summaryrefslogtreecommitdiffstats
path: root/NetworkPkg/IScsiDxe
Commit message (Collapse)AuthorAgeFilesLines
* NetworkPkg: Update code to be more C11 compliant by using __func__Rebecca Cran2023-04-101-2/+2
| | | | | | | | | | | | __FUNCTION__ is a pre-standard extension that gcc and Visual C++ among others support, while __func__ was standardized in C99. Since it's more standard, replace __FUNCTION__ with __func__ throughout NetworkPkg. Signed-off-by: Rebecca Cran <rebecca@bsdio.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* NetworkPkg: Apply uncrustify changesMichael Kubacki2021-12-0724-3366/+3394
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737 Apply uncrustify changes to .c/.h files in the NetworkPkg package Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
* NetworkPkg: Change OPTIONAL keyword usage styleMichael D Kinney2021-12-073-3/+3
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3760 Update all use of ', OPTIONAL' to ' OPTIONAL,' for function params. Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael Kubacki <michael.kubacki@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
* NetworkPkg: Change use of EFI_D_* to DEBUG_*Michael D Kinney2021-12-071-1/+1
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3739 Update all use of EFI_D_* defines in DEBUG() macros to DEBUG_* defines. Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael Kubacki <michael.kubacki@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
* NetworkPkg: introduce the NETWORK_ISCSI_MD5_ENABLE feature test macroLaszlo Ersek2021-06-301-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | Introduce the NETWORK_ISCSI_MD5_ENABLE feature test macro for NetworkPkg. When explicitly set to FALSE, remove MD5 from IScsiDxe's CHAP algorithm list. Set NETWORK_ISCSI_MD5_ENABLE to TRUE by default, for compatibility reasons. Not just to minimize the disruption for platforms that currently include IScsiDxe, but also because RFC 7143 mandates MD5 for CHAP, and some vendors' iSCSI targets support MD5 only. With MD5 enabled, IScsiDxe will suggest SHA256, and then fall back to MD5 if the target requests it. With MD5 disabled, IScsiDxe will suggest SHA256, and break off the connection (and session) if the target doesn't support SHA256. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3355 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210629163337.14120-7-lersek@redhat.com>
* NetworkPkg/IScsiDxe: support SHA256 in CHAPLaszlo Ersek2021-06-302-1/+14
| | | | | | | | | | | | | | | | | | | Insert a SHA256 CHAP_HASH structure at the start of "mChapHash". Update ISCSI_CHAP_MAX_DIGEST_SIZE to SHA256_DIGEST_SIZE (32). This enables the initiator and the target to negotiate SHA256 for CHAP, in preference to MD5. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3355 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Message-Id: <20210629163337.14120-6-lersek@redhat.com>
* NetworkPkg/IScsiDxe: support multiple hash algorithms for CHAPLaszlo Ersek2021-06-304-23/+207
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce the "mChapHash" table, containing the hash algorithms supported for CHAP. Hash algos listed at the beginning of the table are preferred by the initiator. In ISCSI_CHAP_STEP_ONE, send such a CHAP_A value that is the comma-separated, ordered list of algorithm identifiers from "mChapHash". Pre-format this value string at driver startup, in the new function IScsiCHAPInitHashList(). (In IScsiCHAPInitHashList(), also enforce that every hash algo's digest size fit into ISCSI_CHAP_MAX_DIGEST_SIZE, as the latter controls the digest, outgoing challenge, and hex *allocations*.) In ISCSI_CHAP_STEP_TWO, allow the target to select one of the offered hash algorithms, and remember the selection for the later steps. For ISCSI_CHAP_STEP_THREE, hash the challenge from the target with the selected hash algo. In ISCSI_CHAP_STEP_THREE, send the correctly sized digest to the target. If the initiator wants mutual authentication, then generate a challenge with as many bytes as the target's digest will have, in ISCSI_CHAP_STEP_FOUR. In ISCSI_CHAP_STEP_FOUR (i.e., when mutual authentication is required by the initiator), verify the target's response (digest) with the selected algorithm. Clear the selected hash algorithm before every login (remember that in IScsiDxe, every login is a leading login). There is no peer-observable change from this patch, as it only reworks the current MD5 support into the new internal representation. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3355 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20210629163337.14120-5-lersek@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
