This patch is used to enable HTTPS feature. HttpDxe driver
will consume TlsDxe driver. It can both support http and https
feature, that’s depended on the information of URL, the HTTP
instance can be able to determine whether to use http or https.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Cc: Long Qin <qin.long@intel.com>
Cc: Thomas Palmer <thomas.palmer@hpe.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
This patch provides the UI to support TLS auth configuration.
* EFI_SIGNATURE_LIST format is used for 'TlsCaCertificate'
variable. So, TLS supports multiple certificate configuration.
* The variable attribute is BS with NV, which only target at
preventing runtime phase attack.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Cc: Long Qin <qin.long@intel.com>
Cc: Thomas Palmer <thomas.palmer@hpe.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
v3:
* Typo fix and code refine.
* Rename the internal macros and function:
TLS_INSTANCE_FROM_PROTOCOL_THIS -> TLS_INSTANCE_FROM_PROTOCOL
TLS_INSTANCE_FROM_CONFIGURATION_THIS -> TLS_INSTANCE_FROM_CONFIGURATION
TlsEcryptPacket -> TlsEncryptPacket
v2:
* Refine the TlsEcryptPacket/TlsDecryptPacket function
according the community feedback.
This patch is the implementation of EFI TLS Service Binding
Protocol, EFI TLS Protocol and EFI TLS Configuration Protocol
Interfaces.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Cc: Long Qin <qin.long@intel.com>
Cc: Thomas Palmer <thomas.palmer@hpe.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
This commit refines the logic for HttpBootUintnToAscDecWithFormat and
PxeBcUintnToAscDecWithFormat. It avoids using the decrement operator '--'
for array index to prevent possible mis-reports by static code checkers.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
This patch remove the ASSERT when receive a DHCP packet large than the maximum
cache buffer size.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
This patch updates the PXE and HTTP boot driver to drop the input DHCP packet
if it exceed the maximum length.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com>
In one of the next patches, we'll introduce ARRAY_SIZE in
"MdePkg/Include/Base.h". In order to proceed in small steps, make the
module-local definition of ARRAY_SIZE conditional. This way the
introduction of the macro under MdePkg will silently switch this module
over (after which we can remove the module-local definition completely).
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
According to RFC 3720, the TargetAddress provided in a redirection
might be a DNS host name, a dotted-decimal IPv4 address, or a
bracketed IPv6 address. Current ISCSI driver in Networkpkg only
supports dotted-decimal IPv4 address, so we need add IPv6 address
support since it is a combo driver supporting dual stack.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
There may be an error happens when we use the
configure function to set or change the configuration
data for the DNS6 instance, So we will free the
DnsServerList without configured to NULL. If we reset
the instance with the parameter DnsConfigData to NULL, the
DnsServerList will be freed twice.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
The BootFileURL option (59) in dhcpv6 is used to deliver
the next server address with bootfile name, as an example
"tftp://[FEDC:BA98:7654:3210:FEDC:BA98:7654:3210]/BOOTFILE_NAME;
mode=octet", it can also be “tftp://domain_name/BOOTFILE_NAME;
mode=octet”, this patch is to support this case.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Current ISCSI driver records redirected iSCSI targetIP/Port in iBFT
once redirection occurs, which removes the possibility of the OS
to reconnect to the configured IP for load balancing. The behavior
is not explicitly described in IBFT spec, though the MSFT expert
confirm we should record original user setting rather than
publish the redirected IP.
Thanks Sriram for reviewing and validating this patch in his test-bed.
Cc: Subramanian Sriram <sriram-s@hpe.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Subramanian Sriram <sriram-s@hpe.com>
Tcp driver need to use EFI_D_NET to log DEBUG message,
So it becomes easy to separate/filter out debug messages
from network stack versus generic EFI_D_INFO debugs.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Cc: Subramanian Sriram <sriram-s@hpe.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Reviewed-by: Sriram Subramanian <sriram-s@hpe.com>
The previous DNS server data will be retained after the policy
changes from Auto to Manual. This patch is used to clean the
previous dhcp configuration data.
Cc: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Cc: Subramanian Sriram <sriram-s@hpe.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Sriram Subramanian <sriram-s@hpe.com>
Reviewed-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Tested-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
When HostNameToIp() and GeneralLookUp() are called with a invalid
host name, RCODE (4 bit field is set as part of responses) error
will returned in packet to identify the domain name referenced in
the query does not exist. So, EFI_NOT_FOUND should be returned
directly.
Current implementation only check the RCODE in successful condition.
Need update the code for more error check according to RFC 1035 4.1.1
section.
Cc: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Tested-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Reviewed-by: Sriram Subramanian <sriram-s@hpe.com>
v2:
* Code refine.
* For DnsCache, the minimum value of TTL is selected between CNAME and A/AAAA record.
According RFC 1034 - 3.6.2, if the query name is an alias, the name server
will include the CNAME record in the response and restart the query at the
domain name specified in the data field of the CNAME record. RFC also provides
one example server action when A query received:
Suppose a name server was processing a query with for USCISIC.ARPA, asking for
type A information, and had the following resource records:
USC-ISIC.ARPA IN CNAME C.ISI.EDU
C.ISI.EDU IN A 10.0.0.52
Both of these RRs would be returned in the response to the type A query.
Currently, DnsDxe driver doesn't handle the CNAME type response, which will cause
any exception result. The driver need continue the packet parsing while CNAME type
record parsed. So, this patch is used to handle it correctly.
Cc: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Tested-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
This path made the following update:
* Generate SPI randomly.
* Correct IKE_SPI_BASE value according RFC 4302/4303.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
*v2: update the commit log and refine the code comments.
There are three kinds of IKE Exchange process:
#1. Initial Exchange
#2. CREATE_CHILD_SA_Exchange
#3. Information Exchange
The IKE header "FLAG" update is incorrect in #2 and #3 exchange,
which may cause the continue session failure. This patch is used
to correct the updates of IKE header "FLAG" according the RFC4306
section 3.1.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
*v2: update the commit log.
IKE Initial Exchange message should cover below process:
Initiator Responder
Message1 HDR,SAil,KEi,Ni ------>
Message2 <------ HDR,SArl,KEr,Nr,[CERTREQ]
Message3 HDR,SK{} ------>
Message4 <------ HDR,SK{}
If Initial Exchange message is initiated by Linux IKE, it works well.
But the failure will happen if it's initiated by UEFI IKE. This issue
is caused by the no status check of NotifyCookiePayload.
While parsing the IKEv2 packet for IKE_SA_INIT exchange, if the packet
doesn't contain COOKIE Notify payload, EFI_INVALID_PARAMETER will be
returned from Ikev2ParserNotifyCookiePayload(). Current implementation
return this error status directly, then the session will be broken. The
correct behavior should check this status. If no COOKIE Notify payload,
initiator don't need to retry the IKE_SA_INIT.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
The bug is caused by using already freed memory.
If there is already an attempt and execute
'reconnect -r' command, all the AttemptConfig structure
will be freed, but the mCallbackInfo->Current is not
configured as null and this pointer will be used again in
IScsiFormExtractConfig.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
The RSDT is only used when the bios need to support ACPI 1.0
version. When change PcdAcpiExposedTableVersions to 0x3C, it
will not support ACPI 1.0. The default is 0x3E.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Add the following definition in the [BuildOptions] section in package DSC
files to disable APIs that are deprecated:
[BuildOptions]
*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com>
The UefiPxeBcDxe module encounters a build error for IA32 arch using the
latest version of VS2015:
UefiPxeBcDxe.lib(PxeBcBoot.obj) : error LNK2001: unresolved external
symbol __allmul
The cause is line 148 in file NetworkPkg\UefiPxeBcDxe\PxeBcBoot.c. The
third parameter for gBS->SetTimer() function is of type UINT64, so the
multiplication should use the MultU64x32() function now.
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
The IScsiDxe module encounters a build error for IA32 arch using the
latest version of VS2015:
IScsiDxe.lib(IScsiProto.obj) : error LNK2001: unresolved external symbol
__allmul
The cause is line 141 in file NetworkPkg\IScsiDxe\IScsiProto.c. The third
parameter for gBS->SetTimer() function is of type UINT64, so the
multiplication should use the MultU64x32() function now.
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
The size of the ClassIdentifier is apparently wrong in the structure. In my
testing it caused the vendor class data to be displayed as bogus
"HTTPClient:Arch00016x:UNDI00300". After correcting the size the vendor class
data is "HTTPClient:Arch00016:UNDI003000" which looks good to me.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Zhang Lubo <lubo.zhang@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Consider the situation as shown in below chart. The last ACK message has
acknowledged the Tcb->RcvWl2, and all the segments until Tcb->RcvNxt have
been received by TCP driver. The Tcb->RcvNxt is not acknowledged due to the
delayed ACK. In this case an incoming segment (Seg->Seq, Seg->End) should
not be accepted by TCP driver, and an immediate ACK is required.
Current TcpSeqAcceptable() thought it’s an acceptable segment incorrectly, it
continues the TcpInput() process instead of sending out an ACK and droping the
segment immediately.
Tcb->RcvWl2 Tcb->RcvNxt Tcb->RcvWl2 + Tcb->RcvWnd
Seg->Seq Seg->End | |
| | | | |
---+-----+---------------+-------------+--------------------------+-----------
<income segment> <----Acceptable Range--- -->
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-By: Eugene Cohen <eugene@hp.com>
Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-By: Ye Ting <ting.ye@intel.com>
The bug existed in replacing AsciiStrToUnicodeStr with AsciiStrToUnicodeStrS,
since MacString now is a pointer, the value sizeof(MacString)/sizeof (MacString[0])
is not correct here as the third parameter.
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
After boot image has been downloaded, the HTTP boot driver leaves the service
in the started state, with an active TCP child. This may cause some problems:
1. The HTTP session may become unavaiable after a while, then a following HTTP
Boot will fail.
2. An active TCP child will send RST to any incoming TCP message, which may
break other driver which tries to setup a TCP connection.
The HTTP boot driver doesn't provide any interface to the boot loader, so it's
unnecessary to keep the service running after a boot image is downloaded.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com>
The commit of 6b16c9e7 removes ASSERT and use error handling
in IpSecDxe driver, but may cause the potential NULL pointer
dereference. So, this patch is used to avoid NULL pointer
dereference.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
v2:
*Since we have redefined the name of arch types in Dhcp.h for http boot,
it need to change corresponding codes.
Add a new head file Dhcp.h in Mde/Include/IndustryStandard, normalize the
universal option numbers and other network number tags.
Cc: Sriram Subramanian <sriram-s@hpe.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
v2:
*Fix some memory leak issue.
This patch is used to replace ASSERT with error handling in Http boot
Driver and IScsi driver.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com>