From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id BC51A94121A for ; Fri, 24 May 2024 05:45:20 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=jRwCDhC5aWjLBDDcIYZU5dNdbEq4+CwWOhgv3ggopq0=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1716529519; v=1; b=zeNpOeMQThbiVGQML43D0fx+ZDyG1ZUfWmBoDKFZ9uvL4Reig5aJI8/V3C7RhGcrK3ZGyubJ F9CcZbIHC/55Lhy9R0s1OfnHSKJZ90PZgVdOv3nA7BxRv6sESqYpOkaDAZZKgTYAw8GYQ9hewfF vhZ+zfxXr3eBfqoKs1oeXirHmuUC+2Acps8AUlVLLCq6YmvRTngLVZVNGPzxfyTfiM9E27cPM2/ hundawJivUhQ0Ys2sjsbf/xVQ5ELhbfVlGOXBygvclQlbna8OhUEq6QctSy/x2sCn9PhsC+U+NU z/B34xPRbuEM+nwjOBgur079EcrkBilWyigZfOZxRsKvA== X-Received: by 127.0.0.2 with SMTP id uYyuYY7687511x0OvN6cYBGc; Thu, 23 May 2024 22:45:19 -0700 X-Received: from mail-oa1-f47.google.com (mail-oa1-f47.google.com [209.85.160.47]) by mx.groups.io with SMTP id smtpd.web10.9212.1716529518754328765 for ; Thu, 23 May 2024 22:45:18 -0700 X-Received: by mail-oa1-f47.google.com with SMTP id 586e51a60fabf-24c91c46d00so555303fac.2 for ; Thu, 23 May 2024 22:45:18 -0700 (PDT) X-Gm-Message-State: 8evCuw4hujAgitgmXJhICLPAx7686176AA= X-Google-Smtp-Source: AGHT+IFVyYpbVW7j/iWnlq1mjTITI+BZ7xI4IvDArmPwx5b7vBQbGcgse5eXYuydAuf0Wih8lUXFBA== X-Received: by 2002:a05:6870:7b54:b0:23e:6479:7b4 with SMTP id 586e51a60fabf-24ca124ab44mr1266604fac.27.1716529516928; Thu, 23 May 2024 22:45:16 -0700 (PDT) X-Received: from localhost.localdomain (c-67-160-15-86.hsd1.wa.comcast.net. [67.160.15.86]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-6f8fcfe64a4sm471919b3a.158.2024.05.23.22.45.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 May 2024 22:45:16 -0700 (PDT) From: "Doug Flick via groups.io" X-Google-Original-From: Flickdm To: devel@edk2.groups.io Cc: Liming Gao Subject: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Date: Thu, 23 May 2024 22:44:52 -0700 Message-Id: <20240524054512.523329-1-douglas.flick@microsoft.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Thu, 23 May 2024 22:45:18 -0700 Resent-From: dougflick@microsoft.com Reply-To: devel@edk2.groups.io,dougflick@microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=zeNpOeMQ; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html This patch series patches the following CVEs: - CVE-2023-45236: Predictable TCP Initial Sequence Numbers - CVE-2023-45237: Use of a Weak PseudoRandom Number Generator In order to patch these CVEs, the following changes were made: - NetworkPkg no longer performs it's own random number generation, instead it uses EFI_RNG_PROTOCOL provided by the plaform to generate random numbers. - This change was made such that any future random number generation vulnerabilities will be a result of the platforms implementation of the EFI_RNG_PROTOCOL and not the NetworkPkg - NetworkPkg uses the TCP initial sequence number algorithm as described in RFC 6528 to generate the initial sequence number for TCP connections. - This change was made to ensure that the initial sequence number is not predictable and therefore cannot be used in a TCP hijacking attack. In addition to the above changes, the following changes were made: - EmulatorPkg OvmfPkg, and ArmVirtPkg were updated to include the Hash2DxeCrypto driver to support TCP ISN generation using EFI_HASH2_PROTOCOL - EmulatorPkg was updated to include the RngDxe driver to support random number generation using the EFI_RNG_PROTOCOL - OvmfPkg, and ArmVirtPkg were updated to include the virtio-rng-pci device to support random number generation using the EFI_RNG_PROTOCOL using the existing VirtioRngDxe driver - SecurityPkg was updated to fix an incorrect limitation on the GetRng function in the RngDxe driver where the minimum amount of random data that could be requested was 32 bytes (256 bits) instead of what the caller requested - MdePkg was updated to include MockUefiBootServicesTableLib, MockRng, and MockHash2 protocols for testing - NetworkPkg was updated to include a test for the PxeBcDhcp6 driver due to underlying changes - ArmPkg was updated to allow the SMC/HVC monitor conduit to be specified at runtime - MdePkg was updated to remove an overzealous ASSERT in BaseRngLib - ArmVirtPkg was updated to permit the use of dynamic PCDs in PEI - ArmVirtPkg was updated to use dynamic PCDs to set the SMCCC conduit - ArmVirtPkg was updated to add the RngDxe driver Cc: Liming Gao Signed-off-by: Doug Flick [MSFT] Ard Biesheuvel (6): ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime MdePkg/BaseRngLib AARCH64: Remove overzealous ASSERT() ArmVirtPkg/ArmVirtQemu: Permit the use of dynamic PCDs in PEI ArmVirtPkg: Use dynamic PCD to set the SMCCC conduit ArmVirtPkg: Reverse inclusion order of MdeLibs.inc and ArmVirt.dsc.inc ArmVirtPkg/ArmVirtQemu: Add RngDxe driver Doug Flick (8): EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg NetworkPkg:: SECURITY PATCH CVE-2023-45237 NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236 MdePkg: : Add MockUefiBootServicesTableLib MdePkg: : Adds Protocol for MockRng MdePkg: Add MockHash2 Protocol for testing NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes Flickdm (6): EmulatorPkg: : Add RngDxe to EmulatorPkg OvmfPkg:PlatformCI: Support virtio-rng-pci ArmVirtPkg:PlatformCI: Support virtio-rng-pci ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg SecurityPkg: RngDxe: Remove incorrect limitation on GetRng ArmVirtPkg: Move PcdMonitorConduitHvc ArmPkg/ArmPkg.dec | 10 +- NetworkPkg/NetworkPkg.dec | 7 + ArmVirtPkg/ArmVirt.dsc.inc | 5 +- ArmVirtPkg/ArmVirtCloudHv.dsc | 3 + ArmVirtPkg/ArmVirtKvmTool.dsc | 4 +- ArmVirtPkg/ArmVirtQemu.dsc | 20 +- ArmVirtPkg/ArmVirtQemuKernel.dsc | 12 +- ArmVirtPkg/ArmVirtXen.dsc | 6 +- EmulatorPkg/EmulatorPkg.dsc | 14 +- MdePkg/Test/MdePkgHostTest.dsc | 1 + NetworkPkg/Test/NetworkPkgHostTest.dsc | 1 + OvmfPkg/OvmfPkgIa32.dsc | 6 +- OvmfPkg/OvmfPkgIa32X64.dsc | 6 +- OvmfPkg/OvmfPkgX64.dsc | 6 +- OvmfPkg/OvmfXen.dsc | 5 + ArmVirtPkg/ArmVirtQemu.fdf | 2 +- EmulatorPkg/EmulatorPkg.fdf | 11 +- OvmfPkg/OvmfPkgIa32.fdf | 5 + OvmfPkg/OvmfPkgIa32X64.fdf | 5 + OvmfPkg/OvmfPkgX64.fdf | 5 + OvmfPkg/OvmfXen.fdf | 5 + ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf | 1 + MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf | 32 +++ NetworkPkg/Library/DxeNetLib/DxeNetLib.inf | 14 +- NetworkPkg/TcpDxe/TcpDxe.inf | 11 +- NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf | 3 +- MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h | 78 +++++++ MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h | 67 ++++++ MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h | 48 ++++ NetworkPkg/IScsiDxe/IScsiMisc.h | 6 +- NetworkPkg/Include/Library/NetLib.h | 40 +++- NetworkPkg/Ip6Dxe/Ip6Nd.h | 8 +- NetworkPkg/TcpDxe/TcpFunc.h | 23 +- NetworkPkg/TcpDxe/TcpMain.h | 59 ++++- ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c | 2 +- ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c | 14 ++ MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 1 - NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c | 10 +- NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c | 11 +- NetworkPkg/DnsDxe/DnsDhcp.c | 10 +- NetworkPkg/DnsDxe/DnsImpl.c | 11 +- NetworkPkg/HttpBootDxe/HttpBootDhcp6.c | 10 +- NetworkPkg/IScsiDxe/IScsiCHAP.c | 19 +- NetworkPkg/IScsiDxe/IScsiMisc.c | 14 +- NetworkPkg/Ip4Dxe/Ip4Driver.c | 10 +- NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c | 9 +- NetworkPkg/Ip6Dxe/Ip6Driver.c | 17 +- NetworkPkg/Ip6Dxe/Ip6If.c | 12 +- NetworkPkg/Ip6Dxe/Ip6Mld.c | 12 +- NetworkPkg/Ip6Dxe/Ip6Nd.c | 33 ++- NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 130 +++++++++-- NetworkPkg/TcpDxe/TcpDriver.c | 105 ++++++++- NetworkPkg/TcpDxe/TcpInput.c | 13 +- NetworkPkg/TcpDxe/TcpMisc.c | 244 ++++++++++++++++++-- NetworkPkg/TcpDxe/TcpTimer.c | 3 +- NetworkPkg/Udp4Dxe/Udp4Driver.c | 10 +- NetworkPkg/Udp6Dxe/Udp6Driver.c | 11 +- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c | 9 +- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 11 +- NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c | 12 +- SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 - ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 6 + ArmVirtPkg/PlatformCI/PlatformBuildLib.py | 2 + MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp | 69 ++++++ MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp | 27 +++ MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp | 21 ++ NetworkPkg/SecurityFixes.yaml | 61 +++++ NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp | 102 +++++++- OvmfPkg/PlatformCI/PlatformBuildLib.py | 2 + 69 files changed, 1397 insertions(+), 173 deletions(-) create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119227): https://edk2.groups.io/g/devel/message/119227 Mute This Topic: https://groups.io/mt/106276830/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-