03f0c23 [ipoib] Expose Ethernet-compatible eIPoIB link-layer addresses and headers f54a61e [infiniband] Include destination address vector in ib_complete_recv() cbe41cb [infiniband] Use explicit "source" and "dest" address vector parameter names f747fac [infiniband] Allow queue pairs to have a custom allocator for receive iobufs 96be171 [iobuf] Allow allocation of I/O buffers with a specified alignment offset e2becce [malloc] Allow allocation of memory with a specified alignment offset de80231 [retry] Expose retry_poll() to explicitly poll all running timers 1cbb158 [ethernet] Expose eth_broadcast as a global constant 5e73677 [build] Add missing #include 34a637f [build] Display commands for dependency generation when building with V=1 79300e2 [tls] Disambiguate most error causes 7061816 [realtek] Force EEPROM CS low before disabling EEPROM access mode d1949f2 [bitbash] Add optional open() and close() methods for bit-bashing interfaces 5676abe [realtek] Forcibly enable advertisement of 1000Mbps speeds 6e50e79 [mii] Add separate mii_restart() function 0dacd54 [realtek] Enable DAC only when built as a 64-bit binary 0e61beb [realtek] Use read-modify-write to check for C+ Command register 77afdc5 [realtek] Use explicit value for TCR.MXDMA 5d05220 [realtek] Use explicit values for RCR.RXFTH and RCR.MXDMA b0ba892 [realtek] Always set high dword of ring address registers a05871d [tg3] Fix driver for BCM5719, BCM5720, BCM5764M, BCM57762 8f7cd88 [http] Fix HTTP SAN booting 1170a36 [ftp] Add support for the FTP SIZE command 501527d [http] Treat any unexpected connection close as an error c7eea31 [util] Fix up checksum in UNDI ROM header, if present 69fa494 [util] Display UNDI ROM header in disrom.pl 37ac7a6 [util] Allow for CALL NEAR in the option ROM initialisation entry point d0bd383 [comboot] Accept only ".cbt" as an extension for COMBOOT images d97c6a3 [bzimage] Allow file mode to be specified for standalone initrd files 1f88e9c [romprefix] Round up PMM allocation sizes to nearest 4kB ced1493 [tg3] Fix excessive DMA alignment. 183a70e [console] Sleep while waiting for user input fb7c022 [tcpip] Fix building under Cygwin c70586f [build] Fix building under OpenBSD acd7408 [vmware] Fix compilation under OpenBSD 8cac5c0 [util] Update mergerom.pl to handle iPXE ROM header 5de45cd [romprefix] Report a pessimistic runtime size estimate ee36363 [contrib] Fix rom-o-matic git version number issues def7f57 [contrib] Fix rom-o-matic build (add new LOG_LEVEL constant) 8f17955 [epic100] Fix wrong field used as rx packet length c3b4860 [legal] Update FSF mailing address in GPL licence texts 1ac62b9 [qib7322] Fix compiler warning on gcc 4.7 a87c0c4 [isa] Avoid spurious compiler warning on gcc 4.7 348ec33 [build] Include git commit within version string when available b3b939c [image] Automatically free autobooted images 5d3c368 [image] Add "--replace" option d3c660b [image] Add "--autofree" option 23b7032 [libc] Add missing wchar.h header d32aac8 [skel] Add missing iounmap() 76b4323 [myson] Add missing iounmap() 93f1d69 [natsemi] Add missing iounmap() e982a7e [realtek] Add missing iounmap() ac81078 [intel] Add missing iounmap() 58ed3b1 [libc] Add support for "%lc" and "%ls" format specifiers 7ad6caf [efi] Add EFI_LOAD_FILE_PROTOCOL header bc41c6e [efi] Update to current EDK2 headers 34576e5 [efi] Standardise #include guard in ipxe_download.h 9200049 [pxeprefix] Ignore errors from PXENV_FILE_CMDLINE 2d7c966 [efi] Default to using raw x86 I/O 4dc3f81 [ioapi] Generalise i386 raw I/O API to x86 73ba154 [b44] Eliminate call to get_memmap() 88016de [pxe] Reopen network device if NBP exits c5c2577 [settings] Expose exit status of failed command via ${errno} 5b49583 [cmdline] Store exit status of