From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jiaxin.wu@intel.com>
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 by ml01.01.org (Postfix) with ESMTP id CE6A71A1E1B
 for <edk2-devel@lists.01.org>; Tue,  2 Aug 2016 20:33:24 -0700 (PDT)
Received: from orsmga003.jf.intel.com ([10.7.209.27])
 by fmsmga104.fm.intel.com with ESMTP; 02 Aug 2016 20:33:24 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.28,464,1464678000"; d="scan'208";a="858706395"
Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205])
 by orsmga003.jf.intel.com with ESMTP; 02 Aug 2016 20:33:24 -0700
Received: from fmsmsx118.amr.corp.intel.com (10.18.116.18) by
 fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Tue, 2 Aug 2016 20:33:23 -0700
Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by
 fmsmsx118.amr.corp.intel.com (10.18.116.18) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Tue, 2 Aug 2016 20:33:23 -0700
Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.181]) by
 shsmsx102.ccr.corp.intel.com ([169.254.2.147]) with mapi id 14.03.0248.002;
 Wed, 3 Aug 2016 11:33:07 +0800
From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
To: Thomas Palmer <thomas.palmer@hpe.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Long, Qin" <qin.long@intel.com>, "joseph.shifflett@hpe.com"
 <joseph.shifflett@hpe.com>
Thread-Topic: [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable
 entries
Thread-Index: AQHR7QWWNzYm0VMq3kanoSNlBo9nPaA2lVlQ
Date: Wed, 3 Aug 2016 03:33:06 +0000
Message-ID: <895558F6EA4E3B41AC93A00D163B7274137C3F08@SHSMSX103.ccr.corp.intel.com>
References: <1470173625-16393-1-git-send-email-thomas.palmer@hpe.com>
In-Reply-To: <1470173625-16393-1-git-send-email-thomas.palmer@hpe.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNDMwZjc0ZTAtMjM5ZS00ZWY1LThlNTYtNGQzZjUzYjRiNmQ2IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6IlBGcDNwWUNoTWhrXC9haUVQUXhhM1c0YVFyKzJjdUxrRTBBU2JjbVwva0tpRT0ifQ==
x-ctpclassification: CTP_IC
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2016 03:33:25 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com>

Best Regards!
Jiaxin

> -----Original Message-----
> From: Thomas Palmer [mailto:thomas.palmer@hpe.com]
> Sent: Wednesday, August 3, 2016 5:34 AM
> To: edk2-devel@lists.01.org
> Cc: Wu, Jiaxin <jiaxin.wu@intel.com>; Long, Qin <qin.long@intel.com>;
> joseph.shifflett@hpe.com; Thomas Palmer <thomas.palmer@hpe.com>
> Subject: [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable
> entries
>=20
> The TlsCipherMappingTable will be used to control which ciphers UEFI
> officially supports. When a user configures the ciphers, each cipher is
> checked against this table and if not found is sent the EFI_UNSUPPORTED
> error.
>=20
> However, when an entry is present in TlsCipherMappingTable, but our libra=
ry
> does not have support for it, the user will not see any error if other ci=
phers
> are being set at the same time.
>=20
> This patch will remove entries from TlsLib's TlsCipherMappingTable that o=
ur
> OpenSSL library is not configured to support. This restores behavior of
> immediate feedback to user.
>=20
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Thomas Palmer <thomas.palmer@hpe.com>
> ---
>  CryptoPkg/Library/TlsLib/TlsLib.c | 7 -------
>  1 file changed, 7 deletions(-)
>=20
> diff --git a/CryptoPkg/Library/TlsLib/TlsLib.c
> b/CryptoPkg/Library/TlsLib/TlsLib.c
> index 1f3554a..aa08595 100644
> --- a/CryptoPkg/Library/TlsLib/TlsLib.c
> +++ b/CryptoPkg/Library/TlsLib/TlsLib.c
> @@ -57,31 +57,24 @@ STATIC CONST TLS_CIPHER_PAIR
> TlsCipherMappingTable[] =3D {
>    { 0x0002, "NULL-SHA" },                 /// TLS_RSA_WITH_NULL_SHA
>    { 0x0004, "RC4-MD5" },                  /// TLS_RSA_WITH_RC4_128_MD5
>    { 0x0005, "RC4-SHA" },                  /// TLS_RSA_WITH_RC4_128_SHA
> -  { 0x0007, "IDEA-CBC-SHA" },             /// TLS_RSA_WITH_IDEA_CBC_SHA
> -  { 0x0009, "DES-CBC-SHA" },              /// TLS_RSA_WITH_DES_CBC_SHA
>    { 0x000A, "DES-CBC3-SHA" },             /// TLS_RSA_WITH_3DES_EDE_CBC_=
SHA,
> mandatory TLS 1.1
> -  { 0x0013, "DHE-DSS-DES-CBC3-SHA" },     ///
> TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.0
>    { 0x0016, "DHE-RSA-DES-CBC3-SHA" },     ///
> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
>    { 0x002F, "AES128-SHA" },               /// TLS_RSA_WITH_AES_128_CBC_S=
HA,
> mandatory TLS 1.2
>    { 0x0030, "DH-DSS-AES128-SHA" },        ///
> TLS_DH_DSS_WITH_AES_128_CBC_SHA
>    { 0x0031, "DH-RSA-AES128-SHA" },        ///
> TLS_DH_RSA_WITH_AES_128_CBC_SHA
> -  { 0x0032, "DHE-DSS-AES128-SHA" },       ///
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA
>    { 0x0033, "DHE-RSA-AES128-SHA" },       ///
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA
>    { 0x0035, "AES256-SHA" },               /// TLS_RSA_WITH_AES_256_CBC_S=
HA
>    { 0x0036, "DH-DSS-AES256-SHA" },        ///
> TLS_DH_DSS_WITH_AES_256_CBC_SHA
>    { 0x0037, "DH-RSA-AES256-SHA" },        ///
> TLS_DH_RSA_WITH_AES_256_CBC_SHA
> -  { 0x0038, "DHE-DSS-AES256-SHA" },       ///
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA
>    { 0x0039, "DHE-RSA-AES256-SHA" },       ///
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA
>    { 0x003B, "NULL-SHA256" },              /// TLS_RSA_WITH_NULL_SHA256
>    { 0x003C, "AES128-SHA256" },            ///
> TLS_RSA_WITH_AES_128_CBC_SHA256
>    { 0x003D, "AES256-SHA256" },            ///
> TLS_RSA_WITH_AES_256_CBC_SHA256
>    { 0x003E, "DH-DSS-AES128-SHA256" },     ///
> TLS_DH_DSS_WITH_AES_128_CBC_SHA256
>    { 0x003F, "DH-RSA-AES128-SHA256" },     ///
> TLS_DH_RSA_WITH_AES_128_CBC_SHA256
> -  { 0x0040, "DHE-DSS-AES128-SHA256" },    ///
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
>    { 0x0067, "DHE-RSA-AES128-SHA256" },    ///
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
>    { 0x0068, "DH-DSS-AES256-SHA256" },     ///
> TLS_DH_DSS_WITH_AES_256_CBC_SHA256
>    { 0x0069, "DH-RSA-AES256-SHA256" },     ///
> TLS_DH_RSA_WITH_AES_256_CBC_SHA256
> -  { 0x006A, "DHE-DSS-AES256-SHA256" },    ///
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
>    { 0x006B, "DHE-RSA-AES256-SHA256" }     ///
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
>  };
>=20
> --
> 1.9.1