Reviewed-by: Samer El-Haj-Mahmoud <smahm...@lenovo.com>
Samer El-Haj-Mahmoud SESM - OS / SW Architect Systems Management Development, Data Center Group Lenovo United States +1.919.908.5833 +1.512.659.1523 smahm...@lenovo.com Lenovo.com /us Twitter | Facebook | Instagram | Blogs | Forums -----Original Message----- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Thomas Palmer Sent: Tuesday, August 2, 2016 5:34 PM To: edk2-devel@lists.01.org Cc: jiaxin...@intel.com; qin.l...@intel.com Subject: [edk2] [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable entries The TlsCipherMappingTable will be used to control which ciphers UEFI officially supports. When a user configures the ciphers, each cipher is checked against this table and if not found is sent the EFI_UNSUPPORTED error. However, when an entry is present in TlsCipherMappingTable, but our library does not have support for it, the user will not see any error if other ciphers are being set at the same time. This patch will remove entries from TlsLib's TlsCipherMappingTable that our OpenSSL library is not configured to support. This restores behavior of immediate feedback to user. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Thomas Palmer <thomas.pal...@hpe.com> --- CryptoPkg/Library/TlsLib/TlsLib.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/CryptoPkg/Library/TlsLib/TlsLib.c b/CryptoPkg/Library/TlsLib/TlsLib.c index 1f3554a..aa08595 100644 --- a/CryptoPkg/Library/TlsLib/TlsLib.c +++ b/CryptoPkg/Library/TlsLib/TlsLib.c @@ -57,31 +57,24 @@ STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = { { 0x0002, "NULL-SHA" }, /// TLS_RSA_WITH_NULL_SHA { 0x0004, "RC4-MD5" }, /// TLS_RSA_WITH_RC4_128_MD5 { 0x0005, "RC4-SHA" }, /// TLS_RSA_WITH_RC4_128_SHA - { 0x0007, "IDEA-CBC-SHA" }, /// TLS_RSA_WITH_IDEA_CBC_SHA - { 0x0009, "DES-CBC-SHA" }, /// TLS_RSA_WITH_DES_CBC_SHA { 0x000A, "DES-CBC3-SHA" }, /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1 - { 0x0013, "DHE-DSS-DES-CBC3-SHA" }, /// TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.0 { 0x0016, "DHE-RSA-DES-CBC3-SHA" }, /// TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA { 0x002F, "AES128-SHA" }, /// TLS_RSA_WITH_AES_128_CBC_SHA, mandatory TLS 1.2 { 0x0030, "DH-DSS-AES128-SHA" }, /// TLS_DH_DSS_WITH_AES_128_CBC_SHA { 0x0031, "DH-RSA-AES128-SHA" }, /// TLS_DH_RSA_WITH_AES_128_CBC_SHA - { 0x0032, "DHE-DSS-AES128-SHA" }, /// TLS_DHE_DSS_WITH_AES_128_CBC_SHA { 0x0033, "DHE-RSA-AES128-SHA" }, /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA { 0x0035, "AES256-SHA" }, /// TLS_RSA_WITH_AES_256_CBC_SHA { 0x0036, "DH-DSS-AES256-SHA" }, /// TLS_DH_DSS_WITH_AES_256_CBC_SHA { 0x0037, "DH-RSA-AES256-SHA" }, /// TLS_DH_RSA_WITH_AES_256_CBC_SHA - { 0x0038, "DHE-DSS-AES256-SHA" }, /// TLS_DHE_DSS_WITH_AES_256_CBC_SHA { 0x0039, "DHE-RSA-AES256-SHA" }, /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA { 0x003B, "NULL-SHA256" }, /// TLS_RSA_WITH_NULL_SHA256 { 0x003C, "AES128-SHA256" }, /// TLS_RSA_WITH_AES_128_CBC_SHA256 { 0x003D, "AES256-SHA256" }, /// TLS_RSA_WITH_AES_256_CBC_SHA256 { 0x003E, "DH-DSS-AES128-SHA256" }, /// TLS_DH_DSS_WITH_AES_128_CBC_SHA256 { 0x003F, "DH-RSA-AES128-SHA256" }, /// TLS_DH_RSA_WITH_AES_128_CBC_SHA256 - { 0x0040, "DHE-DSS-AES128-SHA256" }, /// TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 { 0x0067, "DHE-RSA-AES128-SHA256" }, /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 { 0x0068, "DH-DSS-AES256-SHA256" }, /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256 { 0x0069, "DH-RSA-AES256-SHA256" }, /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256 - { 0x006A, "DHE-DSS-AES256-SHA256" }, /// TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 { 0x006B, "DHE-RSA-AES256-SHA256" } /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 }; -- 1.9.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel