TlsLib: Remove NULL cipher

Thomas Palmer Mon, 06 Jun 2016 19:48:00 -0700

The term "NULL" refers to NULL-MD5, NULL-SHA and NULL-SHA256 when
used to set the SSL cipher list.  As both MD5 and SHA variants are
explicitly listed in our code, I surmise enabling all three by
setting the cipher list to just NULL was not the intended behavior.
This patch will remove NULL as an option for the cipher list and
allow NULL-SHA256 instead.


Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Thomas Palmer <[email protected]>
---
 CryptoPkg/Library/TlsLib/TlsLib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CryptoPkg/Library/TlsLib/TlsLib.c 
b/CryptoPkg/Library/TlsLib/TlsLib.c
index 9f56b7a..b76dd20 100644
--- a/CryptoPkg/Library/TlsLib/TlsLib.c
+++ b/CryptoPkg/Library/TlsLib/TlsLib.c
@@ -53,7 +53,6 @@ typedef struct {
 // OpenSSL-used Cipher Suite name.
 //
 STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = {
-  { 0x0000, "NULL" },                 /// TLS_NULL_WITH_NULL_NULL
   { 0x0001, "NULL-MD5" },             /// TLS_RSA_WITH_NULL_MD5
   { 0x0002, "NULL-SHA" },             /// TLS_RSA_WITH_NULL_SHA
   { 0x0004, "RC4-MD5" },              /// TLS_RSA_WITH_RC4_128_MD5
@@ -62,6 +61,7 @@ STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = {
   { 0x000A, "DES-CBC3-SHA" },         /// TLS_RSA_WITH_3DES_EDE_CBC_SHA
   { 0x002F, "AES128-SHA" },           /// TLS_RSA_WITH_AES_128_CBC_SHA
   { 0x0035, "AES256-SHA" },           /// TLS_RSA_WITH_AES_256_CBC_SHA
+  { 0x003B, "NULL-SHA256" },          /// TLS_RSA_WITH_NULL_SHA256
   { 0x003C, "AES128-SHA256" },        /// TLS_RSA_WITH_AES_128_CBC_SHA256
   { 0x003D, "AES256-SHA256" }         /// TLS_RSA_WITH_AES_256_CBC_SHA256
 };
-- 
1.9.1

_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [PATCH] [edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib: Remove NULL cipher

Reply via email to