Re: [edk2] [PATCH] [edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib: Remove NULL cipher

Mon, 13 Jun 2016 17:37:15 -0700 

Reviewed-By: Wu Jiaxin <jiaxin...@intel.com>

Best Regards!
Jiaxin

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of
> Thomas Palmer
> Sent: Tuesday, June 7, 2016 10:47 AM
> To: edk2-devel@lists.01.org
> Cc: Wu, Jiaxin <jiaxin...@intel.com>
> Subject: [edk2] [PATCH] [edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib:
> Remove NULL cipher
> 
> The term "NULL" refers to NULL-MD5, NULL-SHA and NULL-SHA256 when
> used to set the SSL cipher list.  As both MD5 and SHA variants are explicitly
> listed in our code, I surmise enabling all three by setting the cipher list 
> to just
> NULL was not the intended behavior.
> This patch will remove NULL as an option for the cipher list and allow NULL-
> SHA256 instead.
> 
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Thomas Palmer <thomas.pal...@hpe.com>
> ---
>  CryptoPkg/Library/TlsLib/TlsLib.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/CryptoPkg/Library/TlsLib/TlsLib.c
> b/CryptoPkg/Library/TlsLib/TlsLib.c
> index 9f56b7a..b76dd20 100644
> --- a/CryptoPkg/Library/TlsLib/TlsLib.c
> +++ b/CryptoPkg/Library/TlsLib/TlsLib.c
> @@ -53,7 +53,6 @@ typedef struct {
>  // OpenSSL-used Cipher Suite name.
>  //
>  STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = {
> -  { 0x0000, "NULL" },                 /// TLS_NULL_WITH_NULL_NULL
>    { 0x0001, "NULL-MD5" },             /// TLS_RSA_WITH_NULL_MD5
>    { 0x0002, "NULL-SHA" },             /// TLS_RSA_WITH_NULL_SHA
>    { 0x0004, "RC4-MD5" },              /// TLS_RSA_WITH_RC4_128_MD5
> @@ -62,6 +61,7 @@ STATIC CONST TLS_CIPHER_PAIR
> TlsCipherMappingTable[] = {
>    { 0x000A, "DES-CBC3-SHA" },         /// TLS_RSA_WITH_3DES_EDE_CBC_SHA
>    { 0x002F, "AES128-SHA" },           /// TLS_RSA_WITH_AES_128_CBC_SHA
>    { 0x0035, "AES256-SHA" },           /// TLS_RSA_WITH_AES_256_CBC_SHA
> +  { 0x003B, "NULL-SHA256" },          /// TLS_RSA_WITH_NULL_SHA256
>    { 0x003C, "AES128-SHA256" },        /// TLS_RSA_WITH_AES_128_CBC_SHA256
>    { 0x003D, "AES256-SHA256" }         /// TLS_RSA_WITH_AES_256_CBC_SHA256
>  };
> --
> 1.9.1
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to