public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Doug Flick via groups.io" <dougflick=microsoft.com@groups.io>
To: devel@edk2.groups.io
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Subject: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
Date: Thu, 23 May 2024 22:44:52 -0700	[thread overview]
Message-ID: <20240524054512.523329-1-douglas.flick@microsoft.com> (raw)


REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html

This patch series patches the following CVEs:
- CVE-2023-45236: Predictable TCP Initial Sequence Numbers
- CVE-2023-45237: Use of a Weak PseudoRandom Number Generator

In order to patch these CVEs, the following changes were made:
- NetworkPkg no longer performs it's own random number generation,
  instead it uses EFI_RNG_PROTOCOL provided by the plaform to
  generate random numbers.
  - This change was made such that any future random number
    generation vulnerabilities will be a result of the platforms
    implementation of the EFI_RNG_PROTOCOL and not the NetworkPkg

- NetworkPkg uses the TCP initial sequence number algorithm as described
  in RFC 6528 to generate the initial sequence number for TCP connections.
  - This change was made to ensure that the initial sequence number
    is not predictable and therefore cannot be used in a TCP hijacking
    attack.

In addition to the above changes, the following changes were made:
- EmulatorPkg OvmfPkg, and ArmVirtPkg were updated to include the
  Hash2DxeCrypto driver to support TCP ISN generation using
  EFI_HASH2_PROTOCOL

- EmulatorPkg was updated to include the
  RngDxe driver to support random number generation using the
  EFI_RNG_PROTOCOL

- OvmfPkg, and ArmVirtPkg were updated to include the
  virtio-rng-pci device to support random number generation using the
  EFI_RNG_PROTOCOL using the existing VirtioRngDxe driver

- SecurityPkg was updated to fix an incorrect limitation on the
  GetRng function in the RngDxe driver where the minimum amount of
  random data that could be requested was 32 bytes (256 bits) instead
  of what the caller requested

- MdePkg was updated to include MockUefiBootServicesTableLib,
  MockRng, and MockHash2 protocols for testing

- NetworkPkg was updated to include a test for the PxeBcDhcp6 driver
  due to underlying changes

- ArmPkg was updated to allow the SMC/HVC monitor conduit to be
  specified at runtime

- MdePkg was updated to remove an overzealous ASSERT in BaseRngLib

- ArmVirtPkg was updated to permit the use of dynamic PCDs in PEI

- ArmVirtPkg was updated to use dynamic PCDs to set the SMCCC conduit

- ArmVirtPkg was updated to add the RngDxe driver

Cc: Liming Gao <gaoliming@byosoft.com.cn>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>

Ard Biesheuvel (6):
  ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime
  MdePkg/BaseRngLib AARCH64: Remove overzealous ASSERT()
  ArmVirtPkg/ArmVirtQemu: Permit the use of dynamic PCDs in PEI
  ArmVirtPkg: Use dynamic PCD to set the SMCCC conduit
  ArmVirtPkg: Reverse inclusion order of MdeLibs.inc and ArmVirt.dsc.inc
  ArmVirtPkg/ArmVirtQemu: Add RngDxe driver

Doug Flick (8):
  EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg
  OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg
  NetworkPkg:: SECURITY PATCH CVE-2023-45237
  NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236
  MdePkg: : Add MockUefiBootServicesTableLib
  MdePkg: : Adds Protocol for MockRng
  MdePkg: Add MockHash2 Protocol for testing
  NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes

Flickdm (6):
  EmulatorPkg: : Add RngDxe to EmulatorPkg
  OvmfPkg:PlatformCI: Support virtio-rng-pci
  ArmVirtPkg:PlatformCI: Support virtio-rng-pci
  ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg
  SecurityPkg: RngDxe: Remove incorrect limitation on GetRng
  ArmVirtPkg: Move PcdMonitorConduitHvc

