From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail1.bemta12.messagelabs.com (mail1.bemta12.messagelabs.com [216.82.251.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C5FC11A1E0F for ; Mon, 8 Aug 2016 08:48:54 -0700 (PDT) Received: from [216.82.251.41] by server-8.bemta-12.messagelabs.com id ED/7A-09545-6E9A8A75; Mon, 08 Aug 2016 15:48:54 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrIKsWRWlGSWpSXmKPExsWSLvdKT/fpyhX hBk/WmVrsOXSU2aLt4jpWi6Ypj1ks9j8+zujA4rFrVyO7x+I9L5k8umf/YwlgjmLNzEvKr0hg zWhZe5WlYJJiRd+pTewNjPOluxi5OIQEnjBKzH/YzgzhrGSUeH/pMzuEs4ZRovniJCCHk4NNw EDi7bv5YLaIQLzE1kUX2ECKmAXaGSU+XPzF2sXIwSEsEC1xZ2sQRE2MxPMdu5ggbCOJvsZnYL 0sAioS859fYgGxeQW8Jf72HgOrERJwlTjxdi+YzSngJjH1yi0wm1FATOL7qTVgNrOAuMStJ/P BbAkBAYkle84zQ9iiEi8f/2OFsOUlnnT/Z4So15O4MXUKG4StLbFs4WtmiL2CEidnPmGB2Ksg sff1AbYJjGKzkKyYhaR9FpL2WUjaFzCyrGLUKE4tKkst0jU01EsqykzPKMlNzMwB8oz0clOLi xPTU3MSk4r1kvNzNzECo48BCHYwnlvhfIhRkoNJSZRXfuqKcCG+pPyUyozE4oz4otKc1OJDjD IcHEoSvNbAaBYSLEpNT61Iy8wBpgGYtAQHj5IIrz5Imre4IDG3ODMdInWKUZdj1vI7a5mEWPL y81KlxCGKBECKMkrz4EbAUtIlRlkpYV5GoKOEeApSi3IzS1DlXzGKczAqCfMKgEzhycwrgdv0 CugIJqAjklTBjihJREhJNTCqBlw5ZRgzM0p3XZK5+I397HbCX2NzPx/7/omLO5OBQyzSzfFOn C7Lty22QhnVC+6wPX7CVl3vVbFtp55JzG8BxzMNzNPXdc5qWyL7ZfKf1U9+hksmilydxFYxUe Zv2/+MWpnLXx8cNTi9nou1/c8qrTvf5/QaHtpY+arWtklwYcqdeXvuJSsrsRRnJBpqMRcVJwI APnO6PUQDAAA= X-Env-Sender: smahmoud@lenovo.com X-Msg-Ref: server-2.tower-143.messagelabs.com!1470671329!2714609!1 X-Originating-IP: [103.30.234.46] X-StarScan-Received: X-StarScan-Version: 8.77; banners=-,-,- X-VirusChecked: Checked Received: (qmail 30304 invoked from network); 8 Aug 2016 15:48:53 -0000 Received: from unknown (HELO apsmtp03.lenovo.com) (103.30.234.46) by server-2.tower-143.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 8 Aug 2016 15:48:53 -0000 Received: from AEMAILCH01.lenovo.com (unknown [10.40.13.42]) by apsmtp03.lenovo.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA) id 7347_cffb_74362aef_c22d_4350_8318_d3f267d114b1; Mon, 08 Aug 2016 23:48:46 +0800 Received: from USMAILCH04.lenovo.com (10.62.32.8) by AEMAILCH01.lenovo.com (10.40.13.42) with Microsoft SMTP Server (TLS) id 14.3.248.2; Mon, 8 Aug 2016 08:48:26 -0700 Received: from USMAILMBX02.lenovo.com ([10.62.32.2]) by USMAILCH04.lenovo.com ([fe80::2d5a:2104:7243:f351%18]) with mapi id 14.03.0123.003; Mon, 8 Aug 2016 11:48:26 -0400 From: Samer El Haj Mahmoud To: Thomas Palmer , "edk2-devel@lists.01.org" CC: "jiaxin.wu@intel.com" , "qin.long@intel.com" , Samer El Haj Mahmoud Thread-Topic: [edk2] [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries Thread-Index: AQHR7QWiXH/kgQCZV0GFPMQMXImkbKA/PnpQ Date: Mon, 8 Aug 2016 15:48:26 +0000 Message-ID: <54EF1A77C479D840AF005ED34A3DC65969F865@USMAILMBX02.lenovo.com> References: <1470173625-16393-1-git-send-email-thomas.palmer@hpe.com> In-Reply-To: <1470173625-16393-1-git-send-email-thomas.palmer@hpe.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.41.39.51] MIME-Version: 1.0 Subject: Re: [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Aug 2016 15:48:55 -0000 Content-Language: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Reviewed-by: Samer El-Haj-Mahmoud Samer El-Haj-Mahmoud SESM - OS / SW Architect Systems Management Development, Data Center Group Lenovo United States +1.919.908.5833 +1.512.659.1523 smahmoud@lenovo.com =A0 Lenovo.com /us=A0 Twitter=A0|=A0Facebook=A0|=A0Instagram=A0|=A0Blogs=A0|=A0Forums -----Original