Age | Commit message (Collapse) | Author |
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Guo Mang <mang.guo@intel.com>
|
|
There are cases that the operands of an expression are all with rank less
than UINT64/INT64 and the result of the expression is explicitly cast to
UINT64/INT64 to fit the target size.
An example will be:
UINT32 a,b;
// a and b can be any unsigned int type with rank less than UINT64, like
// UINT8, UINT16, etc.
UINT64 c;
c = (UINT64) (a + b);
Some static code checkers may warn that the expression result might
overflow within the rank of "int" (integer promotions) and the result is
then cast to a bigger size.
The commit refines codes by the following rules:
1). When the expression is possible to overflow the range of unsigned int/
int:
c = (UINT64)a + b;
2). When the expression will not overflow within the rank of "int", remove
the explicit type casts:
c = a + b;
3). When the expression will be cast to pointer of possible greater size:
UINT32 a,b;
VOID *c;
c = (VOID *)(UINTN)(a + b); --> c = (VOID *)((UINTN)a + b);
4). When one side of a comparison expression contains only operands with
rank less than UINT32:
UINT8 a;
UINT16 b;
UINTN c;
if ((UINTN)(a + b) > c) {...} --> if (((UINT32)a + b) > c) {...}
For rule 4), if we remove the 'UINTN' type cast like:
if (a + b > c) {...}
The VS compiler will complain with warning C4018 (signed/unsigned
mismatch, level 3 warning) due to promoting 'a + b' to type 'int'.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
|
|
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Zhang Lubo <lubo.zhang@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
|
|
This path made the following update:
* Generate SPI randomly.
* Correct IKE_SPI_BASE value according RFC 4302/4303.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
|
|
*v2: update the commit log and refine the code comments.
There are three kinds of IKE Exchange process:
#1. Initial Exchange
#2. CREATE_CHILD_SA_Exchange
#3. Information Exchange
The IKE header "FLAG" update is incorrect in #2 and #3 exchange,
which may cause the continue session failure. This patch is used
to correct the updates of IKE header "FLAG" according the RFC4306
section 3.1.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
|
|
*v2: update the commit log.
IKE Initial Exchange message should cover below process:
Initiator Responder
Message1 HDR,SAil,KEi,Ni ------>
Message2 <------ HDR,SArl,KEr,Nr,[CERTREQ]
Message3 HDR,SK{} ------>
Message4 <------ HDR,SK{}
If Initial Exchange message is initiated by Linux IKE, it works well.
But the failure will happen if it's initiated by UEFI IKE. This issue
is caused by the no status check of NotifyCookiePayload.
While parsing the IKEv2 packet for IKE_SA_INIT exchange, if the packet
doesn't contain COOKIE Notify payload, EFI_INVALID_PARAMETER will be
returned from Ikev2ParserNotifyCookiePayload(). Current implementation
return this error status directly, then the session will be broken. The
correct behavior should check this status. If no COOKIE Notify payload,
initiator don't need to retry the IKE_SA_INIT.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
|
|
A number of code locations use
ASSERT_EFI_ERROR (BooleanExpression)
instead of
ASSERT (BooleanExpression)
Fix them.
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
|
|
The commit of 6b16c9e7 removes ASSERT and use error handling
in IpSecDxe driver, but may cause the potential NULL pointer
dereference. So, this patch is used to avoid NULL pointer
dereference.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
|
|
This patch is used to refine the code by removing ASSERT and
using error handling in IpSecDxe driver.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
|
|
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
|
|
IpSecStop() is incompetent to send out the delete information since the underlying
IP child has been destroyed. Delete all established IKE SAs and related
Child SAs directly.
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18223 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <samer.el-haj-mahmoud@hp.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17773 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Shumin Qiu <shumin.qiu@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Mudusuru Giri P <giri.p.mudusuru@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17049 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu, Siyuan <siyuan.fu@intel.com>
Reviewed-By: Dong, Eric <eric.dong@intel.com>
Reviewed-by: Wu, Jiaxin <jiaxin.wu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15773 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15589 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: Tian, Hot <hot.tian@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15157 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Jin, Eric <eric.jin@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15049 6f19259b-4bc3-4df7-8a09-765794883524
|
|
to be zero when it is the last transform structure in a proposal. The same as Proposal Structure’s Next Payload filed, it also should be zero when it is the last proposal in the SA.
2.Delete all SAs in the IPsec->Stop().
Signed-off-by: qianouyang
Reviewed-by: sfu5
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12768 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: sfu5
Reviewed-by: xdu2
Reviewed-by: ydong10
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12514 6f19259b-4bc3-4df7-8a09-765794883524
|
|
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11262 6f19259b-4bc3-4df7-8a09-765794883524
|
|
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11258 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Callback functions must always use EFIAPI.
GCC 4.4 X64 flagged these mismatches in EFIAPI usage.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11221 6f19259b-4bc3-4df7-8a09-765794883524
|
|
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11219 6f19259b-4bc3-4df7-8a09-765794883524
|