 ArmPkg/ArmPkg.dec                                                                                 |  10 +-
 NetworkPkg/NetworkPkg.dec                                                                         |   7 +
 ArmVirtPkg/ArmVirt.dsc.inc                                                                        |   5 +-
 ArmVirtPkg/ArmVirtCloudHv.dsc                                                                     |   3 +
 ArmVirtPkg/ArmVirtKvmTool.dsc                                                                     |   4 +-
 ArmVirtPkg/ArmVirtQemu.dsc                                                                        |  20 +-
 ArmVirtPkg/ArmVirtQemuKernel.dsc                                                                  |  12 +-
 ArmVirtPkg/ArmVirtXen.dsc                                                                         |   6 +-
 EmulatorPkg/EmulatorPkg.dsc                                                                       |  14 +-
 MdePkg/Test/MdePkgHostTest.dsc                                                                    |   1 +
 NetworkPkg/Test/NetworkPkgHostTest.dsc                                                            |   1 +
 OvmfPkg/OvmfPkgIa32.dsc                                                                           |   6 +-
 OvmfPkg/OvmfPkgIa32X64.dsc                                                                        |   6 +-
 OvmfPkg/OvmfPkgX64.dsc                                                                            |   6 +-
 OvmfPkg/OvmfXen.dsc                                                                               |   5 +
 ArmVirtPkg/ArmVirtQemu.fdf                                                                        |   2 +-
 EmulatorPkg/EmulatorPkg.fdf                                                                       |  11 +-
 OvmfPkg/OvmfPkgIa32.fdf                                                                           |   5 +
 OvmfPkg/OvmfPkgIa32X64.fdf                                                                        |   5 +
 OvmfPkg/OvmfPkgX64.fdf                                                                            |   5 +
 OvmfPkg/OvmfXen.fdf                                                                               |   5 +
 ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf                                              |   1 +
 MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf |  32 +++
 NetworkPkg/Library/DxeNetLib/DxeNetLib.inf                                                        |  14 +-
 NetworkPkg/TcpDxe/TcpDxe.inf                                                                      |  11 +-
 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf                                     |   3 +-
 MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h                        |  78 +++++++
 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h                                          |  67 ++++++
 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h                                            |  48 ++++
 NetworkPkg/IScsiDxe/IScsiMisc.h                                                                   |   6 +-
 NetworkPkg/Include/Library/NetLib.h                                                               |  40 +++-
 NetworkPkg/Ip6Dxe/Ip6Nd.h                                                                         |   8 +-
 NetworkPkg/TcpDxe/TcpFunc.h                                                                       |  23 +-
 NetworkPkg/TcpDxe/TcpMain.h                                                                       |  59 ++++-
 ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c                                                      |   2 +-
 ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c                                                |  14 ++
 MdePkg/Library/BaseRngLib/AArch64/Rndr.c                                                          |   1 -
 NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c                                                                 |  10 +-
 NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c                                                                 |  11 +-
 NetworkPkg/DnsDxe/DnsDhcp.c                                                                       |  10 +-
 NetworkPkg/DnsDxe/DnsImpl.c                                                                       |  11 +-
 NetworkPkg/HttpBootDxe/HttpBootDhcp6.c                                                            |  10 +-
 NetworkPkg/IScsiDxe/IScsiCHAP.c                                                                   |  19 +-
 NetworkPkg/IScsiDxe/IScsiMisc.c                                                                   |  14 +-
 NetworkPkg/Ip4Dxe/Ip4Driver.c                                                                     |  10 +-
 NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c                                                                 |   9 +-
 NetworkPkg/Ip6Dxe/Ip6Driver.c                                                                     |  17 +-
 NetworkPkg/Ip6Dxe/Ip6If.c                                                                         |  12 +-
 NetworkPkg/Ip6Dxe/Ip6Mld.c                                                                        |  12 +-
 NetworkPkg/Ip6Dxe/Ip6Nd.c                                                                         |  33 ++-
 NetworkPkg/Library/DxeNetLib/DxeNetLib.c                                                          | 130 +++++++++--
 NetworkPkg/TcpDxe/TcpDriver.c                                                                     | 105 ++++++++-
 NetworkPkg/TcpDxe/TcpInput.c                                                                      |  13 +-
 NetworkPkg/TcpDxe/TcpMisc.c                                                                       | 244 ++++++++++++++++++--
 NetworkPkg/TcpDxe/TcpTimer.c                                                                      |   3 +-
 NetworkPkg/Udp4Dxe/Udp4Driver.c                                                                   |  10 +-
 NetworkPkg/Udp6Dxe/Udp6Driver.c                                                                   |  11 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c                                                              |   9 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c                                                              |  11 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c                                                             |  12 +-
 SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c                                            |   8 -
 ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc                                                              |   6 +
 ArmVirtPkg/PlatformCI/PlatformBuildLib.py                                                         |   2 +
 MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp |  69 ++++++
 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp                                        |  27 +++
 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp                                          |  21 ++
 NetworkPkg/SecurityFixes.yaml                                                                     |  61 +++++
 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp                                       | 102 +++++++-
 OvmfPkg/PlatformCI/PlatformBuildLib.py                                                            |   2 +
 69 files changed, 1397 insertions(+), 173 deletions(-)
 create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
 create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
 create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
 create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
 create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp
 create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
 create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp

-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119227): https://edk2.groups.io/g/devel/message/119227
Mute This Topic: https://groups.io/mt/106276830/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



             reply	other threads:[~2024-05-24  5:45 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-24  5:44 Doug Flick via groups.io [this message]
2024-05-24  5:44 ` [edk2-devel] [PATCH v3 01/20] EmulatorPkg: : Add RngDxe to EmulatorPkg Doug Flick via groups.io
2024-05-24  5:44 ` [edk2-devel] [PATCH v3 02/20] EmulatorPkg: : Add Hash2DxeCrypto " Doug Flick via groups.io
2024-05-24  5:44 ` [edk2-devel] [PATCH v3 03/20] OvmfPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
2024-05-24  5:44 ` [edk2-devel] [PATCH v3 04/20] OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg Doug Flick via groups.io
2024-05-24  5:44 ` [edk2-devel] [PATCH v3 05/20] ArmVirtPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
2024-05-24  5:44 ` [edk2-devel] [PATCH v3 06/20] ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg Doug Flick via groups.io
2024-05-24  5:44 ` [edk2-devel] [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng Doug Flick via groups.io
2024-05-24  5:53   ` Yao, Jiewen
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 08/20] NetworkPkg:: SECURITY PATCH CVE-2023-45237 Doug Flick via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 09/20] NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236 Doug Flick via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 10/20] MdePkg: : Add MockUefiBootServicesTableLib Doug Flick via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 11/20] MdePkg: : Adds Protocol for MockRng Doug Flick via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 12/20] MdePkg: Add MockHash2 Protocol for testing Doug Flick via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 13/20] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes Doug Flick via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 14/20] ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime Doug Flick via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 15/20] ArmVirtPkg: Move PcdMonitorConduitHvc Doug Flick via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 16/20] MdePkg/BaseRngLib AARCH64: Remove overzealous ASSERT() Doug Flick via groups.io
2024-05-24  6:47   ` 回复: " gaoliming via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 17/20] ArmVirtPkg/ArmVirtQemu: Permit the use of dynamic PCDs in PEI Doug Flick via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 18/20] ArmVirtPkg: Use dynamic PCD to set the SMCCC conduit Doug Flick via groups.io
2024-05-24  7:01 ` 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 gaoliming via groups.io
2024-05-24  7:07   ` Ard Biesheuvel
2024-05-24  9:12     ` 回复: " gaoliming via groups.io
2024-05-24  9:41       ` Ard Biesheuvel
2024-05-24 11:48         ` Gerd Hoffmann
2024-05-24 14:51           ` 回复: " gaoliming via groups.io
2024-05-24 16:50             ` [edk2-devel] " Doug Flick via groups.io
2024-05-25  4:33               ` 回复: " gaoliming via groups.io
     [not found]           ` <17D27450B424AC2B.30215@groups.io>
2024-05-24 16:00             ` gaoliming via groups.io
2024-05-29 13:09 ` Gerd Hoffmann
2024-05-30  5:07   ` 回复: " gaoliming via groups.io
2024-05-30  9:31     ` Gerd Hoffmann
2024-05-30 10:08       ` Michael Brown
2024-05-30 10:33         ` Gerd Hoffmann
2024-05-30 10:49           ` Michael Brown
2024-05-30 11:48             ` Gerd Hoffmann
  -- strict thread matches above, loose matches on Subject: below --
2024-05-24  5:44 Doug Flick via groups.io

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240524054512.523329-1-douglas.flick@microsoft.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox