From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id B3F59941C74 for ; Wed, 8 May 2024 15:29:39 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=QnlOIujnqxUuCfR3QXO/P3GBIMhcToj1i4pdtgW3mTk=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1715182178; v=1; b=h2hHJl6kqSNufXnwJ2jA2uj+i6RB7JEtNs7Lb0QoYfkSANkj5ciTUtVsDfYBVuZMwp8NlUkW zzIecGBzMOBvGFsIN0OatmGO/6FS62iicbGfdO2tguGEN/iimE0OUYG23HYv0cMUpAo9BV8edFQ itiXU4BNFMGXbtCN+WlA2C//hKYwerArGa0wQY3ooTqB8mY7K0pwjzWN6+cBpty32EkKMfKXh5i iK5zUiSn12HQe1jyQeJ3jhl2mgUl50a3y593SMflO13c4woFJyisIynn89AjC8iH/4sDo18G28G LtrYPTa8EsD6qjYrEvcqN88Wxy7biX89Fc6JHy5x9iXng== X-Received: by 127.0.0.2 with SMTP id E67oYY7687511xd1uabu5dgl; Wed, 08 May 2024 08:29:38 -0700 X-Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web10.15713.1715182176460308381 for ; Wed, 08 May 2024 08:29:36 -0700 X-Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-1ed904c2280so27627655ad.2 for ; Wed, 08 May 2024 08:29:36 -0700 (PDT) X-Gm-Message-State: 2PbapPEI2ei3HIgPXn2TkfG3x7686176AA= X-Google-Smtp-Source: AGHT+IHJ4Z06zLG4Mn/xcdKODKUF13Ji/7jzeQcRri0m51dLbLEZmfDXQj54Ll5J1GToPsz8RyxLAg== X-Received: by 2002:a17:902:e887:b0:1e9:320c:2ecf with SMTP id d9443c01a7336-1eeb03a5958mr37839595ad.35.1715182175009; Wed, 08 May 2024 08:29:35 -0700 (PDT) X-Received: from localhost.localdomain (c-67-160-15-86.hsd1.wa.comcast.net. [67.160.15.86]) by smtp.gmail.com with ESMTPSA id kt7-20020a170903088700b001e862f0b319sm12032291plb.264.2024.05.08.08.29.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 May 2024 08:29:34 -0700 (PDT) From: "Doug Flick via groups.io" To: devel@edk2.groups.io Cc: Saloni Kasbekar , Zachary Clark-williams Subject: [edk2-devel] [PATCH v1 07/14] NetworkPkg:: SECURITY PATCH CVE-2023-45237 Date: Wed, 8 May 2024 08:29:18 -0700 Message-Id: <20240508152925.741226-8-doug.edk2@gmail.com> In-Reply-To: <20240508152925.741226-1-doug.edk2@gmail.com> References: <20240508152925.741226-1-doug.edk2@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 08 May 2024 08:29:36 -0700 Resent-From: dougflick@microsoft.com Reply-To: devel@edk2.groups.io,dougflick@microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=h2hHJl6k; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io From: Doug Flick REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D4542 Bug Overview: PixieFail Bug #9 CVE-2023-45237 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Use of a Weak PseudoRandom Number Generator Change Overview: Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either > > EFI_STATUS > EFIAPI > PseudoRandomU32 ( > OUT UINT32 *Output > ); > or (depending on the use case) > > EFI_STATUS > EFIAPI > PseudoRandom ( > OUT VOID *Output, > IN UINTN OutputLength > ); > This is because the use of Example: The following code snippet PseudoRandomU32 () function is used: > > UINT32 Random; > > Status =3D PseudoRandomU32 (&Random); > if (EFI_ERROR (Status)) { > DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > return Status; > } > This also introduces a new PCD to enable/disable the use of the NIST SP-800-90 approved algorithms for PseudoRandom () and instead depend on the default implementation. This may be required for some platforms where the UEFI Spec defined algorithms are not available. > > PcdEnforceSecureRngAlgorithms > If the platform does not have the NIST SP-800-90 approved algorithms then the driver will assert. Cc: Saloni Kasbekar Cc: Zachary Clark-williams Signed-off-by: Doug Flick [MSFT] --- NetworkPkg/NetworkPkg.dec | 7 ++ NetworkPkg/Library/DxeNetLib/DxeNetLib.inf | 12 +- NetworkPkg/TcpDxe/TcpDxe.inf | 3 + NetworkPkg/IScsiDxe/IScsiMisc.h | 6 +- NetworkPkg/Include/Library/NetLib.h | 40 ++++-- NetworkPkg/Ip6Dxe/Ip6Nd.h | 8 +- NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c | 10 +- NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c | 11 +- NetworkPkg/DnsDxe/DnsDhcp.c | 10 +- NetworkPkg/DnsDxe/DnsImpl.c | 11 +- NetworkPkg/HttpBootDxe/HttpBootDhcp6.c | 10 +- NetworkPkg/IScsiDxe/IScsiCHAP.c | 19 ++- NetworkPkg/IScsiDxe/IScsiMisc.c | 14 +-- NetworkPkg/Ip4Dxe/Ip4Driver.c | 10 +- NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c | 9 +- NetworkPkg/Ip6Dxe/Ip6Driver.c | 17 ++- NetworkPkg/Ip6Dxe/Ip6If.c | 12 +- NetworkPkg/Ip6Dxe/Ip6Mld.c | 12 +- NetworkPkg/Ip6Dxe/Ip6Nd.c | 33 ++++- NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 129 +++++++++++++++++--- NetworkPkg/TcpDxe/TcpDriver.c | 15 ++- NetworkPkg/Udp4Dxe/Udp4Driver.c | 10 +- NetworkPkg/Udp6Dxe/Udp6Driver.c | 11 +- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c | 9 +- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 11 +- NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c | 12 +- NetworkPkg/SecurityFixes.yaml | 39 ++++++ 27 files changed, 407 insertions(+), 83 deletions(-) diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec index e06f35e7747c..7c4289b77b21 100644 --- a/NetworkPkg/NetworkPkg.dec +++ b/NetworkPkg/NetworkPkg.dec @@ -5,6 +5,7 @@ #=0D # Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.