* NetworkPkg/IScsiDxe: distinguish "maximum" and "selected" CHAP digest sizesLaszlo Ersek2021-06-302-17/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | IScsiDxe uses the ISCSI_CHAP_RSP_LEN macro for expressing the size of the digest (16) that it solely supports at this point (MD5). ISCSI_CHAP_RSP_LEN is used for both (a) *allocating* digest-related buffers (binary buffers and hex encodings alike), and (b) *processing* binary digest buffers (comparing them, filling them, reading them). In preparation for adding other hash algorithms, split purpose (a) from purpose (b). For purpose (a) -- buffer allocation --, introduce ISCSI_CHAP_MAX_DIGEST_SIZE. For purpose (b) -- processing --, rely on MD5_DIGEST_SIZE from <BaseCryptLib.h>. Distinguishing these purposes is justified because purpose (b) -- processing -- must depend on the hashing algorithm negotiated between initiator and target, while for purpose (a) -- allocation --, using the maximum supported digest size is suitable. For now, because only MD5 is supported, introduce ISCSI_CHAP_MAX_DIGEST_SIZE *as* MD5_DIGEST_SIZE. Note that the argument for using the digest size as the size of the outgoing challenge (in case mutual authentication is desired by the initiator) remains in place. Because of this, the above two purposes are distinguished for the "ISCSI_CHAP_AUTH_DATA.OutChallenge" field as well. This patch is functionally a no-op, just yet. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3355 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Message-Id: <20210629163337.14120-4-lersek@redhat.com>
* NetworkPkg/IScsiDxe: add horizontal whitespace to IScsiCHAP filesLaszlo Ersek2021-06-302-18/+18
| | | | | | | | | | | | | | | | | In the next patches, we'll need more room for various macro and parameter names. For maintaining the current visual alignments, insert some horizontal whitespace in preparation. "git show -b" produces no output for this patch; the patch introduces no functional changes. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3355 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Message-Id: <20210629163337.14120-3-lersek@redhat.com>
* NetworkPkg/IScsiDxe: re-set session-level authentication state before loginLaszlo Ersek2021-06-301-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RFC 7143 explains that a single iSCSI session may use multiple TCP connections. The first connection established is called the leading connection. The login performed on the leading connection is called the leading login. Before the session is considered full-featured, the leading login must succeed. Further (non-leading) connections can be associated with the session later. (It's unclear to me from RFC 7143 whether the non-leading connections require individual (non-leading) logins as well, but that particular question is irrelevant from the perspective of this patch; see below.) The data model in IScsiDxe exhibits some confusion, regarding connection / session association: - On one hand, the "ISCSI_SESSION.Conns" field is a *set* (it has type LIST_ENTRY), and accordingly, connections can be added to, and removed from, a session, with the IScsiAttatchConnection() and IScsiDetatchConnection() functions. - On the other hand, ISCSI_MAX_CONNS_PER_SESSION has value 1, therefore no session will ever use more than 1 connection at a time (refer to instances of "Session->MaxConnections" in "NetworkPkg/IScsiDxe/IScsiProto.c"). This one-to-many confusion between ISCSI_SESSION and ISCSI_CONNECTION is very visible in the CHAP logic, where the progress of the authentication is maintained *per connection*, in the "ISCSI_CONNECTION.AuthStep" field (with values such as ISCSI_AUTH_INITIAL, ISCSI_CHAP_STEP_ONE, etc), but the *data* for the authentication are maintained *per session*, in the "AuthType" and "AuthData" fields of ISCSI_SESSION. Clearly, this makes no sense if multiple connections are eligible for logging in. Knowing that IScsiDxe uses only one connection per session (put differently: knowing that any connection is a leading connection, and any login is a