failed command in errno e84e19d [pxeprefix] Fetch command line (if any) via PXENV_FILE_CMDLINE a814eff [pxe] Add PXENV_FILE_CMDLINE API call 9e5152e [pxeprefix] Place temporary stack after iPXE binary 9f0b2d2 [intel] Explicitly enable descriptor queues 8391ff3 [intel] Refill receive ring only after enabling receiver 2c72ce0 [bzimage] Update setup_move_size only for protocol versions 2.00 and 2.01 07bc73e [tcp] Increase maximum window size to 256kB 6825b2e [malloc] Increase heap size to 512kB a5d16a9 [tcp] Truncate TCP window to prevent future packet discards 0242473 [arp] Try to avoid discarding ARP cache entries 8d95e1d [malloc] Discard cached items less aggressively 4a8a7bd [iobuf] Allocate I/O buffer descriptor separately to conserve aligned memory b0e236a [netdevice] Process all received packets in net_poll() f3d197a [cmdline] Do not ignore empty initial arguments in concat_args() bc93e8a [util] Avoid compiler warning on gcc 4.6 b3adabd [menu] Truncate menu title when necessary 19859d8 [arp] Prevent ARP cache entries from being deleted mid-transmission 55f52bb [tcp] Avoid potential NULL pointer dereference 49ac629 [tcp] Use a zero window size for RST packets a5c016d [iobuf] Relax alignment requirement for small I/O buffers 9a8c6b0 [tls] Request a maximum fragment length of 2048 bytes ea61075 [tcp] Add support for TCP window scaling 76d9c1a [undi] Align the received frame payload for faster processing 85917ba [monojob] Check for keypresses only once per timer tick ec22e08 [tcpip] Add faster algorithm for calculating the TCP/IP checksum bb9961f [test] Add self-tests for TCP/IP checksum calculation 1d77d03 [tcpip] Allow for architecture-specific TCP/IP checksum routines 6a4ff51 [libc] Simplify memcpy() implementation 80cdf6a [test] Add memcpy() self-tests ba48073 [cmdline] Increase resolution of "time" command cc3e9f0 [realtek] Add missing cpu_to_le16() 512ed2b [ui] Allow colours to be configured via config/colour.h 567b9bf [ui] Change "login" colours to match other UIs edcca8e [sky2] Fix invalid memory access cbc54bf [syslog] Include hostname within syslog messages where possible 7ea6764 [settings] Move "domain" setting from dns.c to settings.c 4010890 [crypto] Allow an error margin on X.509 certificate validity periods c094240 [dhcp] Request broadcast responses when we already have an IPv4 address b9ef880 [romprefix] Treat 0xffffffff as an error return from PMM a3cba84 [util] Update mergerom.pl to handle .mrom images b58374f [romprefix] Allow .mrom image to be placed anywhere within the BAR 9e8d431 [romprefix] Add a dummy ROM header to cover the .mrom payload 12be8bc [util] Rewrite catrom.pl to use Option::ROM library f2e5f88 [util] Allow Option::ROM to access multiple ROM images cdee786 [cmdline] Use "cpuid --ext" instead of "cpuid --amd" addf699 [cmdline] Add "sync" command af47789 [tls] Mark security negotiation as a pending operation 5482b0a [tcp] Mark any unacknowledged transmission as a pending operation 021d7b2 [pending] Add concept of "pending operations" 591541a [cmdline] Add "cpuid" command 1050135 [contrib] Update bochsrc.txt to latest version of bochs 734de43 [build] Merge i386 and x86_64 versions of errfile.h 5af9ad5 [crypto] Fix unused-but-set variable warning 658c25a [http] Add support for Digest authentication 5f2226a [http] Provide credentials only when requested by server 8f5d44b [http] Split construction of Authorization header out of http_step() 46df5c9 [http] Defer processing response code until after receiving all headers 8a5ba67 [http] Reopen connections when server does not keep connection alive 4fa1a2b [crypto] Rename KEY= to PRIVKEY= and "key" to "privkey" 7fa1f41 [crypto] Require OCSP check if certificate provides an OCSP URI 073331c [crypto] Automatically perform OCSP checks when applicable 071171e [image] Allow "imgtrust" to automatically download cross-signed certificates 89a354d [monojob] Allow monojob to be completely silent 944e023 [crypto] Construct OCSP check URI 57de8b6 [crypto] Fix margin of error for OCSP checks b278094 [crypto] Return a NULL OCSP check if construction fails c923d57 [crypto] Return a NULL X.509 certificate if construction fails f20c374 [crypto] Accept UTCTime/GeneralizedTime with no "seconds" field f4c88d5 [test] Add self-tests for base64 40e68e1 [base64] Avoid overrunning input data buffer 1af9284 [efi] Work around platforms which choke on EFI_PCI_DEVICE_ENABLE 73b2117 [iscsi] Report SCSI response only when applicable a33298d [test] Add self-tests for OCSP 39ac285 [crypto] Add framework for OCSP deac4ea [crypto] Add functions for constructing ASN.1 objects e01af73 [crypto] Parse OCSPSigning key purpose, if present 4aad46a [crypto] Generalise x509_parse_bit_string() to asn1_bit_string() 7deb610 [crypto] Generalise asn1_{digest,pubkey,signature}_algorithm() 88c09b3 [crypto] Generalise x509_parse_time() to asn1_generalized_time() e5858c1 [crypto] Parse X.509 raw public key bit string 4855e86 [crypto] Include "?subject=" in cross-signed certificate URI 0e4ee60 [crypto] Reduce standard debugging output c124f21 [image] Avoid potential NULL pointer dereference 3e6e007 [crypto] Automatically download cross-signed certificates 2e4be01 [xferbuf] Add generic data-transfer buffer f19565f [tls] Use asynchronous certificate validator 29dcb06 [crypto] Add asynchronous certificate validator 1a5f025 [crypto] Add x509_auto_append() 99c798d [crypto] Add x509_append_raw() 6c8fcd4 [crypto] Check that common name contains no NUL characters 0ad8b60 [crypto] Allow for X.509 certificates with no common name 6ba7fb7 [list] Add list_last_entry() 8a0331c [tcp] Discard all TCP connections on shutdown 52dd4ba [tcp] Fix potential NULL pointer dereference e844297 [test] Add self-tests for crc32_le() 6a4b128 [test] Fix compiler warning on older gcc versions 557f467 [crypto] Allow certificate chains to be long-lived data structures 6ed905a [time] Add Linux time source using gettimeofday() 6f3e7e9 [malloc] Allow Valgrind to be used when all assertions are enabled 793b8b0 [crypto] Fix memory leak in cms_verify_digest() 601cb36 [crypto] Parse OCSP responder URI from X.509 certificate f91995f [list] Add list_for_each_entry_continue() and _continue_reverse() 69fa290 [test] Fix memory leak in settings self-tests df27731 [malloc] Discard all cached data on shutdown 838a76a [menu] Add "--default" option to "choose" command f8bb40b [realtek] Support RTL8139 cards within generic Realtek driver e01cf6f [http] Fix typo in memory allocation 1fe27a3 [myson] Replace driver for Myson Technology NICs 35e09c1 [natsemi] Fix test for addresses below 4GB 2c1e8d2 [natsemi] Replace driver for National Semicondutor NICs bd16dea [crypto] Do not allow build-time cryptography settings to be overridden 63d9cc2 [crypto] Allow client certificate to be changed without a rebuild 0e59417 [build] Use $(xxx_DEPS) for additional dependency information 8c42e0c [util] Remove obsolete Makefile rule for util/prototester.c 7865ae0 [image] Remove non-working image loaders 945e428 [intel] Replace driver for Intel Gigabit NICs 45e0327 [http] Avoid using stack-allocated memory in http_step() a026a27 [script] Avoid using stack-allocated memory in process_line() de26161 [xfer] Avoid using stack-allocated memory in xfer_printf() 5b18489 [realtek] Update link state when device is opened 44d5ef9 [netdevice] Allow network device to update link state before checking 38d2ad8 [skel] Add skeleton network driver 8b0305e [efi] Fix compiler warning in elf2efi.c