=0D # (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP
=0D +# Copyright (c) Microsoft Corporation=0D #=0D # SPDX-License-Identifier: BSD-2-Clause-Patent=0D #=0D @@ -130,6 +131,12 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] # @Prompt Indicates whether SnpDxe creates event for ExitBootServices() = call.=0D gEfiNetworkPkgTokenSpaceGuid.PcdSnpCreateExitBootServicesEvent|TRUE|BOOL= EAN|0x1000000C=0D =0D + ## Enforces the use of Secure UEFI spec defined RNG algorithms for all n= etwork connections.=0D + # TRUE - Enforce the use of Secure UEFI spec defined RNG algorithms.=0D + # FALSE - Do not enforce and depend on the default implementation of RNG= algorithm from the provider.=0D + # @Prompt Enforce the use of Secure UEFI spec defined RNG algorithms.=0D + gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|= 0x1000000D=0D +=0D [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]=0D ## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315= and 6355).=0D # 01 =3D DUID Based on Link-layer Address Plus Time [DUID-LLT]=0D diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf b/NetworkPkg/Librar= y/DxeNetLib/DxeNetLib.inf index 8145d256ec10..56e3c3c58540 100644 --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf @@ -3,6 +3,7 @@ #=0D # Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
= =0D # (C) Copyright 2015 Hewlett Packard Enterprise Development LP
=0D +# Copyright (c) Microsoft Corporation=0D # SPDX-License-Identifier: BSD-2-Clause-Patent=0D #=0D ##=0D @@ -49,7 +50,9 @@ [Guids] gEfiSmbiosTableGuid ## SOMETIMES_CONSUMES ## = SystemTable=0D gEfiSmbios3TableGuid ## SOMETIMES_CONSUMES ## = SystemTable=0D gEfiAdapterInfoMediaStateGuid ## SOMETIMES_CONSUMES=0D -=0D + gEfiRngAlgorithmSp80090Ctr256Guid ## CONSUMES=0D + gEfiRngAlgorithmSp80090Hmac256Guid ## CONSUMES=0D + gEfiRngAlgorithmSp80090Hash256Guid ## CONSUMES=0D =0D [Protocols]=0D gEfiSimpleNetworkProtocolGuid ## SOMETIMES_CONSUMES=0D @@ -59,3 +62,10 @@ [Protocols] gEfiComponentNameProtocolGuid ## SOMETIMES_CONSUMES=0D gEfiComponentName2ProtocolGuid ## SOMETIMES_CONSUMES=0D gEfiAdapterInformationProtocolGuid ## SOMETIMES_CONSUMES=0D + gEfiRngProtocolGuid ## CONSUMES=0D +=0D +[FixedPcd]=0D + gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms ## CONSUMES=0D +=0D +[Depex]=0D + gEfiRngProtocolGuid=0D diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf index c0acbdca5700..cf5423f4c537 100644 --- a/NetworkPkg/TcpDxe/TcpDxe.inf +++ b/NetworkPkg/TcpDxe/TcpDxe.inf @@ -82,5 +82,8 @@ [Protocols] gEfiTcp6ProtocolGuid ## BY_START=0D gEfiTcp6ServiceBindingProtocolGuid ## BY_START=0D =0D +[Depex]=0D + gEfiHash2ServiceBindingProtocolGuid=0D +=0D [UserExtensions.TianoCore."ExtraFiles"]=0D TcpDxeExtra.uni=0D diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMis= c.h index a951eee70ec9..91b2cd22613d 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.h +++ b/NetworkPkg/IScsiDxe/IScsiMisc.h @@ -2,6 +2,7 @@ Miscellaneous definitions for iSCSI driver.=0D =0D Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
=0D +Copyright (c) Microsoft Corporation=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -202,8 +203,11 @@ IScsiNetNtoi ( @param[in, out] Rand The buffer to contain random numbers.=0D @param[in] RandLength The length of the Rand buffer.=0D =0D + @retval EFI_SUCCESS on success=0D + @retval others on error=0D +=0D **/=0D -VOID=0D +EFI_STATUS=0D IScsiGenRandom (=0D IN OUT UINT8 *Rand,=0D IN UINTN RandLength=0D diff --git a/NetworkPkg/Include/Library/NetLib.h b/NetworkPkg/Include/Libra= ry/NetLib.h index 8c0e62b3889c..e8108b79db8f 100644 --- a/NetworkPkg/Include/Library/NetLib.h +++ b/NetworkPkg/Include/Library/NetLib.h @@ -3,6 +3,7 @@ It provides basic functions for the UEFI network stack.=0D =0D Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
=0D +Copyright (c) Microsoft Corporation=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -539,8 +540,6 @@ extern EFI_IPv4_ADDRESS mZeroIp4Addr; #define TICKS_PER_MS 10000U=0D #define TICKS_PER_SECOND 10000000U=0D =0D -#define NET_RANDOM(Seed) ((UINT32) ((UINT32) (Seed) * 1103515245UL + 1234= 5) % 4294967295UL)=0D -=0D /**=0D Extract a UINT32 from a byte stream.=0D =0D @@ -580,19 +579,40 @@ NetPutUint32 ( );=0D =0D /**=0D - Initialize a random seed using current time and monotonic count.=0D + Generate a Random output data given a length.=0D =0D - Get current time and monotonic count first. Then initialize a random see= d=0D - based on some basic mathematics operation on the hour, day, minute, seco= nd,=0D - nanosecond and year of the current time and the monotonic count value.=0D + @param[out] Output - The buffer to store the generated random data.=0D + @param[in] OutputLength - The length of the output buffer.=0D =0D - @return The random seed initialized with current time.=0D + @retval EFI_SUCCESS On Success=0D + @retval EFI_INVALID_PARAMETER Pointer is null or size is zero=0D + @retval EFI_NOT_FOUND RNG protocol not found=0D + @retval Others Error from RngProtocol->GetRNG()=0D =0D + @return Status code=0D **/=0D -UINT32=0D +EFI_STATUS=0D EFIAPI=0D -NetRandomInitSeed (=0D - VOID=0D +PseudoRandom (=0D + OUT VOID *Output,=0D + IN UINTN OutputLength=0D + );=0D +=0D +/**=0D + Generate a 32-bit pseudo-random number.=0D +=0D + @param[out] Output - The buffer to store the generated random number.=0D +=0D + @retval EFI_SUCCESS On Success=0D + @retval EFI_NOT_FOUND RNG protocol not found=0D + @retval Others Error from RngProtocol->GetRNG()=0D +=0D + @return Status code=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +PseudoRandomU32 (=0D + OUT UINT32 *Output=0D );=0D =0D #define NET_LIST_USER_STRUCT(Entry, Type, Field) \=0D diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.h b/NetworkPkg/Ip6Dxe/Ip6Nd.h index bf64e9114e13..5795e23c7d71 100644 --- a/NetworkPkg/Ip6Dxe/Ip6Nd.h +++ b/NetworkPkg/Ip6Dxe/Ip6Nd.h @@ -2,7 +2,7 @@ Definition of Neighbor Discovery support routines.=0D =0D Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