leading login), there is no functionality bug. But the data model is still broken: "AuthType", "AuthData", and "AuthStep" should be maintained at the *same* level -- be it "session-level" or "(leading) connection-level". Fixing this data model bug is more than what I'm signing up for. However, I do need to add one function, in preparation for multi-hash support: whenever a new login is attempted (put differently: whenever the leading login is re-attempted), which always happens with a fresh connection, the session-level authentication data needs to be rewound to a sane initial state. Introduce the IScsiSessionResetAuthData() function. Call it from the central -- session-level -- IScsiSessionLogin() function, just before the latter calls the -- connection-level -- IScsiConnLogin() function. Right now, do nothing in IScsiSessionResetAuthData(); so functionally speaking, the patch is a no-op. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3355 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210629163337.14120-2-lersek@redhat.com>
* NetworkPkg/IScsiDxe: check IScsiHexToBin() return valuesLaszlo Ersek2021-06-091-6/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | IScsiDxe (that is, the initiator) receives two hex-encoded strings from the iSCSI target: - CHAP_C, where the target challenges the initiator, - CHAP_R, where the target answers the challenge from the initiator (in case the initiator wants mutual authentication). Accordingly, we have two IScsiHexToBin() call sites: - At the CHAP_C decoding site, check whether the decoding succeeds. The decoded buffer ("AuthData->InChallenge") can accommodate 1024 bytes, which is a permissible restriction on the target, per <https://tools.ietf.org/html/rfc7143#section-12.1.3>. Shorter challenges from the target are acceptable. - At the CHAP_R decoding site, enforce that the decoding both succeed, and provide exactly ISCSI_CHAP_RSP_LEN bytes. CHAP_R contains the digest calculated by the target, therefore it must be of fixed size. We may only call IScsiCHAPAuthTarget() if "TargetRsp" has been fully populated. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Message-Id: <20210608121259.32451-11-lersek@redhat.com>
* NetworkPkg/IScsiDxe: fix IScsiHexToBin() buffer overflowLaszlo Ersek2021-06-092-3/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | The IScsiHexToBin() function documents the EFI_BUFFER_TOO_SMALL return condition, but never actually checks whether the decoded buffer fits into the caller-provided room (i.e., the input value of "BinLength"), and EFI_BUFFER_TOO_SMALL is never returned. The decoding of "HexStr" can overflow "BinBuffer". This is remotely exploitable, as shown in a subsequent patch, which adds error checking to the IScsiHexToBin() call sites. This issue allows the target to compromise the initiator. Introduce EFI_BAD_BUFFER_SIZE, in addition to the existent EFI_BUFFER_TOO_SMALL, for reporting a special case of the buffer overflow, plus actually catch the buffer overflow. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210608121259.32451-10-lersek@redhat.com>
* NetworkPkg/IScsiDxe: fix IScsiHexToBin() hex parsingLaszlo Ersek2021-06-092-2/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The IScsiHexToBin() function has the following parser issues: (1) If the *subject sequence* in "HexStr" is empty, the function returns EFI_SUCCESS (with "BinLength" set to 0 on output). Such inputs should be rejected. (2) The function mis-handles a "HexStr" that ends with a stray nibble. For example, if "HexStr" is "0xABC", the function decodes it to the bytes {0xAB, 0x0C}, sets "BinLength" to 2 on output, and returns EFI_SUCCESS. Such inputs should be rejected. (3) If an invalid hex char is found in "HexStr", the function treats it as end-of-hex-string, and returns EFI_SUCCESS. Such inputs should be rejected. All of the above cases are remotely triggerable, as shown in a subsequent patch, which adds error checking to the IScsiHexToBin() call sites. While the initiator is not immediately compromised, incorrectly parsing CHAP_R from the target, in case of mutual authentication, is not great. Extend the interface contract of IScsiHexToBin() with EFI_INVALID_PARAMETER, for reporting issues (1) through (3), and implement the new checks. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210608121259.32451-9-lersek@redhat.com>
* NetworkPkg/IScsiDxe: reformat IScsiHexToBin() leading comment blockLaszlo Ersek2021-06-092-16/+16
| | | | | | | | | | | | | | | | | | We'll need further return values for IScsiHexToBin() in a subsequent patch; make room for them in the leading comment block of the function. While at it, rewrap the comment block to 80 characters width. No functional changes. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210608121259.32451-8-lersek@redhat.com>
* NetworkPkg/IScsiDxe: assert that IScsiBinToHex() always succeedsLaszlo Ersek2021-06-091-12/+15
| | | | | | | | | | | | | | | | | | | | | | | IScsiBinToHex() is called for encoding: - the answer to the target's challenge; that is, CHAP_R; - the challenge for the target, in case mutual authentication is enabled; that is, CHAP_C. The initiator controls the size of both blobs, the sizes of their hex encodings are correctly calculated in "RspLen" and "ChallengeLen". Therefore the IScsiBinToHex() calls never fail; assert that. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Message-Id: <20210608121259.32451-7-lersek@redhat.com>
* NetworkPkg/IScsiDxe: fix potential integer overflow in IScsiBinToHex()Laszlo Ersek2021-06-094-4/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Considering IScsiBinToHex(): > if (((*HexLength) - 3) < BinLength * 2) { > *HexLength = BinLength * 2 + 3; > } the following subexpressions are problematic: (*HexLength) - 3 BinLength * 2 BinLength * 2 + 3 The first one may wrap under zero, the latter two may wrap over MAX_UINT32. Rewrite the calculation using SafeIntLib. While at it, change the type of the "Index" variable from UINTN to UINT32. The largest "Index"-based value that we calculate is Index * 2 + 2 (with (Index == BinLength)) Because the patch makes BinLength * 2 + 3 safe to calculate in UINT32, using UINT32 for Index * 2 + 2 (with (Index == BinLength)) is safe too. Consistently using UINT32 improves readability. This patch is best reviewed with "git show -W". The integer overflows that this patch fixes are theoretical; a subsequent patch in the series will audit the IScsiBinToHex() call sites, and show that none of them can fail. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210608121259.32451-6-lersek@redhat.com>
* NetworkPkg/IScsiDxe: clean up library class dependenciesLaszlo Ersek2021-06-092-12/+11
| | | | | | | | | | | | | | | | | Sort the library class dependencies in the #include directives and in the INF file. Remove the DpcLib class from the #include directives -- it is not listed in the INF file, and IScsiDxe doesn't call either DpcLib API (QueueDpc(), DispatchDpc()). No functional changes. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Message-Id: <20210608121259.32451-5-lersek@redhat.com>
* NetworkPkg/IScsiDxe: clean up "ISCSI_CHAP_AUTH_DATA.OutChallengeLength"Laszlo Ersek2021-06-092-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The "ISCSI_CHAP_AUTH_DATA.OutChallenge" field is declared as a UINT8 array with ISCSI_CHAP_AUTH_MAX_LEN (1024) elements. However, when the challenge is generated and formatted, only ISCSI_CHAP_RSP_LEN (16) octets are used in the array. Change the array size to ISCSI_CHAP_RSP_LEN, and remove the (now unused) ISCSI_CHAP_AUTH_MAX_LEN macro. Remove the "ISCSI_CHAP_AUTH_DATA.OutChallengeLength" field, which is superfluous too. Most importantly, explain in a new comment *why* tying the challenge size to the digest size (ISCSI_CHAP_RSP_LEN) has always made sense. (See also Linux kernel commit 19f5f88ed779, "scsi: target: iscsi: tie the challenge length to the hash digest size", 2019-11-06.) For sure, the motivation that the new comment now explains has always been there, and has always been the same, for IScsiDxe; it's just that now we spell it out too. No change in peer-visible behavior. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Message-Id: <20210608121259.32451-4-lersek@redhat.com>
* NetworkPkg/IScsiDxe: simplify "ISCSI_CHAP_AUTH_DATA.InChallenge" sizeLaszlo Ersek2021-06-092-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | The ISCSI_CHAP_AUTH_MAX_LEN macro is defined with value 1024. The usage of this macro currently involves a semantic (not functional) bug, which we're going to fix in a subsequent patch, eliminating ISCSI_CHAP_AUTH_MAX_LEN altogether. For now, remove the macro's usage from all "ISCSI_CHAP_AUTH_DATA.InChallenge" contexts. This is doable without duplicating open-coded constants. No changes in functionality. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Message-Id: <20210608121259.32451-3-lersek@redhat.com>
