From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by ml01.01.org (Postfix) with ESMTP id CE6A71A1E1B for ; Tue, 2 Aug 2016 20:33:24 -0700 (PDT) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga104.fm.intel.com with ESMTP; 02 Aug 2016 20:33:24 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.28,464,1464678000"; d="scan'208";a="858706395" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by orsmga003.jf.intel.com with ESMTP; 02 Aug 2016 20:33:24 -0700 Received: from fmsmsx118.amr.corp.intel.com (10.18.116.18) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.248.2; Tue, 2 Aug 2016 20:33:23 -0700 Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by fmsmsx118.amr.corp.intel.com (10.18.116.18) with Microsoft SMTP Server (TLS) id 14.3.248.2; Tue, 2 Aug 2016 20:33:23 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.181]) by shsmsx102.ccr.corp.intel.com ([169.254.2.147]) with mapi id 14.03.0248.002; Wed, 3 Aug 2016 11:33:07 +0800 From: "Wu, Jiaxin" To: Thomas Palmer , "edk2-devel@lists.01.org" CC: "Long, Qin" , "joseph.shifflett@hpe.com" Thread-Topic: [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries Thread-Index: AQHR7QWWNzYm0VMq3kanoSNlBo9nPaA2lVlQ Date: Wed, 3 Aug 2016 03:33:06 +0000 Message-ID: <895558F6EA4E3B41AC93A00D163B7274137C3F08@SHSMSX103.ccr.corp.intel.com> References: <1470173625-16393-1-git-send-email-thomas.palmer@hpe.com> In-Reply-To: <1470173625-16393-1-git-send-email-thomas.palmer@hpe.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNDMwZjc0ZTAtMjM5ZS00ZWY1LThlNTYtNGQzZjUzYjRiNmQ2IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6IlBGcDNwWUNoTWhrXC9haUVQUXhhM1c0YVFyKzJjdUxrRTBBU2JjbVwva0tpRT0ifQ== x-ctpclassification: CTP_IC x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Aug 2016 03:33:25 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-By: Wu Jiaxin Best Regards! Jiaxin > -----Original Message----- > From: Thomas Palmer [mailto:thomas.palmer@hpe.com] > Sent: Wednesday, August 3, 2016 5:34 AM > To: edk2-devel@lists.01.org > Cc: Wu, Jiaxin ; Long, Qin ; > joseph.shifflett@hpe.com; Thomas Palmer > Subject: [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable > entries >=20 > The TlsCipherMappingTable will be used to control which ciphers UEFI > officially supports. When a user configures the ciphers, each cipher is > checked against this table and if not found is sent the EFI_UNSUPPORTED > error. >=20 > However, when an entry is present in TlsCipherMappingTable, but our libra= ry > does not have support for it, the user will not see any error if other ci= phers > are being set at the same time. >=20 > This patch will remove entries from TlsLib's TlsCipherMappingTable that o= ur > OpenSSL library is not configured to support. This restores behavior of > immediate feedback to user. >=20 > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Thomas Palmer > --- > CryptoPkg/Library/TlsLib/TlsLib.c | 7 ------- > 1 file changed, 7 deletions(-) >=20 > diff --git a/CryptoPkg/Library/TlsLib/TlsLib.c > b/CryptoPkg/Library/TlsLib/TlsLib.c > index 1f3554a..aa08595 100644 > --- a/CryptoPkg/Library/TlsLib/TlsLib.c > +++ b/CryptoPkg/Library/TlsLib/TlsLib.c > @@ -57,31 +57,24 @@ STATIC CONST TLS_CIPHER_PAIR > TlsCipherMappingTable[] =3D { > { 0x0002, "NULL-SHA" }, /// TLS_RSA_WITH_NULL_SHA > { 0x0004, "RC4-MD5" }, /// TLS_RSA_WITH_RC4_128_MD5 > { 0x0005, "RC4-SHA" }, /// TLS_RSA_WITH_RC4_128_SHA > - { 0x0007, "IDEA-CBC-SHA" }, /// TLS_RSA_WITH_IDEA_CBC_SHA > - { 0x0009, "DES-CBC-SHA" }, /// TLS_RSA_WITH_DES_CBC_SHA > { 0x000A, "DES-CBC3-SHA" }, /// TLS_RSA_WITH_3DES_EDE_CBC_= SHA, > mandatory TLS 1.1 > - { 0x0013, "DHE-DSS-DES-CBC3-SHA" }, /// > TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.0 > { 0x0016, "DHE-RSA-DES-CBC3-SHA" }, /// > TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA > { 0x002F, "AES128-SHA" }, /// TLS_RSA_WITH_AES_128_CBC_S= HA, > mandatory TLS 1.2 > { 0x0030, "DH-DSS-AES128-SHA" }, /// > TLS_DH_DSS_WITH_AES_128_CBC_SHA > { 0x0031, "DH-RSA-AES128-SHA" }, /// > TLS_DH_RSA_WITH_AES_128_CBC_SHA > - { 0x0032, "DHE-DSS-AES128-SHA" }, /// > TLS_DHE_DSS_WITH_AES_128_CBC_SHA > { 0x0033, "DHE-RSA-AES128-SHA" }, /// > TLS_DHE_RSA_WITH_AES_128_CBC_SHA > { 0x0035, "AES256-SHA" }, /// TLS_RSA_WITH_AES_256_CBC_S= HA > { 0x0036, "DH-DSS-AES256-SHA" }, /// > TLS_DH_DSS_WITH_AES_256_CBC_SHA > { 0x0037, "DH-RSA-AES256-SHA" }, /// > TLS_DH_RSA_WITH_AES_256_CBC_SHA > - { 0x0038, "DHE-DSS-AES256-SHA" }, /// > TLS_DHE_DSS_WITH_AES_256_CBC_SHA > { 0x0039, "DHE-RSA-AES256-SHA" }, /// > TLS_DHE_RSA_WITH_AES_256_CBC_SHA > { 0x003B, "NULL-SHA256" }, /// TLS_RSA_WITH_NULL_SHA256 > { 0x003C, "AES128-SHA256" }, /// > TLS_RSA_WITH_AES_128_CBC_SHA256 > { 0x003D, "AES256-SHA256" }, /// > TLS_RSA_WITH_AES_256_CBC_SHA256 > { 0x003E, "DH-DSS-AES128-SHA256" }, /// > TLS_DH_DSS_WITH_AES_128_CBC_SHA256 > { 0x003F, "DH-RSA-AES128-SHA256" }, /// > TLS_DH_RSA_WITH_AES_128_CBC_SHA256 > - { 0x0040, "DHE-DSS-AES128-SHA256" }, /// > TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 > { 0x0067, "DHE-RSA-AES128-SHA256" }, /// > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 > { 0x0068, "DH-DSS-AES256-SHA256" }, /// > TLS_DH_DSS_WITH_AES_256_CBC_SHA256 > { 0x0069, "DH-RSA-AES256-SHA256" }, /// > TLS_DH_RSA_WITH_AES_256_CBC_SHA256 > - { 0x006A, "DHE-DSS-AES256-SHA256" }, /// > TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 > { 0x006B, "DHE-RSA-AES256-SHA256" } /// > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 > }; >=20 > -- > 1.9.1