d3d87a2 [efi] Update link state in SNP device mode data 02f1f30 [crypto] Allow trusted root certificate to be changed without a rebuild 31e60de [settings] Add fetch_setting_copy() 62eb229 [multiboot] Place multiboot modules low in memory 2a0154d [realtek] Replace driver for Realtek Gigabit NICs 9b2aabe [mii] Add generic MII reset function d27e6d6 [mii] Synchronise constants with current Linux include/linux/mii.h 2f3f0ca [mii] Remove unused functionality eadb6bc [util] Add utility to generate list of supported network cards a9cf527 [vmware] Allow settings to be specified in the VMware .vmx file 52e5ddc [tftp] Allow builds without TFTP support 831b16a [settings] Split fetching and storing out of setting type handlers 4640923 [test] Add self-tests for setting types 1d33649 [libc] Allow strtoul() to interpret negative numbers d11b82f [multiboot] Include full image URI in command line cc288dc [linux] Fix a build error on some platforms 6ab98fa [tftp] Remove configuration option for tftm 196751c [build] Enable warnings when building utilities 96a8c70 [igbvf] Add i350 virtual function support 0e4a5ca [e1000e] Basic 82579 support dcccb1f [tls] Fix wrong memset in function tls_clear_cipher ede37e4 [crypto] Fix wrong setup in function aes_wrap 3c13d68 [int13] Fix compilation on some versions of gcc 943b300 [syslog] Add basic support for encrypted syslog via TLS 61851e6 [elf] Avoid attempting to load 64-bit ELF binaries 275fdae [image] Fix use-after-free in debug messages f5c644c [menu] Fix default selection when default is item 0 4dbb193 [int13] Add support for emulating floppy disk drives cf0953a [comboot] Remove COMBOOT image support by default 3425726 [menu] Add menu commands 493f194 [menu] Add menu user interface 0d2fba2 [menu] Add the abstract concept of a menu 0b44527 [bios] Recognise Page Up and Page Down keys 0b1fe00 [parseopt] Allow "prompt" command to accept character literals for --key aac9718 [readline] Accept Ctrl-U for "delete to start of line" b9720e4 [http] Disambiguate the various error causes e7d4d69 [console] Add "no_latin1" keymap 4740703 [console] Ignore unexpected keysyms when generating keyboard maps ed64732 [crypto] Add an explicit "RSA signature incorrect" error message d45392a [console] Add LOG_ALL as a synonym for LOG_DEBUG 730c972 [image] Log image executions 82ecaaa [console] Remove "log message" usage from interactive console defaults cef3bea [downloader] Use a more meaningful error message when out of memory 9445cb9 [downloader] Abort download immediately if buffer resizing fails 2834f9f [umalloc] Unhide umalloc()ed memory region when there are no allocations 920799a [umalloc] Fail allocations when we run out of external memory 0f0a94f [crypto] Disambiguate all CMS errors 2d11a46 [image] Log results of image signature checks 5a91f56 [downloader] Log final status of all downloads 3ff7927 [syslog] Pass internal syslog() priority through to syslog console c2875ae [console] Do not share ANSI escape context between lineconsole users 24b7296 [console] Add "log message" console usage and an internal syslog() call 64d17db [console] Exclude text-based UI output from logfile-based consoles e024cd3 [console] Allow usage to be defined independently for each console b35d454 [console] Remove unused "btext" console a6d49c1 [console] Move putchar() and getchar() declarations to stdio.h d1465f7 [image] Add the "imgtrust" and "imgverify" commands 1c127a6 [image] Simplify image management commands and internal API 4766b14 [build] Fix compilation under Cygwin 97dcc82 [image] Add concept of trusted images efb0c7f [bios] Set character attributes only when necessary 7ace2eb [test] Add CMS self-tests bdb69d5 [crypto] Add support for Cryptographic Message Syntax (PKCS #7) fe6e741 [crypto] Parse X.509 extended key usage extension f2af64a [crypto] Differentiate "untrusted root" and "incomplete chain" error cases 5c66395 [crypto] Shrink raw certificate data to fit certificate 2cd2447 [crypto] Avoid an error when asn1_shrink() is already at end of object 2d9d0ad [crypto] Add previous certificate in chain as a parameter to parse_next() c285378 [crypto] Parse X.509 certificate serial number d56499a [crypto] Define ASN.1 OID-identified algorithms for all supported digests 38b7e43 [crypto] Generalise X.509 OID-identified algorithm to asn1.c 9a03a8e [test] Add X.509 self-tests b1316ef [crypto] Validate path length constraint in certificate chain 94cdbd7 [crypto] Treat ASN.1 OIDs as opaque 225be9d [crypto] Move all ASN.1 OIDs to asn1.h c76afb3 [crypto] Use standard bit-rotation functions cf78afa [tls] Support sending a client certificate 8685280 [build] Allow a client certificate to be specified at build time 05c1371 [crypto] Use linker tables for RSA digestInfo prefixes 7869f71 [tls] Treat handshake digest algorithm as a session parameter a156c15 [tls] Use hybrid MD5+SHA1 algorithm 8583c32 [tls] Check certificate validity period against current date and time 0610bcb [tls] Parse X.509 validity times into seconds since the Epoch 5da7123 [tls] Include current time within the client random bytes 12002d6 [time] Add RTC-based time source 846bde9 [time] Define an API for getting the current time c130001 [test] Add self-tests for mktime() bd6805a [libc] Add mktime() function 0b2c788 [crypto] Use correct constraint for byte-addressable register f3a791c [tls] Validate server certificate aee3a06 [build] Allow trusted root certificates to be specified at build time 4d3b547 [tls] Add full X.509 certificate parsing d6979e0 [rsa] Actually check the unused-bits byte in the public key bit string 3ec773c [crypto] Force caller to provide temporary storage for modular calculations 5af9e62 [rng] Add Linux entropy source using /dev/random 196f0bb [rng] Allow entropy_enable() to return an error 66f200b [crypto] Remove obsolete AXTLS RSA algorithm dc87161 [tls] Use iPXE native RSA algorithm 7fb0644 [test] Add self-tests for RSA 299dedc [crypto] Add native RSA algorithm c00eb6e [crypto] Add abstraction for a public-key algorithm e20550f [crypto] Add more ASN.1 functions for X.509 certificate parsing da76a48 [test] Run self-tests as an embedded image b0a1ad9 [rng] Fix build error when assertions are enabled a0082b1 [libc] Move VA_ARG_COUNT() macro to stdarg.h 0e81ff2 [myri10ge] Fix compilation error in myri10ge_command() with gcc 4.7 37cb7c7 [crypto] Use real prototypes for AXTLS' AES_encrypt() and AES_decrypt() 3218830 [eepro100] Add PCI ID 8086:10fe 4e53303 [test] Add big integer self-tests 071184a [crypto] Add big-integer library for RSA calculations f229162 [crypto] Add ASN.1 functions for X.509 certificate parsing ffb6d6b [rng] Remove obsolete (and unfinished) get_random_bytes() function 554627c [802.11] Use rbg_generate() for secure random numbers a0e559d [forcedeth] Use standard random() function b63bcd7 [tls] Use const to mark incoming data being processed 1c29b4d [crypto] Upgrade AES and RSA code to upstream axTLS version 1.4.5 74b1e70 [ath9k] Fix compilation on older gcc versions b4bb399 [prefix] Eliminate uninitialised variable 8ad1e7a [test] Avoid using "static const" for test declarations 18ff2ad [debug] Ensure debug address and colourisation fields are fully initialised 1f238bc [test] Add NIST self-tests for AES128 and AES256 in CBC mode 8d03804 [rng] Choose HMAC_DRBG using SHA-256 as the DRBG algorithm a810258 [rng] Add NIST self-tests for HMAC_DRBG using SHA-256 b9d9c3f [rng] Allow HMAC_DRBG to use multiple underlying hash algorithms 742e43b [rng] Use