| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542
Bug Overview:
PixieFail Bug #9
CVE-2023-45237
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Use of a Weak PseudoRandom Number Generator
Change Overview:
Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either
>
> EFI_STATUS
> EFIAPI
> PseudoRandomU32 (
> OUT UINT32 *Output
> );
>
or (depending on the use case)
>
> EFI_STATUS
> EFIAPI
> PseudoRandom (
> OUT VOID *Output,
> IN UINTN OutputLength
> );
>
This is because the use of
Example:
The following code snippet PseudoRandomU32 () function is used:
>
> UINT32 Random;
>
> Status = PseudoRandomU32 (&Random);
> if (EFI_ERROR (Status)) {
> DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n",
__func__, Status));
> return Status;
> }
>
This also introduces a new PCD to enable/disable the use of the
secure implementation of algorithms for PseudoRandom () and
instead depend on the default implementation. This may be required for
some platforms where the UEFI Spec defined algorithms are not available.
>
> PcdEnforceSecureRngAlgorithms
>
If the platform does not have any one of the UEFI defined
secure RNG algorithms then the driver will assert.
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
|
|
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737
Apply uncrustify changes to .c/.h files in the NetworkPkg package
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
|
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2273
Ip6ConfigReadConfigData() reads configuration data from a UEFI variable
and copies the data to another buffer. This change checks that the
length
of the data record being copied does not exceed the size of the source
UEFI variable data buffer.
If the size is exceeded, this change follows existing logic to treat the
variable as corrupted and deletes the variable so it will be set again.
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
|
Fix various typos in comments and documentation.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Maciej Rabeda <maciej.rabeda@intel.com>
Signed-off-by: Antoine Coeur <coeur@gmx.fr>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Maciej Rabeda <maciej.rabeda@intel.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
Message-Id: <20200207010831.9046-41-philmd@redhat.com>
|
|
https://bugzilla.tianocore.org/show_bug.cgi?id=1373
Replace BSD 2-Clause License with BSD+Patent License. This change is
based on the following emails:
https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html
https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html
RFCs with detailed process for the license change:
V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html
V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html
V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
|
|
1. Do not use tab characters
2. No trailing white space in one line
3. All files must end with CRLF
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
|
|
During setting the DnsServer, the DataSize check is incorrect.
This patch is to fix the issue.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
|
|
UEFI Spec 2.7 adds the clarification on SetData interface usage to clear specific
individual data types. This patch is to support this feature.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
|
|
This patch is to fix the potential issue recorded at Bugzilla 636:
https://bugzilla.tianocore.org/show_bug.cgi?id=636
The issue is caused by the IPv6 policy switching after PXEv6 boot. When IP
policy is changing, the IPv6 children used by PXE.UdpRead() will be destroyed.
Then, PXE Stop() function is called to uninstall the devicePath protocol,
which leads to the IPv6 PXE boot option goes missing.
Through the above analysis, the IP driver should take the responsibility for
the upper layer network stacks recovery by using ConnectController().
Cc: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Cc: Subramanian Sriram <sriram-s@hpe.com>
Cc: Ni Ruiyu <ruiyu.ni@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Reviewed-by: Subramanian Sriram <sriram-s@hpe.com>
Tested-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
|
|
warter -> water
Maunual -> Manual
TCP and UDP --> TCP4 and TCP6
TCP or UDP --> TCP4 or TCP6
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
|
|
If we set PXEv6 as the first boot option and reboot immediately
after the first successful boot, it will assert. the root cause is
when we set the policy from manual to automatic in PXE driver,
the ip6 Configure item size is already set to zero and other
structures are also released, So it is not needed to perform DAD call
back function which is invoked by Ip6ConfigSetMaunualAddress.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
|
|
Having duplicated DNS server IPs specified is not an ideal
configuration, but not an error condition. This patch is to
remove the duplicated DNS address check to allow the same DNS
address setting in SetData().
Cc: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Cc: Subramanian Sriram <sriram-s@hpe.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Subramanian Sriram <sriram-s@hpe.com>
Reviewed-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Tested-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
|
|
Update the interface name from ethA ethB to
eth10, eth11 etc if port number more than 9.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Sriram Subramanian <sriram-s@hpe.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Sriram Subramanian <sriram-s@hpe.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
|
|
Currently, When there are more than 9 Ethernet ports available,
'ifconfig6 -l' is not listing all the ports, only show the ports 0 to 9.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Santhapur Naveen <naveens@amiindia.co.in>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
|
|
Ip6ConfigSetDnsServer may cause ASSERT if the invalid DNS
server address received. The issue is triggered by the NULL
pointer(Tmp) free.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
|
|
- assocated -> associated
- malformated -> malformatted
- mal-formated -> mal-formatted
- formated -> formatted
- octects -> octets
- responsiblity -> responsibility
- enought -> enough
- immediatly -> immediately
- integar -> integer
- Alogrithem -> Algorithm
- Initializeion -> Initialization
- primelenght -> primelength
- Vlaue -> Value
- perfoms -> performs
- randome -> random
- verifed -> verified
- finallization -> finalization
- Intializes -> Initializes
- specifed -> specified
- if -> If
- Decrption -> Decryption
- Autahentication -> Authentication
- informatino -> information
- alogrithm -> algorithm
- Authenticaion -> Authentication
- Alogrithem -> Algorithm
- containning -> containing
- paramter -> parameter
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-By: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-By: Jiaxin Wu <jiaxin.wu@intel.com>
|
|
The previous DNS server data will be retained after the policy
changes from Auto to Manual. This patch is used to clean the
previous dhcp configuration data.
Cc: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Cc: Subramanian Sriram <sriram-s@hpe.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Sriram Subramanian <sriram-s@hpe.com>
Reviewed-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Tested-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
|
|
v2:
*Since we have redefined the name of arch types in Dhcp.h for http boot,
it need to change corresponding codes.
Add a new head file Dhcp.h in Mde/Include/IndustryStandard, normalize the
universal option numbers and other network number tags.
Cc: Sriram Subramanian <sriram-s@hpe.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
|
|
The default policy for Ip6Config is Ip6ConfigPolicyAutomatic,
which results in all NIC ports starting SARR process when it
receives RA message with M flag from IPv6 router. So, this
patch is used to changes the the default IPv6 config policy to
Ip6ConfigPolicyManualand also defer the SetData operation after
Ip6ConfigProtocol installed. This update let the other platform
drivers have chance to change the default config data by consume
Ip6ConfigProtocol.
Cc: Subramanian Sriram <sriram-s@hpe.com>
Cc: El-Haj-Mahmoud Samer <samer.el-haj-mahmoud@hpe.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Subramanian Sriram <sriram-s@hpe.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
|
|
The IP6 driver may create duplicate IP6_DAD_ENTRY in DupAddrDetectList in some situation like:
1. Address policy switch but not clear the delay node list, OR
2. Set manual address repeatedly before the previous DAD is finished.
The NS sent out by duplicate DAD entry will mix up with the loop back multicast packet, result in DAD fail.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17263 6f19259b-4bc3-4df7-8a09-765794883524
|
|
2. Update IP6 driver to use previous configured prefix length if a pre-exist IP6 address with unspecified prefix length.
3. Add NULL check for Dhcp protocol pointer before it decline the address in Ip6ConfigSetStatefulAddrCallback() function.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu, Siyuan <siyuan.fu@intel.com>
Reviewed-By: Ye, Ting (ting.ye@intel.com)
Reviewed-By: Wu, Jiaxin <jiaxin.wu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16131 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: Kinney, Michael D <michael.d.kinney@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14216 6f19259b-4bc3-4df7-8a09-765794883524
|
|
option on the different IP stack is selected.
2. Retrieve the IP information after iSCSI TCPv6 connection established and fill it into iBFT table.
3. Generate a random IAID for each NIC port to require different IPv6 address in PXE driver.
4. Update function EfiMtftp6Configure() and Mtftp6RrqHandleOack() to allocate at most one UdpIo.
5. Fix a typo from “destory” to “destroy” in network code.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Ouyang Qian <qian.ouyang@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13859 6f19259b-4bc3-4df7-8a09-765794883524
|
|
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11263 6f19259b-4bc3-4df7-8a09-765794883524
|
|
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10986 6f19259b-4bc3-4df7-8a09-765794883524
|
