Reviewed-By: Wu Jiaxin <[email protected]> Best Regards! Jiaxin
> -----Original Message----- > From: Thomas Palmer [mailto:[email protected]] > Sent: Wednesday, August 3, 2016 5:34 AM > To: [email protected] > Cc: Wu, Jiaxin <[email protected]>; Long, Qin <[email protected]>; > [email protected]; Thomas Palmer <[email protected]> > Subject: [PATCH] [staging/HTTPS-TLS] Delete extra TlsCipherMappingTable > entries > > The TlsCipherMappingTable will be used to control which ciphers UEFI > officially supports. When a user configures the ciphers, each cipher is > checked against this table and if not found is sent the EFI_UNSUPPORTED > error. > > However, when an entry is present in TlsCipherMappingTable, but our library > does not have support for it, the user will not see any error if other ciphers > are being set at the same time. > > This patch will remove entries from TlsLib's TlsCipherMappingTable that our > OpenSSL library is not configured to support. This restores behavior of > immediate feedback to user. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Thomas Palmer <[email protected]> > --- > CryptoPkg/Library/TlsLib/TlsLib.c | 7 ------- > 1 file changed, 7 deletions(-) > > diff --git a/CryptoPkg/Library/TlsLib/TlsLib.c > b/CryptoPkg/Library/TlsLib/TlsLib.c > index 1f3554a..aa08595 100644 > --- a/CryptoPkg/Library/TlsLib/TlsLib.c > +++ b/CryptoPkg/Library/TlsLib/TlsLib.c > @@ -57,31 +57,24 @@ STATIC CONST TLS_CIPHER_PAIR > TlsCipherMappingTable[] = { > { 0x0002, "NULL-SHA" }, /// TLS_RSA_WITH_NULL_SHA > { 0x0004, "RC4-MD5" }, /// TLS_RSA_WITH_RC4_128_MD5 > { 0x0005, "RC4-SHA" }, /// TLS_RSA_WITH_RC4_128_SHA > - { 0x0007, "IDEA-CBC-SHA" }, /// TLS_RSA_WITH_IDEA_CBC_SHA > - { 0x0009, "DES-CBC-SHA" }, /// TLS_RSA_WITH_DES_CBC_SHA > { 0x000A, "DES-CBC3-SHA" }, /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, > mandatory TLS 1.1 > - { 0x0013, "DHE-DSS-DES-CBC3-SHA" }, /// > TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.0 > { 0x0016, "DHE-RSA-DES-CBC3-SHA" }, /// > TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA > { 0x002F, "AES128-SHA" }, /// TLS_RSA_WITH_AES_128_CBC_SHA, > mandatory TLS 1.2 > { 0x0030, "DH-DSS-AES128-SHA" }, /// > TLS_DH_DSS_WITH_AES_128_CBC_SHA > { 0x0031, "DH-RSA-AES128-SHA" }, /// > TLS_DH_RSA_WITH_AES_128_CBC_SHA > - { 0x0032, "DHE-DSS-AES128-SHA" }, /// > TLS_DHE_DSS_WITH_AES_128_CBC_SHA > { 0x0033, "DHE-RSA-AES128-SHA" }, /// > TLS_DHE_RSA_WITH_AES_128_CBC_SHA > { 0x0035, "AES256-SHA" }, /// TLS_RSA_WITH_AES_256_CBC_SHA > { 0x0036, "DH-DSS-AES256-SHA" }, /// > TLS_DH_DSS_WITH_AES_256_CBC_SHA > { 0x0037, "DH-RSA-AES256-SHA" }, /// > TLS_DH_RSA_WITH_AES_256_CBC_SHA > - { 0x0038, "DHE-DSS-AES256-SHA" }, /// > TLS_DHE_DSS_WITH_AES_256_CBC_SHA > { 0x0039, "DHE-RSA-AES256-SHA" }, /// > TLS_DHE_RSA_WITH_AES_256_CBC_SHA > { 0x003B, "NULL-SHA256" }, /// TLS_RSA_WITH_NULL_SHA256 > { 0x003C, "AES128-SHA256" }, /// > TLS_RSA_WITH_AES_128_CBC_SHA256 > { 0x003D, "AES256-SHA256" }, /// > TLS_RSA_WITH_AES_256_CBC_SHA256 > { 0x003E, "DH-DSS-AES128-SHA256" }, /// > TLS_DH_DSS_WITH_AES_128_CBC_SHA256 > { 0x003F, "DH-RSA-AES128-SHA256" }, /// > TLS_DH_RSA_WITH_AES_128_CBC_SHA256 > - { 0x0040, "DHE-DSS-AES128-SHA256" }, /// > TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 > { 0x0067, "DHE-RSA-AES128-SHA256" }, /// > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 > { 0x0068, "DH-DSS-AES256-SHA256" }, /// > TLS_DH_DSS_WITH_AES_256_CBC_SHA256 > { 0x0069, "DH-RSA-AES256-SHA256" }, /// > TLS_DH_RSA_WITH_AES_256_CBC_SHA256 > - { 0x006A, "DHE-DSS-AES256-SHA256" }, /// > TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 > { 0x006B, "DHE-RSA-AES256-SHA256" } /// > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 > }; > > -- > 1.9.1 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
