REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960 CVE: CVE-2019-14553 The series patches are to support HTTPS hostname validation feature. It fixes the issue exposed @ https://bugzilla.tianocore.org/show_bug.cgi?id=960. In the patches, we add the new data type named "EfiTlsVerifyHost" and the EFI_TLS_VERIFY_HOST_FLAG for the TLS protocol consumer (HTTP) to enable the host name check so as to avoid the potential Man-In-The-Middle attack.
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Wu Jiaxin <jiaxin...@intel.com> Reviewed-by: Ye Ting <ting...@intel.com> Reviewed-by: Long Qin <qin.l...@intel.com> Reviewed-by: Fu Siyuan <siyuan...@intel.com> Acked-by: Laszlo Ersek <ler...@redhat.com> Jiaxin Wu (4): MdePkg/Include/Protocol/Tls.h: Add the data type of EfiTlsVerifyHost(CVE-2019-14553) CryptoPkg/TlsLib: Add the new API "TlsSetVerifyHost"(CVE-2019-14553) NetworkPkg/TlsDxe: Add the support of host validation to TlsDxe driver(CVE-2019-14553) NetworkPkg/HttpDxe: Set the HostName for the verification(CVE-2019-14553) CryptoPkg/Include/Library/TlsLib.h | 20 ++++++++ CryptoPkg/Library/TlsLib/TlsConfig.c | 38 +++++++++++++++- MdePkg/Include/Protocol/Tls.h | 68 +++++++++++++++++++++++----- NetworkPkg/HttpDxe/HttpProto.h | 1 + NetworkPkg/HttpDxe/HttpsSupport.c | 21 +++++++-- NetworkPkg/TlsDxe/TlsProtocol.c | 44 ++++++++++++++++-- 6 files changed, 173 insertions(+), 19 deletions(-) -- 2.17.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#48183): https://edk2.groups.io/g/devel/message/48183 Mute This Topic: https://groups.io/mt/34307578/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
