Reviewed-by: Samer El-Haj-Mahmoud <[email protected]> -----Original Message----- From: Palmer, Thomas Sent: Monday, June 6, 2016 9:47 PM To: [email protected] Cc: El-Haj-Mahmoud, Samer <[email protected]>; [email protected]; Palmer, Thomas <[email protected]> Subject: [PATCH] [edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib: Remove NULL cipher
The term "NULL" refers to NULL-MD5, NULL-SHA and NULL-SHA256 when used to set the SSL cipher list. As both MD5 and SHA variants are explicitly listed in our code, I surmise enabling all three by setting the cipher list to just NULL was not the intended behavior. This patch will remove NULL as an option for the cipher list and allow NULL-SHA256 instead. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Thomas Palmer <[email protected]> --- CryptoPkg/Library/TlsLib/TlsLib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CryptoPkg/Library/TlsLib/TlsLib.c b/CryptoPkg/Library/TlsLib/TlsLib.c index 9f56b7a..b76dd20 100644 --- a/CryptoPkg/Library/TlsLib/TlsLib.c +++ b/CryptoPkg/Library/TlsLib/TlsLib.c @@ -53,7 +53,6 @@ typedef struct { // OpenSSL-used Cipher Suite name. // STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = { - { 0x0000, "NULL" }, /// TLS_NULL_WITH_NULL_NULL { 0x0001, "NULL-MD5" }, /// TLS_RSA_WITH_NULL_MD5 { 0x0002, "NULL-SHA" }, /// TLS_RSA_WITH_NULL_SHA { 0x0004, "RC4-MD5" }, /// TLS_RSA_WITH_RC4_128_MD5 @@ -62,6 +61,7 @@ STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = { { 0x000A, "DES-CBC3-SHA" }, /// TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x002F, "AES128-SHA" }, /// TLS_RSA_WITH_AES_128_CBC_SHA { 0x0035, "AES256-SHA" }, /// TLS_RSA_WITH_AES_256_CBC_SHA + { 0x003B, "NULL-SHA256" }, /// TLS_RSA_WITH_NULL_SHA256 { 0x003C, "AES128-SHA256" }, /// TLS_RSA_WITH_AES_128_CBC_SHA256 { 0x003D, "AES256-SHA256" } /// TLS_RSA_WITH_AES_256_CBC_SHA256 }; -- 1.9.1 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