=0D -=0D + Copyright (c) Microsoft Corporation=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -780,10 +780,10 @@ Ip6OnArpResolved ( /**=0D Update the ReachableTime in IP6 service binding instance data, in millis= econds.=0D =0D - @param[in, out] IpSb Points to the IP6_SERVICE.=0D -=0D + @retval EFI_SUCCESS ReachableTime Updated=0D + @retval others Failed to update ReachableTime=0D **/=0D -VOID=0D +EFI_STATUS=0D Ip6UpdateReachableTime (=0D IN OUT IP6_SERVICE *IpSb=0D );=0D diff --git a/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c b/NetworkPkg/Dhcp4Dxe/Dhcp4D= river.c index 8c37e93be3a8..892caee36846 100644 --- a/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c +++ b/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c @@ -1,6 +1,7 @@ /** @file=0D =0D Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
=0D +Copyright (c) Microsoft Corporation=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -189,6 +190,13 @@ Dhcp4CreateService ( {=0D DHCP_SERVICE *DhcpSb;=0D EFI_STATUS Status;=0D + UINT32 Random;=0D +=0D + Status =3D PseudoRandomU32 (&Random);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __fu= nc__, Status));=0D + return Status;=0D + }=0D =0D *Service =3D NULL;=0D DhcpSb =3D AllocateZeroPool (sizeof (DHCP_SERVICE));=0D @@ -203,7 +211,7 @@ Dhcp4CreateService ( DhcpSb->Image =3D ImageHandle;=0D InitializeListHead (&DhcpSb->Children);=0D DhcpSb->DhcpState =3D Dhcp4Stopped;=0D - DhcpSb->Xid =3D NET_RANDOM (NetRandomInitSeed ());=0D + DhcpSb->Xid =3D Random;=0D CopyMem (=0D &DhcpSb->ServiceBinding,=0D &mDhcp4ServiceBindingTemplate,=0D diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c b/NetworkPkg/Dhcp6Dxe/Dhcp6D= river.c index b591a4605bc9..e7f2787a98ba 100644 --- a/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c +++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c @@ -3,7 +3,7 @@ implementation for Dhcp6 Driver.=0D =0D Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
=0D -=0D + Copyright (c) Microsoft Corporation=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -123,6 +123,13 @@ Dhcp6CreateService ( {=0D DHCP6_SERVICE *Dhcp6Srv;=0D EFI_STATUS Status;=0D + UINT32 Random;=0D +=0D + Status =3D PseudoRandomU32 (&Random);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __fu= nc__, Status));=0D + return Status;=0D + }=0D =0D *Service =3D NULL;=0D Dhcp6Srv =3D AllocateZeroPool (sizeof (DHCP6_SERVICE));=0D @@ -147,7 +154,7 @@ Dhcp6CreateService ( Dhcp6Srv->Signature =3D DHCP6_SERVICE_SIGNATURE;=0D Dhcp6Srv->Controller =3D Controller;=0D Dhcp6Srv->Image =3D ImageHandle;=0D - Dhcp6Srv->Xid =3D (0xffffff & NET_RANDOM (NetRandomInitSeed ()));= =0D + Dhcp6Srv->Xid =3D (0xffffff & Random);=0D =0D CopyMem (=0D &Dhcp6Srv->ServiceBinding,=0D diff --git a/NetworkPkg/DnsDxe/DnsDhcp.c b/NetworkPkg/DnsDxe/DnsDhcp.c index 933565a32df1..9eb3c1d2d81d 100644 --- a/NetworkPkg/DnsDxe/DnsDhcp.c +++ b/NetworkPkg/DnsDxe/DnsDhcp.c @@ -2,6 +2,7 @@ Functions implementation related with DHCPv4/v6 for DNS driver.=0D =0D Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
=0D +Copyright (c) Microsoft Corporation=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -277,6 +278,7 @@ GetDns4ServerFromDhcp4 ( EFI_DHCP4_TRANSMIT_RECEIVE_TOKEN Token;=0D BOOLEAN IsDone;=0D UINTN Index;=0D + UINT32 Random;=0D =0D Image =3D Instance->Service->ImageHandle;=0D Controller =3D Instance->Service->ControllerHandle;=0D @@ -292,6 +294,12 @@ GetDns4ServerFromDhcp4 ( Data =3D NULL;=0D InterfaceInfo =3D NULL;=0D =0D + Status =3D PseudoRandomU32 (&Random);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __fu= nc__, Status));=0D + return Status;=0D + }=0D +=0D ZeroMem ((UINT8 *)ParaList, sizeof (ParaList));=0D =0D ZeroMem (&MnpConfigData, sizeof (EFI_MANAGED_NETWORK_CONFIG_DATA));=0D @@ -467,7 +475,7 @@ GetDns4ServerFromDhcp4 ( =0D Status =3D Dhcp4->Build (Dhcp4, &SeedPacket, 0, NULL, 2, ParaList, &Toke= n.Packet);=0D =0D - Token.Packet->Dhcp4.Header.Xid =3D HTONL (NET_RANDOM (NetRandomInitSeed = ()));=0D + Token.Packet->Dhcp4.Header.Xid =3D Random;=0D =0D Token.Packet->Dhcp4.Header.Reserved =3D HTONS ((UINT16)0x8000);=0D =0D diff --git a/NetworkPkg/DnsDxe/DnsImpl.c b/NetworkPkg/DnsDxe/DnsImpl.c index d311812800fd..c2629bb8df1f 100644 --- a/NetworkPkg/DnsDxe/DnsImpl.c +++ b/NetworkPkg/DnsDxe/DnsImpl.c @@ -2,6 +2,7 @@ DnsDxe support functions implementation.=0D =0D Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
