[edk2-devel] [PATCH v1 0/4] Support HTTPS HostName validation feature(CVE-2019-14553)
Laszlo Ersek
lersek at redhat.com
Mon Sep 30 23:21:06 UTC 2019
On 09/29/19 08:09, Wang, Jian J wrote:
> For this patch series,
> 1. " Contributed-under: TianoCore Contribution Agreement 1.1" is not needed any more.
> Remove it at push time and no need to send a v2.
> 2. Since it's security patch which had been reviewed separately, I see no reason for new r-b
> required. Please raise it asap if any objections.
> 3. Acked-by: Jian J Wang <jian.j.wang at intel.com>
* Can you please confirm that these patches match those that we
discussed here:
https://bugzilla.tianocore.org/show_bug.cgi?id=960#c18
https://bugzilla.tianocore.org/show_bug.cgi?id=960#c19
* In the BZ, David and Bret raised some questions:
https://bugzilla.tianocore.org/show_bug.cgi?id=960#c31
https://bugzilla.tianocore.org/show_bug.cgi?id=960#c32
https://bugzilla.tianocore.org/show_bug.cgi?id=960#c35
https://bugzilla.tianocore.org/show_bug.cgi?id=960#c36
and
https://bugzilla.tianocore.org/show_bug.cgi?id=960#c40
The latest comment in the bug is c#41. I'm not under the impression that
all concerns raised by David and Bret have been addressed (or
abandoned). I'd like David and Bret to ACK the patches.
Thanks,
Laszlo
>> -----Original Message-----
>> From: devel at edk2.groups.io <devel at edk2.groups.io> On Behalf Of Wu, Jiaxin
>> Sent: Friday, September 27, 2019 11:45 AM
>> To: devel at edk2.groups.io
>> Cc: Wu, Jiaxin <jiaxin.wu at intel.com>
>> Subject: [edk2-devel] [PATCH v1 0/4] Support HTTPS HostName validation
>> feature(CVE-2019-14553)
>>
>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
>> CVE: CVE-2019-14553
>> The series patches are to support HTTPS hostname validation feature.
>> It fixes the issue exposed @
>> https://bugzilla.tianocore.org/show_bug.cgi?id=960.
>> In the patches, we add the new data type named "EfiTlsVerifyHost" and
>> the EFI_TLS_VERIFY_HOST_FLAG for the TLS protocol consumer (HTTP) to
>> enable the host name check so as to avoid the potential
>> Man-In-The-Middle attack.
>>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Wu Jiaxin <jiaxin.wu at intel.com>
>> Reviewed-by: Ye Ting <ting.ye at intel.com>
>> Reviewed-by: Long Qin <qin.long at intel.com>
>> Reviewed-by: Fu Siyuan <siyuan.fu at intel.com>
>> Acked-by: Laszlo Ersek <lersek at redhat.com>
>>
>> Jiaxin Wu (4):
>> MdePkg/Include/Protocol/Tls.h: Add the data type of EfiTlsVerifyHost(CVE-
>> 2019-14553)
>> CryptoPkg/TlsLib: Add the new API "TlsSetVerifyHost"(CVE-2019-14553)
>> NetworkPkg/TlsDxe: Add the support of host validation to TlsDxe driver(CVE-
>> 2019-14553)
>> NetworkPkg/HttpDxe: Set the HostName for the verification(CVE-2019-14553)
>>
>> CryptoPkg/Include/Library/TlsLib.h | 20 ++++++++
>> CryptoPkg/Library/TlsLib/TlsConfig.c | 38 +++++++++++++++-
>> MdePkg/Include/Protocol/Tls.h | 68 +++++++++++++++++++++++-----
>> NetworkPkg/HttpDxe/HttpProto.h | 1 +
>> NetworkPkg/HttpDxe/HttpsSupport.c | 21 +++++++--
>> NetworkPkg/TlsDxe/TlsProtocol.c | 44 ++++++++++++++++--
>> 6 files changed, 173 insertions(+), 19 deletions(-)
>>
>> --
>> 2.17.1.windows.2
>>
>>
>>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#48328): https://edk2.groups.io/g/devel/message/48328
Mute This Topic: https://groups.io/mt/34307578/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list