* NetworkPkg/IScsiDxe: wrap IScsiCHAP source files to 80 charactersLaszlo Ersek2021-06-092-22/+71
| | | | | | | | | | | | | | | Working with overlong lines is difficult for me; rewrap the CHAP-related source files in IScsiDxe to 80 characters width. No functional changes. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210608121259.32451-2-lersek@redhat.com>
* NetworkPkg/IScsiDxe: Enhance the check for array boundaryShenglei Zhang2020-04-262-2/+2
| | | | | | | | | | | Array 'TargetUrl' of size 255 may use index value(s) 255 and 256. So enhance the boundary check to ensure the index is valid. Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
* NetworkPkg/IScsiDxe: Fix various typosAntoine Coeur2020-02-109-45/+45
| | | | | | | | | | | | | Fix various typos in comments and documentation. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@intel.com> Signed-off-by: Antoine Coeur <coeur@gmx.fr> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com> Message-Id: <20200207010831.9046-42-philmd@redhat.com>
* NetworkPkg: fix CloseProtocol & UninstallMultipleProtocolInterfaces callsLaszlo Ersek2019-10-091-1/+1
| | | | | | | | | | | | | | | | Both the "ControllerHandle" parameter of CloseProtocol() and the "Handle" parameter of UninstallMultipleProtocolInterfaces() have type EFI_HANDLE, not (EFI_HANDLE*). This patch fixes actual bugs. The issues have been dormant likely because they are on error paths. (Or, in case of TlsAuthConfigDxe, because the driver is unloaded likely very infrequently.) Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
* NetworkPkg: Replace BSD License with BSD+Patent LicenseMichael D Kinney2019-04-0929-203/+29
| | | | | | | | | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=1373 Replace BSD 2-Clause License with BSD+Patent License. This change is based on the following emails: https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html RFCs with detailed process for the license change: V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
* NetworkPkg/IScsiDxe: Remove unnecessary NULL pointer check.Jiaxin Wu2019-01-231-5/+1
| | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1469 Since the value of AttemptConfigData is retrieved from the list Entry, it can't be the NULL pointer, so just remove the unnecessary check. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Wu Hao A <hao.a.wu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Wu Hao A <hao.a.wu@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* NetworkPkg/IScsiDxe: Remove unused global variables.Songpeng Li2019-01-151-2/+0
| | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1413 Global variables mIScsiDeviceListUpdated and mNumberOfIScsiDevices have never been used, this patch is to clean them. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Songpeng Li <songpeng.li@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
* NetworkPkg/IScsiDxe: Use UEFILib APIs to uninstall protocols.Ashish Singhal2019-01-101-20/+11
| | | | | | | | | | | | During cleanup in case of initialization failure, some driver bindings are not installed. Using abstractions in UEFILib takes care of it. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1428 Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ashish Singhal <ashishsingha@nvidia.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* NetworkPkg: Remove some clarification from IScsiDxe.infSiyuan Fu2018-12-241-10/+0
| | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1278 This patch is to remove the clarification about usage/difference between those drivers in MdeModulePkg and NetworkPkg, since the MdeModulePkg one have been deleted. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Siyuan Fu <siyuan.fu@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
* NetworkPkg/IScsiDxe: add debug logs for failed SetVariable attemptsVijayenthiran Subramaniam2018-11-231-0/+8
| | | | | | | | | | Add debug messages for failed attempts to write to a variable. Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
* NetworkPkg/IScsiDxe: Add the clarification compared to IScsiDxe in MdeModulePkg.Jiaxin Wu2018-09-271-1/+11
| | | | | | | | | | | | | | Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1205 This patch is to add the driver usage/difference clarification compared to IScsiDxe in MdeModulePkg. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* NetworkPkg: IScsiDxe: Remove the redundant code and definition.Songpeng Li2018-08-232-34/+0
| | | | | | | | | | | | | | The function IScsiFindTcbByITT that is never called have been removed. The definition gEfiAcpi20TableGuid has been removed. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1064 Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Songpeng Li <songpeng.li@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
* NetworkPkg: Removing ipf which is no longer supported from edk2.chenc22018-08-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Removing rules for Ipf sources file: * Remove the source file which path with "ipf" and also listed in [Sources.IPF] section of INF file. * Remove the source file which listed in [Components.IPF] section of DSC file and not listed in any other [Components] section. * Remove the embedded Ipf code for MDE_CPU_IPF. Removing rules for Inf file: * Remove IPF from VALID_ARCHITECTURES comments. * Remove DXE_SAL_DRIVER from LIBRARY_CLASS in [Defines] section. * Remove the INF which only listed in [Components.IPF] section in DSC. * Remove statements from [BuildOptions] that provide IPF specific flags. * Remove any IPF sepcific sections. Removing rules for Dec file: * Remove [Includes.IPF] section from Dec. Removing rules for Dsc file: * Remove IPF from SUPPORTED_ARCHITECTURES in [Defines] section of DSC. * Remove any IPF specific sections. * Remove statements from [BuildOptions] that provide IPF specific flags. Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chen A Chen <chen.a.chen@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* NetworkPkg: Clean up source filesLiming Gao2018-06-2822-497/+497
| | | | | | | | | 1. Do not use tab characters 2. No trailing white space in one line 3. All files must end with CRLF Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liming Gao <liming.gao@intel.com>
* NetworkPkg/IScsiDxe: Fix the ISCSI connection failure in certain case.Jiaxin Wu2018-03-131-1/+1
| | | | | | | | | | | | | | | The ISCSI connection will fail for the first time if the target info is retrieved from DHCP and expressed as URI format. The issue is caused by the missing DNS protocol dependency check during the driver support function. This patch is to fix the above issue. Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Ye Ting <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* NetworkPkg/IScsiDxe: Set ExitBootServiceEvent to NULL after close it.Jiaxin Wu2018-01-101-4/+7
| | | | | | | | | | | | | | | | | | | | | | | | v2: * Refine the commit log. There are two place to close the ISCSI ExitBootServiceEvent: #1.IScsiOnExitBootService(), which is the callback function of ExitBootServiceEvent. #2.IScsiCleanDriverData(), which will be invoked by ISCSI driver binding stop(). So, the ExitBootServiceEvent will be closed and freed when exit boot server is triggered. But it may be closed and freed again in ISCSI driver binding stop(), which will result in the issue recorded at https://bugzilla.tianocore.org/show_bug.cgi?id=742. This patch is to resolve the issue. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* NetworkPkg/IScsiDxe: Correct the DnsMode value according the target info.Jiaxin Wu2017-12-271-0/+1
| | | | | | | | | | | | | | | | | | When the platform gets the target info from DHCP (option 17) and the ISCSI server is expressed as IP address, the value of DnsMode should be false, otherwise, the failure will happen in certain case. please refer to https://bugzilla.tianocore.org/show_bug.chi?id=823 for the detailed steps. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Karunakar P <karunakarp@amiindia.co.in> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Tested-by: Karunakar P <karunakarp@amiindia.co.in> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* NetworkPkg: Update Api from NetLibDetectMedia to NetLibDetectMediaWaitTimeout.fanwang22017-12-184-12/+17
| | | | | | | | | | | | | | | | Since new Api NetLibDetectMediaWaitTimeout was involved to support connecting state handling, and it is forward compatible. So apply this Api in NetworkPkg. V2: *Define time period in a macro instead of hard code. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Wu Jiaxin <jiaxin.wu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wang Fan <fan.wang@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Signed-off-by: fanwang2 <fan.wang@intel.com>
* NetworkPkg: Update IScsiDxe to pass XCODE buildLiming Gao2017-12-052-3/+3
| | | | | | | | | Fix the warning equality comparison with extraneous parentheses [-Werror,-Wparentheses-equality]. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liang Vincent <vincent.liang@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
* NetworkPkg: Fix MSFT C4255 warningSong, BinX2017-11-141-0/+1
| | | | | | | | | | | | | | | | | | V2: Fix MSFT C4255 warning V1: Enable MSFT C4255 warning. From MSDN: Compiler Warning (level 4) C4255 function' : no function prototype given: converting '()' to '(void)' The compiler did not find an explicit list of arguments to a function. This warning is for the C compiler only. Cc: Liming Gao <liming.gao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Bell Song <binx.song@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
* NetworkPkg/IScsiDxe: Add check to avoid use NULL pointerJiaxin Wu2017-10-301-0/+4
| | | | | | | | | Cc: Wu Hao A <hao.a.wu@intel.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Hao Wu <hao.a.wu@intel.com>
* NetworkPkg/IScsiDxe: Clear the old IFR TargetIp to avoid sharing it with ↵Jiaxin Wu2017-10-271-0/+1
| | | | | | | | | | | | other attempts. Cc: Karunakar P <karunakarp@amiindia.co.in> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Tested-by: Karunakar P <karunakarp@amiindia.co.in> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* NetworkPkg/IScsiDxe: Add IPv6 support condition check.Jiaxin Wu2017-10-267-4/+159
| | | | | | | | | | | | | | Base on the request of https://bugzilla.tianocore.org/show_bug.cgi?id=710, we provide this patch to IPv6 condition check by leveraging AIP Protocol. Cc: Karunakar P <karunakarp@amiindia.co.in> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Karunakar P <karunakarp@amiindia.co.in> Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Karunakar p <karunakarp@amiindia.co.in> Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
* NetworkPkg/IScsiDxe: Display InitiatorInfo in attempt page even DHCP enabled.Jiaxin Wu2017-10-261-2/+4
| | | | | | | | | Cc: Karunakar P <karunakarp@amiindia.co.in> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Karunakar p <karunakarp@amiindia.co.in>
* NetworkPkg/IScsiDxe: Clean the previous ConfigData when switching the IP mode.Jiaxin Wu2017-10-261-1/+8
| | | | | | | | | Cc: Karunakar P <karunakarp@amiindia.co.in> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Karunakar p <karunakarp@amiindia.co.in>
* NetworkPkg/IScsiDxe: Fix the incorrect/needless DHCP process.Jiaxin Wu2017-10-261-2/+5
| | | | | | | | | | | | | The existing attempt should not trigger the DHCP process if it doesn't associates with the current NIC. That's incorrect when displaying the initiator info in attempt page. Cc: Karunakar P <karunakarp@amiindia.co.in> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Karunakar p <karunakarp@amiindia.co.in>
* NetworkPkg: Update Protocol/Guid usage in INF file to match source code logicLiming Gao2017-10-101-1/+1
| | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liming Gao <liming.gao@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
* NetworkPkg/IScsiDxe: Remove redundant call to StrLenHao Wu2017-09-201-2/+4
| | | | | | | | | | The commits utilizes a local variable to store the length of a string which will be used right after. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
* NetworkPkg: Remove the redundant '/' in the end of returned ISCSIMacAddr ↵Fu Siyuan2017-09-181-6/+10
| | | | | | | | keyword. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
* NetworkPkg/IScsiDxe: Fix the incorrect max length of IP_ADDRESS.Jiaxin Wu2017-09-121-4/+4
| | | | | | | | | | | When creating the ISCSI string OpCode for IP_ADDRESS, the max length should be IP(4)_STR_MAX_SIZE instead of IP(4)_MAX_SIZE. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* NetworkPkg: iSCSI should allow to set 6 or 12 length of ISID keyword.Fu Siyuan2017-08-043-3/+8
| | | | | | | | | | The last 3 bytes of ISID should be able to changed by setting the keyword with a value with length 6 (only last 3 bytes) or 12 (full ISID) according to the keyword definition in UEFI configuration namespace website. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>