=0D +Copyright (c) Microsoft Corporation=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -1963,6 +1964,14 @@ ConstructDNSQuery ( NET_FRAGMENT Frag;=0D DNS_HEADER *DnsHeader;=0D DNS_QUERY_SECTION *DnsQuery;=0D + EFI_STATUS Status;=0D + UINT32 Random;=0D +=0D + Status =3D PseudoRandomU32 (&Random);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __fu= nc__, Status));=0D + return Status;=0D + }=0D =0D //=0D // Messages carried by UDP are restricted to 512 bytes (not counting the= IP=0D @@ -1977,7 +1986,7 @@ ConstructDNSQuery ( // Fill header=0D //=0D DnsHeader =3D (DNS_HEADER *)Frag.Bulk;=0D - DnsHeader->Identification =3D (UINT16)NET_RANDOM (NetRandomInitSeed (= ));=0D + DnsHeader->Identification =3D (UINT16)Random;=0D DnsHeader->Flags.Uint16 =3D 0x0000;=0D DnsHeader->Flags.Bits.RD =3D 1;=0D DnsHeader->Flags.Bits.OpCode =3D DNS_FLAGS_OPCODE_STANDARD;=0D diff --git a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c b/NetworkPkg/HttpBootDx= e/HttpBootDhcp6.c index b22cef4ff587..f964515b0fa6 100644 --- a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c +++ b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c @@ -2,6 +2,7 @@ Functions implementation related with DHCPv6 for HTTP boot driver.=0D =0D Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
=0D +Copyright (c) Microsoft Corporation=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -951,6 +952,7 @@ HttpBootDhcp6Sarr ( UINT32 OptCount;=0D UINT8 Buffer[HTTP_BOOT_DHCP6_OPTION_MAX_SIZE];=0D EFI_STATUS Status;=0D + UINT32 Random;=0D =0D Dhcp6 =3D Private->Dhcp6;=0D ASSERT (Dhcp6 !=3D NULL);=0D @@ -961,6 +963,12 @@ HttpBootDhcp6Sarr ( OptCount =3D HttpBootBuildDhcp6Options (Private, OptList, Buffer);=0D ASSERT (OptCount > 0);=0D =0D + Status =3D PseudoRandomU32 (&Random);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __fu= nc__, Status));=0D + return Status;=0D + }=0D +=0D Retransmit =3D AllocateZeroPool (sizeof (EFI_DHCP6_RETRANSMISSION));=0D if (Retransmit =3D=3D NULL) {=0D return EFI_OUT_OF_RESOURCES;=0D @@ -976,7 +984,7 @@ HttpBootDhcp6Sarr ( Config.IaInfoEvent =3D NULL;=0D Config.RapidCommit =3D FALSE;=0D Config.ReconfigureAccept =3D FALSE;=0D - Config.IaDescriptor.IaId =3D NET_RANDOM (NetRandomInitSeed ());=0D + Config.IaDescriptor.IaId =3D Random;=0D Config.IaDescriptor.Type =3D EFI_DHCP6_IA_TYPE_NA;=0D Config.SolicitRetransmission =3D Retransmit;=0D Retransmit->Irt =3D 4;=0D diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHA= P.c index b507f11cd45e..bebb1ac29b9c 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c @@ -3,6 +3,7 @@ Configuration.=0D =0D Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
=0D +Copyright (c) Microsoft Corporation=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -576,16 +577,24 @@ IScsiCHAPToSendReq ( //=0D // CHAP_I=3D=0D //=0D - IScsiGenRandom ((UINT8 *)&AuthData->OutIdentifier, 1);=0D + Status =3D IScsiGenRandom ((UINT8 *)&AuthData->OutIdentifier, 1);= =0D + if (EFI_ERROR (Status)) {=0D + break;=0D + }=0D +=0D AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", AuthData->OutIdent= ifier);=0D IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_IDENTIFIER, ValueStr);=0D //=0D // CHAP_C=3D=0D //=0D - IScsiGenRandom (=0D - (UINT8 *)AuthData->OutChallenge,=0D - AuthData->Hash->DigestSize=0D - );=0D + Status =3D IScsiGenRandom (=0D + (UINT8 *)AuthData->OutChallenge,=0D + AuthData->Hash->DigestSize=0D + );=0D + if (EFI_ERROR (Status)) {=0D + break;=0D + }=0D +=0D BinToHexStatus =3D IScsiBinToHex (=0D (UINT8 *)AuthData->OutChallenge,=0D AuthData->Hash->DigestSize,=0D diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMis= c.c index 78dc5c73d35a..2159b8494963 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.c +++ b/NetworkPkg/IScsiDxe/IScsiMisc.c @@ -2,6 +2,7 @@ Miscellaneous routines for iSCSI driver.=0D =0D Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
=0D +Copyright (c) Microsoft Corporation=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -474,20 +475,17 @@ IScsiNetNtoi ( @param[in, out] Rand The buffer to contain random numbers.=0D @param[in] RandLength The length of the Rand buffer.=0D =0D + @retval EFI_SUCCESS on success=0D + @retval others on error=0D +=0D **/=0D -VOID=0D +EFI_STATUS=0D IScsiGenRandom (=0D IN OUT UINT8 *Rand,=0D IN UINTN RandLength=0D )=0D {=0D - UINT32 Random;=0D -=0D - while (RandLength > 0) {=0D - Random =3D NET_RANDOM (NetRandomInitSeed ());=0D - *Rand++ =3D (UINT8)(Random);=0D - RandLength--;=0D - }=0D + return PseudoRandom (Rand, RandLength);=0D }=0D =0D /**=0D diff --git a/NetworkPkg/Ip4Dxe/Ip4Driver.c b/NetworkPkg/Ip4Dxe/Ip4Driver.c index ec483ff01fa9..683423f38dc7 100644 --- a/NetworkPkg/Ip4Dxe/Ip4Driver.c +++ b/NetworkPkg/Ip4Dxe/Ip4Driver.c @@ -2,6 +2,7 @@ The driver binding and service binding protocol for IP4 driver.=0D =0D Copyright (c) 2005 - 2019, Intel Corporation. All rights reserved.
=0D +Copyright (c) Microsoft Corporation=0D (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
=0D =0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D @@ -549,11 +550,18 @@ Ip4DriverBindingStart ( EFI_IP4_CONFIG2_PROTOCOL *Ip4Cfg2;=0D UINTN Index;=0D IP4_CONFIG2_DATA_ITEM *DataItem;=0D + UINT32 Random;=0D =0D IpSb =3D NULL;=0D Ip4Cfg2 =3D NULL;=0D DataItem =3D NULL;=0D =0D + Status =3D PseudoRandomU32 (&Random);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __fu= nc__, Status));=0D + return Status;=0D + }=0D +=0D //=0D // Test for the Ip4 service binding protocol=0D //=0D @@ -653,7 +661,7 @@ Ip4DriverBindingStart ( //=0D // Initialize the IP4 ID=0D //=0D - mIp4Id =3D (UINT16)NET_RANDOM (NetRandomInitSeed ());=0D + mIp4Id =3D (UINT16)Random;=0D =0D return Status;=0D =0D diff --git a/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c b/NetworkPkg/Ip6Dxe/Ip6Confi= gImpl.c index 70e232ce6c4d..4c1354d26cc1 100644 --- a/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c +++ b/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c @@ -2276,6 +2276,13 @@ Ip6ConfigInitInstance ( UINTN Index;=0D UINT16 IfIndex;=0D IP6_CONFIG_DATA_ITEM *DataItem;=0D + UINT32 Random;=0D +=0D + Status =3D PseudoRandomU32 (&Random);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __fu= nc__, Status));=0D + return Status;=0D + }=0D =0D IpSb =3D IP6_SERVICE_FROM_IP6_CONFIG_INSTANCE (Instance);=0D =0D @@ -2381,7 +2388,7 @@ Ip6ConfigInitInstance ( // The NV variable is not set, so generate a random IAID, and write do= wn the=0D // fresh new configuration as the NV variable now.