From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id CB815941833 for ; Wed, 8 May 2024 15:29:33 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=Z/I/RjrY+2a11q+JBBrCl4aAHNz5gD55HyypD/Hv7so=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1715182172; v=1; b=QDKJ1u+/B9BKV/Q9X2fsA74A6YiPfmNnbgDvhgpRpHiBhGUB7NvA/0Sr9cIrit+4xcJX+HWe BU1htlfpYKOt3SfOl++AgC3pDuKY2leBu9dXYAwbjOiSynvt/BVJ5hfCTuRR0KoNsufrq3U9Cbg /84Oux46R/bPePBHV9FPKovSm+PJNN04ziVxDz22qt3wtYo+5LsmM4hrbLaSN1f17TkFlBEelH0 z25D9FzFDTyJ6ZIJkNKODyuz1qFt1A4ER97guzA5rDa+9BVABdqEqhAsr0QZ1IntbIoSQmrD5Wx JTmFMXRdEN2X6I6cQ2Yvo/bZcO7+R7SVj6PDRvf/eyhEA== X-Received: by 127.0.0.2 with SMTP id RIpYYY7687511x1pb3QYtKyS; Wed, 08 May 2024 08:29:32 -0700 X-Received: from mail-pg1-f176.google.com (mail-pg1-f176.google.com [209.85.215.176]) by mx.groups.io with SMTP id smtpd.web11.15704.1715182171296933200 for ; Wed, 08 May 2024 08:29:31 -0700 X-Received: by mail-pg1-f176.google.com with SMTP id 41be03b00d2f7-5d4d15ec7c5so3928317a12.1 for ; Wed, 08 May 2024 08:29:31 -0700 (PDT) X-Gm-Message-State: ogR7R4AyLcbxalTFLDzgCdCJx7686176AA= X-Google-Smtp-Source: AGHT+IGCUsdnWZgckrDjBK4o9c23xks1dD62P/rZ0FppYOdknAGBkG5jJTqPlcnvxQtnzstS7z2+0w== X-Received: by 2002:a17:902:a9c7:b0:1ec:198:bfbc with SMTP id d9443c01a7336-1eeb03a27a3mr28624685ad.34.1715182170410; Wed, 08 May 2024 08:29:30 -0700 (PDT) X-Received: from localhost.localdomain (c-67-160-15-86.hsd1.wa.comcast.net. [67.160.15.86]) by smtp.gmail.com with ESMTPSA id kt7-20020a170903088700b001e862f0b319sm12032291plb.264.2024.05.08.08.29.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 May 2024 08:29:30 -0700 (PDT) From: "Doug Flick via groups.io" To: devel@edk2.groups.io Cc: Liming Gao Subject: [edk2-devel] [PATCH v1 00/14] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Date: Wed, 8 May 2024 08:29:11 -0700 Message-Id: <20240508152925.741226-1-doug.edk2@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 08 May 2024 08:29:31 -0700 Resent-From: dougflick@microsoft.com Reply-To: devel@edk2.groups.io,dougflick@microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b="QDKJ1u+/"; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html This patch series patches the following CVEs: - CVE-2023-45236: Predictable TCP Initial Sequence Numbers - CVE-2023-45237: Use of a Weak PseudoRandom Number Generator In order to patch these CVEs, the following changes were made: - NetworkPkg no longer performs it's own random number generation, instead it uses EFI_RNG_PROTOCOL provided by the plaform to generate random numbers. - This change was made such that any future random number generation vulnerabilities will be a result of the platforms implementation of the EFI_RNG_PROTOCOL and not the NetworkPkg - NetworkPkg uses the TCP initial sequence number algorithm as described in RFC 6528 to generate the initial sequence number for TCP connections. - This change was made to ensure that the initial sequence number is not predictable and therefore cannot be used in a TCP hijacking attack. In addition to the above changes, the following changes were made: - EmulatorPkg OvmfPkg, and ArmVirtPkg were updated to include the Hash2DxeCrypto driver to support TCP ISN generation using EFI_HASH2_PROTOCOL - EmulatorPkg was updated to include the RngDxe driver to support random number generation using the EFI_RNG_PROTOCOL - OvmfPkg, and ArmVirtPkg were updated to include the virtio-rng-pci device to support random number generation using the EFI_RNG_PROTOCOL using the existing VirtioRngDxe driver - ArmVirtPkg and OvmfPkg were updated to disable the NIST algorithms in the NetworkPkg due to the driver only supporting EFI_RNG_ALGORITHM - MdePkg was updated to include MockUefiBootServicesTableLib, MockRng, and MockHash2 protocols for testing - NetworkPkg