },                 /// TLS_RSA_WITH_NULL_SHA
   { 0x0004, "RC4-MD5" },                  /// TLS_RSA_WITH_RC4_128_MD5
   { 0x0005, "RC4-SHA" },                  /// TLS_RSA_WITH_RC4_128_SHA
-  { 0x0007, "IDEA-CBC-SHA" },             /// TLS_RSA_WITH_IDEA_CBC_SHA
-  { 0x0009, "DES-CBC-SHA" },              /// TLS_RSA_WITH_DES_CBC_SHA
   { 0x000A, "DES-CBC3-SHA" },             /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1
-  { 0x0013, "DHE-DSS-DES-CBC3-SHA" },     /// TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.0
   { 0x0016, "DHE-RSA-DES-CBC3-SHA" },     /// TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
   { 0x002F, "AES128-SHA" },               /// TLS_RSA_WITH_AES_128_CBC_SHA, mandatory TLS 1.2
   { 0x0030, "DH-DSS-AES128-SHA" },        /// TLS_DH_DSS_WITH_AES_128_CBC_SHA
   { 0x0031, "DH-RSA-AES128-SHA" },        /// TLS_DH_RSA_WITH_AES_128_CBC_SHA
-  { 0x0032, "DHE-DSS-AES128-SHA" },       /// TLS_DHE_DSS_WITH_AES_128_CBC_SHA
   { 0x0033, "DHE-RSA-AES128-SHA" },       /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA
   { 0x0035, "AES256-SHA" },               /// TLS_RSA_WITH_AES_256_CBC_SHA
   { 0x0036, "DH-DSS-AES256-SHA" },        /// TLS_DH_DSS_WITH_AES_256_CBC_SHA
   { 0x0037, "DH-RSA-AES256-SHA" },        /// TLS_DH_RSA_WITH_AES_256_CBC_SHA
-  { 0x0038, "DHE-DSS-AES256-SHA" },       /// TLS_DHE_DSS_WITH_AES_256_CBC_SHA
   { 0x0039, "DHE-RSA-AES256-SHA" },       /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA
   { 0x003B, "NULL-SHA256" },              /// TLS_RSA_WITH_NULL_SHA256
   { 0x003C, "AES128-SHA256" },            /// TLS_RSA_WITH_AES_128_CBC_SHA256
   { 0x003D, "AES256-SHA256" },            /// TLS_RSA_WITH_AES_256_CBC_SHA256
   { 0x003E, "DH-DSS-AES128-SHA256" },     /// TLS_DH_DSS_WITH_AES_128_CBC_SHA256
   { 0x003F, "DH-RSA-AES128-SHA256" },     /// TLS_DH_RSA_WITH_AES_128_CBC_SHA256
-  { 0x0040, "DHE-DSS-AES128-SHA256" },    /// TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
   { 0x0067, "DHE-RSA-AES128-SHA256" },    /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
   { 0x0068, "DH-DSS-AES256-SHA256" },     /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256
   { 0x0069, "DH-RSA-AES256-SHA256" },     /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256
-  { 0x006A, "DHE-DSS-AES256-SHA256" },    /// TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
   { 0x006B, "DHE-RSA-AES256-SHA256" }     /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
 };
 
--
1.9.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


      parent reply	other threads:[~2016-08-08 15:48 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-08-02 21:33 [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries Thomas Palmer
2016-08-03  3:33 ` Wu, Jiaxin
2016-08-08 15:48 ` Samer El Haj Mahmoud [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=54EF1A77C479D840AF005ED34A3DC65969F865@USMAILMBX02.lenovo.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox