1. Patchew
  2. EDK2
  3. [edk2] [PATCH v2 0/9] {Ovmf, Mde, Network, Crypto}Pkg: fixes+features for setting HTTPS cipher suites
  4. View patch

[edk2] [PATCH v2 5/9] CryptoPkg/TlsLib: replace TlsGetCipherString() with TlsGetCipherMapping()

Laszlo Ersek posted 9 patches 6 years, 6 months ago
[edk2] [PATCH v2 5/9] CryptoPkg/TlsLib: replace TlsGetCipherString() with TlsGetCipherMapping()
Posted by Laszlo Ersek 6 years, 6 months ago 
In the following patches it will be useful if the IANA CipherId lookup
returns a pointer to the whole matching IANA-to-OpenSSL mapping structure,
not just the OpenSSL cipher suite name. Rename TLS_CIPHER_PAIR and
TlsGetCipherString() to TLS_CIPHER_MAPPING and TlsGetCipherMapping()
respectively, and make the function return a pointer to
TLS_CIPHER_MAPPING.

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Qin Long <qin.long@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---

Notes:
    v2:
    - no change

 CryptoPkg/Library/TlsLib/TlsConfig.c | 37 +++++++++++---------
 1 file changed, 20 insertions(+), 17 deletions(-)

diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
index 2ffe58ad29a2..507489386b8e 100644
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -21,19 +21,19 @@ typedef struct {
   //
   UINT16                          IanaCipher;
   //
   // OpenSSL-used Cipher Suite String
   //
   CONST CHAR8                     *OpensslCipher;
-} TLS_CIPHER_PAIR;
+} TLS_CIPHER_MAPPING;
 
 //
 // The mapping table between IANA/IETF Cipher Suite definitions and
 // OpenSSL-used Cipher Suite name.
 //
-STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = {
+STATIC CONST TLS_CIPHER_MAPPING TlsCipherMappingTable[] = {
   { 0x0001, "NULL-MD5" },                 /// TLS_RSA_WITH_NULL_MD5
   { 0x0002, "NULL-SHA" },                 /// TLS_RSA_WITH_NULL_SHA
   { 0x0004, "RC4-MD5" },                  /// TLS_RSA_WITH_RC4_128_MD5
   { 0x0005, "RC4-SHA" },                  /// TLS_RSA_WITH_RC4_128_SHA
   { 0x000A, "DES-CBC3-SHA" },             /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1
   { 0x0016, "DHE-RSA-DES-CBC3-SHA" },     /// TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
@@ -54,42 +54,42 @@ STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = {
   { 0x0068, "DH-DSS-AES256-SHA256" },     /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256
   { 0x0069, "DH-RSA-AES256-SHA256" },     /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256
   { 0x006B, "DHE-RSA-AES256-SHA256" }     /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
 };
 
 /**
-  Gets the OpenSSL cipher suite string for the supplied IANA TLS cipher suite.
+  Gets the OpenSSL cipher suite mapping for the supplied IANA TLS cipher suite.
 
   @param[in]  CipherId    The supplied IANA TLS cipher suite ID.
 
-  @return  The corresponding OpenSSL cipher suite string if found,
+  @return  The corresponding OpenSSL cipher suite mapping if found,
            NULL otherwise.
 
 **/
 STATIC
-CONST CHAR8 *
-TlsGetCipherString (
+CONST TLS_CIPHER_MAPPING *
+TlsGetCipherMapping (
   IN     UINT16                   CipherId
   )
 {
-  CONST TLS_CIPHER_PAIR  *CipherEntry;
-  UINTN                  TableSize;
-  UINTN                  Index;
+  CONST TLS_CIPHER_MAPPING  *CipherEntry;
+  UINTN                     TableSize;
+  UINTN                     Index;
 
   CipherEntry = TlsCipherMappingTable;
-  TableSize = sizeof (TlsCipherMappingTable) / sizeof (TLS_CIPHER_PAIR);
+  TableSize = sizeof (TlsCipherMappingTable) / sizeof (TLS_CIPHER_MAPPING);
 
   //
   // Search Cipher Mapping Table for IANA-OpenSSL Cipher Translation
   //
   for (Index = 0; Index < TableSize; Index++, CipherEntry++) {
     //
     // Translate IANA cipher suite name to OpenSSL name.
     //
     if (CipherEntry->IanaCipher == CipherId) {
-      return CipherEntry->OpensslCipher;
+      return CipherEntry;
     }
   }
 
   //
   // No Cipher Mapping found, return NULL.
   //
@@ -226,34 +226,37 @@ EFIAPI
 TlsSetCipherList (
   IN     VOID                     *Tls,
   IN     UINT16                   *CipherId,
   IN     UINTN                    CipherNum
   )
 {
-  TLS_CONNECTION  *TlsConn;
-  UINTN           Index;
-  CONST CHAR8     *MappingName;
-  CHAR8           CipherString[500];
+  TLS_CONNECTION           *TlsConn;
+  UINTN                    Index;
+  CONST TLS_CIPHER_MAPPING *Mapping;
+  CONST CHAR8              *MappingName;
+  CHAR8                    CipherString[500];
 
   TlsConn = (TLS_CONNECTION *) Tls;
   if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {
     return EFI_INVALID_PARAMETER;
   }
 
+  Mapping     = NULL;
   MappingName = NULL;
 
   memset (CipherString, 0, sizeof (CipherString));
 
   for (Index = 0; Index < CipherNum; Index++) {
     //
     // Handling OpenSSL / RFC Cipher name mapping.
     //
-    MappingName = TlsGetCipherString (*(CipherId + Index));
-    if (MappingName == NULL) {
+    Mapping = TlsGetCipherMapping (*(CipherId + Index));
+    if (Mapping == NULL) {
       return EFI_UNSUPPORTED;
     }
+    MappingName = Mapping->OpensslCipher;
 
     if (Index != 0) {
       //
       // The ciphers were separated by a colon.
       //
       AsciiStrCatS (CipherString, sizeof (CipherString), ":");
-- 
2.14.1.3.gb7cf6e02401b


_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.