was updated to include a test for the PxeBcDhcp6 driver due to underlying changes Cc: Liming Gao Signed-off-by: Doug Flick [MSFT] Doug Flick (14): EmulatorPkg: : Add RngDxe to EmulatorPkg EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg OvmfPkg:PlatformCI: Support virtio-rng-pci OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg ArmVirtPkg:PlatformCI: Support virtio-rng-pci ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg NetworkPkg:: SECURITY PATCH CVE-2023-45237 NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236 OvmfPkg: Disable NIST Algorithms NetworkPkg ArmVirtPkg: : Disables NIST algorithms NetworkPkg MdePkg: : Add MockUefiBootServicesTableLib MdePkg: : Adds Protocol for MockRng MdePkg: Add MockHash2 Protocol for testing NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes NetworkPkg/NetworkPkg.dec | 7 + ArmVirtPkg/ArmVirt.dsc.inc | 7 + ArmVirtPkg/ArmVirtQemu.dsc | 5 + ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 + EmulatorPkg/EmulatorPkg.dsc | 14 +- MdePkg/Test/MdePkgHostTest.dsc | 1 + NetworkPkg/Test/NetworkPkgHostTest.dsc | 1 + OvmfPkg/OvmfPkgIa32.dsc | 13 +- OvmfPkg/OvmfPkgIa32X64.dsc | 15 +- OvmfPkg/OvmfPkgX64.dsc | 13 +- OvmfPkg/OvmfXen.dsc | 12 + EmulatorPkg/EmulatorPkg.fdf | 11 +- OvmfPkg/OvmfPkgIa32.fdf | 5 + OvmfPkg/OvmfPkgIa32X64.fdf | 5 + OvmfPkg/OvmfPkgX64.fdf | 5 + OvmfPkg/OvmfXen.fdf | 5 + MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf | 32 +++ NetworkPkg/Library/DxeNetLib/DxeNetLib.inf | 12 +- NetworkPkg/TcpDxe/TcpDxe.inf | 11 +- NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf | 3 +- MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h | 78 +++++++ MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h | 67 ++++++ MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h | 48 ++++ NetworkPkg/IScsiDxe/IScsiMisc.h | 6 +- NetworkPkg/Include/Library/NetLib.h | 40 +++- NetworkPkg/Ip6Dxe/Ip6Nd.h | 8 +- NetworkPkg/TcpDxe/TcpFunc.h | 23 +- NetworkPkg/TcpDxe/TcpMain.h | 59 ++++- NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c | 10 +- NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c | 11 +- NetworkPkg/DnsDxe/DnsDhcp.c | 10 +- NetworkPkg/DnsDxe/DnsImpl.c | 11 +- NetworkPkg/HttpBootDxe/HttpBootDhcp6.c | 10 +- NetworkPkg/IScsiDxe/IScsiCHAP.c | 19 +- NetworkPkg/IScsiDxe/IScsiMisc.c | 14 +- NetworkPkg/Ip4Dxe/Ip4Driver.c | 10 +- NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c | 9 +- NetworkPkg/Ip6Dxe/Ip6Driver.c | 17 +- NetworkPkg/Ip6Dxe/Ip6If.c | 12 +- NetworkPkg/Ip6Dxe/Ip6Mld.c | 12 +- NetworkPkg/Ip6Dxe/Ip6Nd.c | 33 ++- NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 129 +++++++++-- NetworkPkg/TcpDxe/TcpDriver.c | 105 ++++++++- NetworkPkg/TcpDxe/TcpInput.c | 13 +- NetworkPkg/TcpDxe/TcpMisc.c | 242 ++++++++++++++++++-- NetworkPkg/TcpDxe/TcpTimer.c | 3 +- NetworkPkg/Udp4Dxe/Udp4Driver.c | 10 +- NetworkPkg/Udp6Dxe/Udp6Driver.c | 11 +- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c | 9 +- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 11 +- NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c | 12 +- ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 5 + ArmVirtPkg/PlatformCI/PlatformBuildLib.py | 2 + MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp | 69 ++++++ MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp | 27 +++ MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp | 21 ++ NetworkPkg/SecurityFixes.yaml | 61 +++++ NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp | 102 ++++++++- OvmfPkg/PlatformCI/PlatformBuildLib.py | 2 + 59 files changed, 1381 insertions(+), 142 deletions(-) create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118673): https://edk2.groups.io/g/devel/message/118673 Mute This Topic: https://groups.io/mt/105983238/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-