=0D //=0D - Instance->IaId =3D NET_RANDOM (NetRandomInitSeed ());=0D + Instance->IaId =3D Random;=0D =0D for (Index =3D 0; Index < IpSb->SnpMode.HwAddressSize; Index++) {=0D Instance->IaId |=3D (IpSb->SnpMode.CurrentAddress.Addr[Index] << ((I= ndex << 3) & 31));=0D diff --git a/NetworkPkg/Ip6Dxe/Ip6Driver.c b/NetworkPkg/Ip6Dxe/Ip6Driver.c index b483a7d136d9..cbe011dad472 100644 --- a/NetworkPkg/Ip6Dxe/Ip6Driver.c +++ b/NetworkPkg/Ip6Dxe/Ip6Driver.c @@ -3,7 +3,7 @@ =0D Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
=0D (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
=0D -=0D + Copyright (c) Microsoft Corporation=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -316,7 +316,11 @@ Ip6CreateService ( IpSb->CurHopLimit =3D IP6_HOP_LIMIT;=0D IpSb->LinkMTU =3D IP6_MIN_LINK_MTU;=0D IpSb->BaseReachableTime =3D IP6_REACHABLE_TIME;=0D - Ip6UpdateReachableTime (IpSb);=0D + Status =3D Ip6UpdateReachableTime (IpSb);=0D + if (EFI_ERROR (Status)) {=0D + goto ON_ERROR;=0D + }=0D +=0D //=0D // RFC4861 RETRANS_TIMER: 1,000 milliseconds=0D //=0D @@ -516,11 +520,18 @@ Ip6DriverBindingStart ( EFI_STATUS Status;=0D EFI_IP6_CONFIG_PROTOCOL *Ip6Cfg;=0D IP6_CONFIG_DATA_ITEM *DataItem;=0D + UINT32 Random;=0D =0D IpSb =3D NULL;=0D Ip6Cfg =3D NULL;=0D DataItem =3D NULL;=0D =0D + Status =3D PseudoRandomU32 (&Random);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __fu= nc__, Status));=0D + return Status;=0D + }=0D +=0D //=0D // Test for the Ip6 service binding protocol=0D //=0D @@ -656,7 +667,7 @@ Ip6DriverBindingStart ( //=0D // Initialize the IP6 ID=0D //=0D - mIp6Id =3D NET_RANDOM (NetRandomInitSeed ());=0D + mIp6Id =3D Random;=0D =0D return EFI_SUCCESS;=0D =0D diff --git a/NetworkPkg/Ip6Dxe/Ip6If.c b/NetworkPkg/Ip6Dxe/Ip6If.c index 4629c05f25a0..f3d11c4d2155 100644 --- a/NetworkPkg/Ip6Dxe/Ip6If.c +++ b/NetworkPkg/Ip6Dxe/Ip6If.c @@ -2,7 +2,7 @@ Implement IP6 pseudo interface.=0D =0D Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
=0D -=0D + Copyright (c) Microsoft Corporation=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -89,6 +89,14 @@ Ip6SetAddress ( IP6_PREFIX_LIST_ENTRY *PrefixEntry;=0D UINT64 Delay;=0D IP6_DELAY_JOIN_LIST *DelayNode;=0D + EFI_STATUS Status;=0D + UINT32 Random;=0D +=0D + Status =3D PseudoRandomU32 (&Random);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __fu= nc__, Status));=0D + return Status;=0D + }=0D =0D NET_CHECK_SIGNATURE (Interface, IP6_INTERFACE_SIGNATURE);=0D =0D @@ -164,7 +172,7 @@ Ip6SetAddress ( // Thus queue the address to be processed in Duplicate Address Detection= module=0D // after the delay time (in milliseconds).=0D //=0D - Delay =3D (UINT64)NET_RANDOM (NetRandomInitSeed ());=0D + Delay =3D (UINT64)Random;=0D Delay =3D MultU64x32 (Delay, IP6_ONE_SECOND_IN_MS);=0D Delay =3D RShiftU64 (Delay, 32);=0D =0D diff --git a/NetworkPkg/Ip6Dxe/Ip6Mld.c b/NetworkPkg/Ip6Dxe/Ip6Mld.c index e6b2b653e295..498a11854305 100644 --- a/NetworkPkg/Ip6Dxe/Ip6Mld.c +++ b/NetworkPkg/Ip6Dxe/Ip6Mld.c @@ -696,7 +696,15 @@ Ip6UpdateDelayTimer ( IN OUT IP6_MLD_GROUP *Group=0D )=0D {=0D - UINT32 Delay;=0D + UINT32 Delay;=0D + EFI_STATUS Status;=0D + UINT32 Random;=0D +=0D + Status =3D PseudoRandomU32 (&Random);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __fu= nc__, Status));=0D + return Status;=0D + }=0D =0D //=0D // If the Query packet specifies a Maximum Response Delay of zero, perfo= rm timer=0D @@ -715,7 +723,7 @@ Ip6UpdateDelayTimer ( // is less than the remaining value of the running timer.=0D //=0D if ((Group->DelayTimer =3D=3D 0) || (Delay < Group->DelayTimer)) {=0D - Group->DelayTimer =3D Delay / 4294967295UL * NET_RANDOM (NetRandomInit= Seed ());=0D + Group->DelayTimer =3D Delay / 4294967295UL * Random;=0D }=0D =0D return EFI_SUCCESS;=0D diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.c b/NetworkPkg/Ip6Dxe/Ip6Nd.c index c10c7017f88d..72aa45c10f3f 100644 --- a/NetworkPkg/Ip6Dxe/Ip6Nd.c +++ b/NetworkPkg/Ip6Dxe/Ip6Nd.c @@ -2,7 +2,7 @@ Implementation of Neighbor Discovery support routines.=0D =0D Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
=0D -=0D + Copyright (c) Microsoft Corporation=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -16,17 +16,28 @@ EFI_MAC_ADDRESS mZeroMacAddress; =0D @param[in, out] IpSb Points to the IP6_SERVICE.=0D =0D + @retval EFI_SUCCESS ReachableTime Updated=0D + @retval others Failed to update ReachableTime=0D **/=0D -VOID=0D +EFI_STATUS=0D Ip6UpdateReachableTime (=0D IN OUT IP6_SERVICE *IpSb=0D )=0D {=0D - UINT32 Random;=0D + UINT32 Random;=0D + EFI_STATUS Status;=0D =0D - Random =3D (NetRandomInitSeed () / 4294967295UL) * IP6_RAND= OM_FACTOR_SCALE;=0D + Status =3D PseudoRandomU32 (&Random);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __fu= nc__, Status));=0D + return Status;=0D + }=0D +=0D + Random =3D (Random / 4294967295UL) * IP6_RANDOM_FACTOR_SCAL= E;=0D Random =3D Random + IP6_MIN_RANDOM_FACTOR_SCALED;=0D IpSb->ReachableTime =3D (IpSb->BaseReachableTime * Random) / IP6_RANDOM_= FACTOR_SCALE;=0D +=0D + return EFI_SUCCESS;=0D }=0D =0D /**=0D @@ -972,10 +983,17 @@ Ip6InitDADProcess ( IP6_SERVICE *IpSb;=0D EFI_STATUS Status;=0D UINT32 MaxDelayTick;=0D + UINT32 Random;=0D =0D NET_CHECK_SIGNATURE (IpIf, IP6_INTERFACE_SIGNATURE);=0D ASSERT (AddressInfo !=3D NULL);=0D =0D + Status =3D PseudoRandomU32 (&Random);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __fu= nc__, Status));=0D + return Status;=0D + }=0D +=0D //=0D // Do nothing if we have already started DAD on the address.=0D //=0D @@ -1014,7 +1032,7 @@ Ip6InitDADProcess ( Entry->Transmit =3D 0;=0D Entry->Receive =3D 0;=0D MaxDelayTick =3D IP6_MAX_RTR_SOLICITATION_DELAY / IP6_TIMER_INTERV= AL_IN_MS;=0D - Entry->RetransTick =3D (MaxDelayTick * ((NET_RANDOM (NetRandomInitSeed (= )) % 5) + 1)) / 5;=0D + Entry->RetransTick =3D (MaxDelayTick * ((Random % 5) + 1)) / 5;=0D Entry->AddressInfo =3D AddressInfo;=0D Entry->Callback =3D Callback;=0D Entry->Context =3D Context;=0D @@ -2078,7 +2096,10 @@ Ip6ProcessRouterAdvertise ( // in BaseReachableTime and recompute a ReachableTime.=0D //=0D IpSb->BaseReachableTime =3D ReachableTime;=0D - Ip6UpdateReachableTime (IpSb);=0D + Status =3D Ip6UpdateReachableTime (IpSb);=0D + if (EFI_ERROR (Status)) {=0D + goto Exit;=0D + }=0D }=0D =0D if (RetransTimer !=3D 0) {=0D diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/= DxeNetLib/DxeNetLib.c index fd4a9e15a892..883714d082ce 100644 --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c @@ -3,6 +3,7 @@ =0D Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
=0D (C) Copyright 2015 Hewlett Packard Enterprise Development LP
=0D +Copyright (c) Microsoft Corporation=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D **/=0D =0D @@ -31,6 +32,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include =0D #include =0D #include =0D +#include =0D =0D #define NIC_ITEM_CONFIG_SIZE (sizeof (NIC_IP4_CONFIG_INFO) + sizeof (EFI_= IP4_ROUTE_TABLE) * MAX_IP4_CONFIG_IN_VARIABLE)=0D #define DEFAULT_ZERO_START ((UINTN) ~0)=0D @@ -127,6 +129,24 @@ GLOBAL_REMOVE_IF_UNREFERENCED VLAN_DEVICE_PATH mNetVl= anDevicePathTemplate =3D { 0=0D };=0D =0D +//=0D +// These represent UEFI SPEC & NIST SP-800-90 approved algorithms that sho= uld be supported by the RNG protocol=0D +// and are generally considered secure. This list enforces a minimum set o= f secure algorithms that must=0D +// be supported by the RNG protocol.=0D +//=0D +// The order of the algorithms in this array is important. The first algor= ithm that is supported by the RNG=0D +// protocol will be used to generate the seed for the random number genera= tor.=0D +// If your platform needs to use a specific algorithm to generate the seed= for the random number generator,=0D +// then you should place that algorithm first in the array.=0D +//=0D +GLOBAL_REMOVE_IF_UNREFERENCED EFI_GUID *mSecureHashAlgorithms[] =3D {=0D + &gEfiRngAlgorithmSp80090Ctr256Guid, // SP800-90A DRBG CTR using AES-256= =0D + &gEfiRngAlgorithmSp80090Hmac256Guid, // SP800-90A DRBG HMAC using SHA-25= 6=0D + &gEfiRngAlgorithmSp80090Hash256Guid // SP800-90A DRBG Hash using SHA-25= 6=0D +};=0D +=0D +#define SECURE_HASH_ALGORITHMS_SIZE (sizeof (mSecureHashAlgorithms) / siz= eof (EFI_GUID *))=0D +=0D /**=0D Locate the handles that support SNP, then open one of them=0D to send the syslog packets. The caller isn't required to close=0D @@ -884,34 +904,107 @@ Ip6Swap128 ( }=0D =0D /**=0D - Initialize a random seed using current time and monotonic count.=0D + Generate a Random output data given a length.=0D =0D - Get current time and monotonic count first. Then initialize a random see= d=0D - based on some basic mathematics operation on the hour, day, minute, seco= nd,=0D - nanosecond and year of the current time and the monotonic count value.=0D + @param[out] Output - The buffer to store the generated random data.=0D + @param[in] OutputLength - The length of the output buffer.=0D =0D - @return The random seed initialized with current time.=0D + @retval EFI_SUCCESS On Success=0D + @retval EFI_INVALID_PARAMETER Pointer is null or size is zero=0D + @retval EFI_NOT_FOUND RNG protocol not found=0D + @retval Others Error from RngProtocol->GetRNG()=0D =0D + @return Status code=0D **/=0D -UINT32=0D +EFI_STATUS=0D EFIAPI=0D -NetRandomInitSeed (=0D - VOID=0D +PseudoRandom (=0D + OUT VOID *Output,=0D + IN UINTN OutputLength=0D )=0D {=0D - EFI_TIME Time;=0D - UINT32 Seed;=0D - UINT64 MonotonicCount;=0D + EFI_RNG_PROTOCOL *RngProtocol;=0D + EFI_STATUS Status;=0D + UINTN AlgorithmIndex;=0D =0D - gRT->GetTime (&Time, NULL);=0D - Seed =3D (Time.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | Time.Se= cond);=0D - Seed ^=3D Time.Nanosecond;=0D - Seed ^=3D Time.Year << 7;=0D + if ((Output =3D=3D NULL) || (OutputLength =3D=3D 0)) {=0D + return EFI_INVALID_PARAMETER;=0D + }=0D =0D - gBS->GetNextMonotonicCount (&MonotonicCount);=0D - Seed +=3D (UINT32)MonotonicCount;=0D + Status =3D gBS->LocateProtocol (&gEfiRngProtocolGuid, NULL, (VOID **)&Rn= gProtocol);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed to locate EFI_RNG_PROTOCOL: %r\n", Status= ));=0D + ASSERT_EFI_ERROR (Status);=0D + return Status;=0D + }=0D =0D - return Seed;=0D + if (PcdGetBool (PcdEnforceSecureRngAlgorithms)) {=0D + for (AlgorithmIndex =3D 0; AlgorithmIndex < SECURE_HASH_ALGORITHMS_SIZ= E; AlgorithmIndex++) {=0D + Status =3D RngProtocol->GetRNG (RngProtocol, mSecureHashAlgorithms[A= lgorithmIndex], OutputLength, (UINT8 *)Output);=0D + if (!EFI_ERROR (Status)) {=0D + //=0D + // Secure Algorithm was supported on this platform=0D + //=0D + return EFI_SUCCESS;=0D + } else if (Status =3D=3D EFI_UNSUPPORTED) {=0D + //=0D + // Secure Algorithm was not supported on this platform=0D + //=0D + DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure = algorithm %d: %r\n", AlgorithmIndex, Status));=0D +=0D + //=0D + // Try the next secure algorithm=0D + //=0D + continue;=0D + } else {=0D + //=0D + // Some other error occurred=0D + //=0D + DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure = algorithm %d: %r\n", AlgorithmIndex, Status));=0D + ASSERT_EFI_ERROR (Status);=0D + return Status;=0D + }=0D + }=0D +=0D + //=0D + // If we get here, we failed to generate random data using any secure = algorithm=0D + // Platform owner should ensure that at least one secure algorithm is = supported=0D + //=0D + ASSERT_EFI_ERROR (Status);=0D + return Status;=0D + }=0D +=0D + //=0D + // Lets try using the default algorithm (which may not be secure)=0D + //=0D + Status =3D RngProtocol->GetRNG (RngProtocol, NULL, OutputLength, (UINT8 = *)Output);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "%a failed to generate random data: %r\n", __func= __, Status));=0D + ASSERT_EFI_ERROR (Status);=0D + return Status;=0D + }=0D +=0D + return EFI_SUCCESS;=0D +}=0D +=0D +/**=0D + Generate a 32-bit pseudo-random number.=0D +=0D + @param[out] Output - The buffer to store the generated random number.=0D +=0D + @retval EFI_SUCCESS On Success=0D + @retval EFI_NOT_FOUND RNG protocol not found=0D + @retval Others Error from RngProtocol->GetRNG()=0D +=0D + @return Status code=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +PseudoRandomU32 (=0D + OUT UINT32 *Output=0D + )=0D +{=0D + return PseudoRandom (Output, sizeof (*Output));=0D }=0D =0D /**=0D diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c index 98a90e02109b..8fe6badd687c 100644 --- a/NetworkPkg/TcpDxe/TcpDriver.c +++ b/NetworkPkg/TcpDxe/TcpDriver.c @@ -2,7 +2,7 @@ The driver binding and service binding protocol for the TCP driver.=0D =0D Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
=0D -=0D + Copyright (c) Microsoft Corporation=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -163,7 +163,13 @@ TcpDriverEntryPoint ( )=0D {=0D EFI_STATUS Status;=0D - UINT32 Seed;=0D + UINT32 Random;=0D +=0D + Status =3D PseudoRandomU32 (&Random);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __fu= nc__, Status));=0D + return Status;=0D + }=0D =0D //=0D // Install the TCP Driver Binding Protocol=0D @@ -203,9 +209,8 @@ TcpDriverEntryPoint ( //=0D // Initialize ISS and random port.=0D //=0D - Seed =3D NetRandomInitSeed ();=0D - mTcpGlobalIss =3D NET_RANDOM (Seed) % mTcpGlobalIss;=0D - mTcp4RandomPort =3D (UINT16)(TCP_PORT_KNOWN + (NET_RANDOM (Seed) % TCP_P= ORT_KNOWN));=0D + mTcpGlobalIss =3D Random % mTcpGlobalIss;=0D + mTcp4RandomPort =3D (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN))= ;=0D mTcp6RandomPort =3D mTcp4RandomPort;=0D =0D return EFI_SUCCESS;=0D diff --git a/NetworkPkg/Udp4Dxe/Udp4Driver.c b/NetworkPkg/Udp4Dxe/Udp4Drive= r.c index cb917fcfc90f..c7ea16f4cd6f 100644 --- a/NetworkPkg/Udp4Dxe/Udp4Driver.c +++ b/NetworkPkg/Udp4Dxe/Udp4Driver.c @@ -1,6 +1,7 @@ /** @file=0D =0D Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
=0D +Copyright (c) Microsoft Corporation=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -555,6 +556,13 @@ Udp4DriverEntryPoint ( )=0D {=0D EFI_STATUS Status;=0D + UINT32 Random;=0D +=0D + Status =3D PseudoRandomU32 (&Random);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __fu= nc__, Status));=0D + return Status;=0D + }=0D =0D //=0D // Install the Udp4DriverBinding and Udp4ComponentName protocols.=0D @@ -571,7 +579,7 @@ Udp4DriverEntryPoint ( //=0D // Initialize the UDP random port.=0D //=0D - mUdp4RandomPort =3D (UINT16)(((UINT16)NetRandomInitSeed ()) % UDP4_POR= T_KNOWN + UDP4_PORT_KNOWN);=0D + mUdp4RandomPort =3D (UINT16)(((UINT16)Random) % UDP4_PORT_KNOWN + UDP4= _PORT_KNOWN);=0D }=0D =0D return Status;=0D diff --git a/NetworkPkg/Udp6Dxe/Udp6Driver.c b/NetworkPkg/Udp6Dxe/Udp6Drive= r.c index ae96fb996627..edb758d57ca4 100644 --- a/NetworkPkg/Udp6Dxe/Udp6Driver.c +++ b/NetworkPkg/Udp6Dxe/Udp6Driver.c @@ -2,7 +2,7 @@ Driver Binding functions and Service Binding functions for the Network d= river module.=0D =0D Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
=0D -=0D + Copyright (c) Microsoft Corporation=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -596,6 +596,13 @@ Udp6DriverEntryPoint ( )=0D {=0D EFI_STATUS Status;=0D + UINT32 Random;=0D +=0D + Status =3D PseudoRandomU32 (&Random);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __fu= nc__, Status));=0D + return Status;=0D + }=0D =0D //=0D // Install the Udp6DriverBinding and Udp6ComponentName protocols.=0D @@ -614,7 +621,7 @@ Udp6DriverEntryPoint ( // Initialize the UDP random port.=0D //=0D mUdp6RandomPort =3D (UINT16)(=0D - ((UINT16)NetRandomInitSeed ()) %=0D + ((UINT16)Random) %=0D UDP6_PORT_KNOWN +=0D UDP6_PORT_KNOWN=0D );=0D diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c b/NetworkPkg/UefiPxeBcDxe= /PxeBcDhcp4.c index 91146b78cb1e..452038c2194c 100644 --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c @@ -2,7 +2,7 @@ Functions implementation related with DHCPv4 for UefiPxeBc Driver.=0D =0D Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
=0D -=0D + Copyright (c) Microsoft Corporation=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D @@ -1381,6 +1381,12 @@ PxeBcDhcp4Discover ( UINT8 VendorOptLen;=0D UINT32 Xid;=0D =0D + Status =3D PseudoRandomU32 (&Xid);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __fu= nc__, Status));=0D + return Status;=0D + }=0D +=0D Mode =3D Private->PxeBc.Mode;=0D Dhcp4 =3D Private->Dhcp4;=0D Status =3D EFI_SUCCESS;=0D @@ -1471,7 +1477,6 @@ PxeBcDhcp4Discover ( //=0D // Set fields of the token for the request packet.=0D //=0D - Xid =3D NET_RANDOM (NetRandomInitSeed ()= );=0D Token.Packet->Dhcp4.Header.Xid =3D HTONL (Xid);=0D Token.Packet->Dhcp4.Header.Reserved =3D HTONS ((UINT16)((IsBCast) ? 0x80= 00 : 0x0));=0D CopyMem (&Token.Packet->Dhcp4.Header.ClientAddr, &Private->StationIp, si= zeof (EFI_IPv4_ADDRESS));=0D diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c b/NetworkPkg/UefiPxeBcDxe= /PxeBcDhcp6.c index 7fd1281c1184..bcabbd221983 100644 --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c @@ -2180,7 +2180,7 @@ PxeBcDhcp6Discover ( UINTN ReadSize;=0D UINT16 OpCode;=0D UINT16 OpLen;=0D - UINT32 Xid;=0D + UINT32 Random;=0D EFI_STATUS Status;=0D UINTN DiscoverLenNeeded;=0D =0D @@ -2198,6 +2198,12 @@ PxeBcDhcp6Discover ( return EFI_DEVICE_ERROR;=0D }=0D =0D + Status =3D PseudoRandomU32 (&Random);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __fu= nc__, Status));=0D + return Status;=0D + }=0D +=0D DiscoverLenNeeded =3D sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET);=0D Discover =3D AllocateZeroPool (DiscoverLenNeeded);=0D if (Discover =3D=3D NULL) {=0D @@ -2207,8 +2213,7 @@ PxeBcDhcp6Discover ( //=0D // Build the discover packet by the cached request packet before.=0D //=0D - Xid =3D NET_RANDOM (NetRandomInitSeed ());=0D - Discover->TransactionId =3D HTONL (Xid);=0D + Discover->TransactionId =3D HTONL (Random);=0D Discover->MessageType =3D Request->Dhcp6.Header.MessageType;=0D RequestOpt =3D Request->Dhcp6.Option;=0D DiscoverOpt =3D Discover->DhcpOptions;=0D diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c b/NetworkPkg/UefiPxeBcDx= e/PxeBcDriver.c index d84aca7e85ab..4cd915b41157 100644 --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c @@ -3,6 +3,7 @@ =0D (C) Copyright 2014 Hewlett-Packard Development Company, L.P.
=0D Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.
=0D + Copyright (c) Microsoft Corporation=0D =0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D @@ -892,6 +893,13 @@ PxeBcCreateIp6Children ( PXEBC_PRIVATE_PROTOCOL *Id;=0D EFI_SIMPLE_NETWORK_PROTOCOL *Snp;=0D UINTN Index;=0D + UINT32 Random;=0D +=0D + Status =3D PseudoRandomU32 (&Random);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "Failed to generate random number using EFI_RNG_P= ROTOCOL: %r\n", Status));=0D + return Status;=0D + }=0D =0D if (Private->Ip6Nic !=3D NULL) {=0D //=0D @@ -935,9 +943,9 @@ PxeBcCreateIp6Children ( }=0D =0D //=0D - // Generate a random IAID for the Dhcp6 assigned address.=0D + // Set a random IAID for the Dhcp6 assigned address.=0D //=0D - Private->IaId =3D NET_RANDOM (NetRandomInitSeed ());=0D + Private->IaId =3D Random;=0D if (Private->Snp !=3D NULL) {=0D for (Index =3D 0; Index < Private->Snp->Mode->HwAddressSize; Index++) = {=0D Private->IaId |=3D (Private->Snp->Mode->CurrentAddress.Addr[Index] <= < ((Index << 3) & 31));=0D diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml index fa42025e0d82..20a4555019d9 100644 --- a/NetworkPkg/SecurityFixes.yaml +++ b/NetworkPkg/SecurityFixes.yaml @@ -122,3 +122,42 @@ CVE_2023_45235: - http://www.openwall.com/lists/oss-security/2024/01/16/2=0D - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Conce= pts.html=0D - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianoco= res-edk-ii-ipv6-network-stack.html=0D +CVE_2023_45237:=0D + commit_titles:=0D + - "NetworkPkg:: SECURITY PATCH CVE 2023-45237"=0D + cve: CVE-2023-45237=0D + date_reported: 2023-08-28 13:56 UTC=0D + description: "Bug 09 - Use of a Weak PseudoRandom Number Generator"=0D + note:=0D + files_impacted:=0D + - NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c=0D + - NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c=0D + - NetworkPkg/DnsDxe/DnsDhcp.c=0D + - NetworkPkg/DnsDxe/DnsImpl.c=0D + - NetworkPkg/HttpBootDxe/HttpBootDhcp6.c=0D + - NetworkPkg/IScsiDxe/IScsiCHAP.c=0D + - NetworkPkg/IScsiDxe/IScsiMisc.c=0D + - NetworkPkg/IScsiDxe/IScsiMisc.h=0D + - NetworkPkg/Include/Library/NetLib.h=0D + - NetworkPkg/Ip4Dxe/Ip4Driver.c=0D + - NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c=0D + - NetworkPkg/Ip6Dxe/Ip6Driver.c=0D + - NetworkPkg/Ip6Dxe/Ip6If.c=0D + - NetworkPkg/Ip6Dxe/Ip6Mld.c=0D + - NetworkPkg/Ip6Dxe/Ip6Nd.c=0D + - NetworkPkg/Ip6Dxe/Ip6Nd.h=0D + - NetworkPkg/Library/DxeNetLib/DxeNetLib.c=0D + - NetworkPkg/Library/DxeNetLib/DxeNetLib.inf=0D + - NetworkPkg/NetworkPkg.dec=0D + - NetworkPkg/TcpDxe/TcpDriver.c=0D + - NetworkPkg/Udp4Dxe/Udp4Driver.c=0D + - NetworkPkg/Udp6Dxe/Udp6Driver.c=0D + - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c=0D + - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c=0D + - NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c=0D + links:=0D + - https://bugzilla.tianocore.org/show_bug.cgi?id=3D4542=0D + - https://nvd.nist.gov/vuln/detail/CVE-2023-45237=0D + - http://www.openwall.com/lists/oss-security/2024/01/16/2=0D + - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Conce= pts.html=0D + - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianoco= res-edk-ii-ipv6-network-stack.html=0D --=20 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118680): https://edk2.groups.io/g/devel/message/118680 Mute This Topic: https://groups.io/mt/105983246/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-