SHA-256 for Hash_df, and validate the hash function strength 0978251 [rng] Add NIST self-tests for Hash_df using SHA-256 fb6a333 [rng] Allow hash_df() to accept multiple underlying hash algorithms c8f52cc [tls] Formalise the definition of a TLS cipher suite 6069b09 [tls] Support (and prefer) SHA-256 variants of existing cipher suites 015c936 [tls] Support TLS version 1.2 fba2310 [crypto] Replace MD5 implementation cdb4802 [802.11] Avoid using struct md5_ctx directly c15e73f [test] Add self-tests for MD5 algorithm bbdf17c [test] Add self-tests for SHA-256 algorithm 657ab17 [crypto] Add SHA-256 algorithm 3b689e5 [x86_64] Use memory address constraint in __bswap_16s() 732bea2 [i386] Use memory address constraints in __bswap_16s() and __bswap_64s() e187de7 [i386] Fix building on older versions of gcc 76f5939 [crypto] Replace SHA-1 implementation 4100edf [802.11] Eliminate use of AXTLS-specific SHA1_SIZE constant c94a4a8 [test] Add self-tests for byte-order swapping functions 249a833 [x86_64] Provide __bswap_{16,32,64}s() af96c41 [i386] Optimise byte-swapping functions and provide __bswap_{16,32,64}s() 4a32308 [tls] Add missing #include c5c1ae4 [rng] Add missing #include 4fde501 [802.11] Add missing #include 281f9aa [tls] Send empty Certificate record if requested by server a42f6ca [tls] Verify the contents of the Finished record 56a7981 [tls] Allow transmitted records to be scheduled independently b7f8d1b [tls] Add support for Server Name Indication (SNI) d9ce3bf [tls] Support TLS version 1.1 d620606 [arp] Maintain an ARP transmission queue 6324bd9 [undi] Allow underlying PXE stack to construct link-layer header 1d29377 [iscsi] Send any padding inline with the data segment cb10137 [http] Recognise status code 303 as valid cd29df5 [vmware] Fix length returned by guestrpc_command() fa538bd [vmware] Add VMware logfile console (CONSOLE_VMWARE) 3a5823a [vmware] Add GuestRPC mechanism 851b93f [syslog] Separate out generic line-based console functionality c72b896 [syslog] Disable console when no syslog server is defined 99de239 [http] Allow for HTTPS-only builds 0571980 [rng] Add RTC-based entropy source 5d2e65c [rng] Add entropy sample generator c0340d9 [test] Allow self-tests to be run individually 5a80c11 [crypto] Use ANS X9.82 Approved get_random_nz() for RSA 75090f2 [tls] Use ANS X9.82 Approved RBG as source of random data for TLS 4fb6043 [rng] Add get_random_nz() function required by RSA algorithm 4e0effc [rng] Add ANS X9.82 RBG wrapper functions c6b0b34 [rng] Add ANS X9.82 mandatory start-up tests a3b116c [rng] Add ANS X9.82 mandatory continuous tests 073f410 [rng] Add ANS X9.82 Approved Source of Entropy Input c2668b6 [rng] Record validity within DRBG state a99d5d5 [rng] Add missing #include a875618 [802.11] Add missing #include bb36f3d [udp] Propagate transmission errors to UDP interface users 464ca5d [i386] Add missing #include in pic8259.h 71804f8 [rng] Add NIST self-tests for Hash_df eec0682 [rng] Add ANS X9.82 Approved Hash_df derivation function 32c4a3a [efi] Add iPXE download protocol dc70229 [snpnet] Give up entirely on the transmit queue 4108321 [contrib] Fix rom-o-matic d3630b6 [prefix] Fix missing underscore in libprefix 1476d6f [tg3] Remove tg3_calc_dma_bndry() 3a42538 [prefix] Delay initrd image copy until memory map is ready b5ed30b [tg3] Fix compilation on newer gcc versions f6840ba [tg3] New tg3 driver 3a2bda7 [rng] Add ANS X9.82 Approved DRBG mechanism fcc35bf [rng] Add dummy entropy source 9ec80a3 [rng] Add NIST self-tests for HMAC_DRBG 5c2d6fa [rng] Add ANS X9.82 Approved HMAC_DRBG algorithm f5bbe7e [lkrnprefix] Copy command line before installing iPXE 18d2887 [test] Add self-tests for SHA-1 algorithm 187cd80 [dns] Allow trailing dots in DNS names