Message----- From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Thom= as Palmer Sent: Tuesday, August 2, 2016 5:34 PM To: edk2-devel@lists.01.org Cc: jiaxin.wu@intel.com; qin.long@intel.com Subject: [edk2] [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTa= ble entries The TlsCipherMappingTable will be used to control which ciphers UEFI offici= ally supports. When a user configures the ciphers, each cipher is checked a= gainst this table and if not found is sent the EFI_UNSUPPORTED error. However, when an entry is present in TlsCipherMappingTable, but our library= does not have support for it, the user will not see any error if other cip= hers are being set at the same time. This patch will remove entries from TlsLib's TlsCipherMappingTable that our= OpenSSL library is not configured to support. This restores behavior of im= mediate feedback to user. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Thomas Palmer --- CryptoPkg/Library/TlsLib/TlsLib.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/CryptoPkg/Library/TlsLib/TlsLib.c b/CryptoPkg/Library/TlsLib/T= lsLib.c index 1f3554a..aa08595 100644 --- a/CryptoPkg/Library/TlsLib/TlsLib.c +++ b/CryptoPkg/Library/TlsLib/TlsLib.c @@ -57,31 +57,24 @@ STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = =3D { { 0x0002, "NULL-SHA" }, /// TLS_RSA_WITH_NULL_SHA { 0x0004, "RC4-MD5" }, /// TLS_RSA_WITH_RC4_128_MD5 { 0x0005, "RC4-SHA" }, /// TLS_RSA_WITH_RC4_128_SHA - { 0x0007, "IDEA-CBC-SHA" }, /// TLS_RSA_WITH_IDEA_CBC_SHA - { 0x0009, "DES-CBC-SHA" }, /// TLS_RSA_WITH_DES_CBC_SHA { 0x000A, "DES-CBC3-SHA" }, /// TLS_RSA_WITH_3DES_EDE_CBC_SH= A, mandatory TLS 1.1 - { 0x0013, "DHE-DSS-DES-CBC3-SHA" }, /// TLS_DHE_DSS_WITH_3DES_EDE_CB= C_SHA, mandatory TLS 1.0 { 0x0016, "DHE-RSA-DES-CBC3-SHA" }, /// TLS_DHE_RSA_WITH_3DES_EDE_CB= C_SHA { 0x002F, "AES128-SHA" }, /// TLS_RSA_WITH_AES_128_CBC_SHA= , mandatory TLS 1.2 { 0x0030, "DH-DSS-AES128-SHA" }, /// TLS_DH_DSS_WITH_AES_128_CBC_= SHA { 0x0031, "DH-RSA-AES128-SHA" }, /// TLS_DH_RSA_WITH_AES_128_CBC_= SHA - { 0x0032, "DHE-DSS-AES128-SHA" }, /// TLS_DHE_DSS_WITH_AES_128_CBC= _SHA { 0x0033, "DHE-RSA-AES128-SHA" }, /// TLS_DHE_RSA_WITH_AES_128_CBC= _SHA { 0x0035, "AES256-SHA" }, /// TLS_RSA_WITH_AES_256_CBC_SHA { 0x0036, "DH-DSS-AES256-SHA" }, /// TLS_DH_DSS_WITH_AES_256_CBC_= SHA { 0x0037, "DH-RSA-AES256-SHA" }, /// TLS_DH_RSA_WITH_AES_256_CBC_= SHA - { 0x0038, "DHE-DSS-AES256-SHA" }, /// TLS_DHE_DSS_WITH_AES_256_CBC= _SHA { 0x0039, "DHE-RSA-AES256-SHA" }, /// TLS_DHE_RSA_WITH_AES_256_CBC= _SHA { 0x003B, "NULL-SHA256" }, /// TLS_RSA_WITH_NULL_SHA256 { 0x003C, "AES128-SHA256" }, /// TLS_RSA_WITH_AES_128_CBC_SHA= 256 { 0x003D, "AES256-SHA256" }, /// TLS_RSA_WITH_AES_256_CBC_SHA= 256 { 0x003E, "DH-DSS-AES128-SHA256" }, /// TLS_DH_DSS_WITH_AES_128_CBC_= SHA256 { 0x003F, "DH-RSA-AES128-SHA256" }, /// TLS_DH_RSA_WITH_AES_128_CBC_= SHA256 - { 0x0040, "DHE-DSS-AES128-SHA256" }, /// TLS_DHE_DSS_WITH_AES_128_CBC= _SHA256 { 0x0067, "DHE-RSA-AES128-SHA256" }, /// TLS_DHE_RSA_WITH_AES_128_CBC= _SHA256 { 0x0068, "DH-DSS-AES256-SHA256" }, /// TLS_DH_DSS_WITH_AES_256_CBC_= SHA256 { 0x0069, "DH-RSA-AES256-SHA256" }, /// TLS_DH_RSA_WITH_AES_256_CBC_= SHA256 - { 0x006A, "DHE-DSS-AES256-SHA256" }, /// TLS_DHE_DSS_WITH_AES_256_CBC= _SHA256 { 0x006B, "DHE-RSA-AES256-SHA256" } /// TLS_DHE_RSA_WITH_AES_256_CBC= _SHA256 }; =20 -- 1.9.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel