From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io, dougflick@microsoft.com
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>,
Zachary Clark-williams <zachary.clark-williams@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 08/13] NetworkPkg:: SECURITY PATCH CVE-2023-45237
Date: Mon, 13 May 2024 16:30:18 +0200 [thread overview]
Message-ID: <CAMj1kXHWkwBOc62J1iefPN43mS=MaSuba2LHzKsSo33_5U13Eg@mail.gmail.com> (raw)
In-Reply-To: <20240509055633.828642-9-doug.edk2@gmail.com>
Could we please include
gEfiRngAlgorithmArmRndr
in the list of accepted RNG protocols?
The ARM architecture reference mandates the use of a DRBG that
complies with NIST SP800-90A Rev 1 to produce the random output
emitted by RNDR/RNDRRS, and so it matches the requirement imposed by
this change.
On Thu, 9 May 2024 at 07:57, Doug Flick via groups.io
<dougflick=microsoft.com@groups.io> wrote:
>
> From: Doug Flick <dougflick@microsoft.com>
>
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542
>
> Bug Overview:
> PixieFail Bug #9
> CVE-2023-45237
> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
> CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
>
> Use of a Weak PseudoRandom Number Generator
>
> Change Overview:
>
> Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either
>
> >
> > EFI_STATUS
> > EFIAPI
> > PseudoRandomU32 (
> > OUT UINT32 *Output
> > );
> >
>
> or (depending on the use case)
>
> >
> > EFI_STATUS
> > EFIAPI
> > PseudoRandom (
> > OUT VOID *Output,
> > IN UINTN OutputLength
> > );
> >
>
> This is because the use of
>
> Example:
>
> The following code snippet PseudoRandomU32 () function is used:
>
> >
> > UINT32 Random;
> >
> > Status = PseudoRandomU32 (&Random);
> > if (EFI_ERROR (Status)) {
> > DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n",
> __func__, Status));
> > return Status;
> > }
> >
>
> This also introduces a new PCD to enable/disable the use of the
> secure implementation of algorithms for PseudoRandom () and
> instead depend on the default implementation. This may be required for
> some platforms where the UEFI Spec defined algorithms are not available.
>
> >
> > PcdEnforceSecureRngAlgorithms
> >
>
> If the platform does not have any one of the UEFI defined
> secure RNG algorithms then the driver will assert.
>
> Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
>
> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
> ---
> NetworkPkg/NetworkPkg.dec | 7 ++
> NetworkPkg/Library/DxeNetLib/DxeNetLib.inf | 13 +-
> NetworkPkg/TcpDxe/TcpDxe.inf | 3 +
> NetworkPkg/IScsiDxe/IScsiMisc.h | 6 +-
> NetworkPkg/Include/Library/NetLib.h | 40 ++++--
> NetworkPkg/Ip6Dxe/Ip6Nd.h | 8 +-
> NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c | 10 +-
> NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c | 11 +-
> NetworkPkg/DnsDxe/DnsDhcp.c | 10 +-
> NetworkPkg/DnsDxe/DnsImpl.c | 11 +-
> NetworkPkg/HttpBootDxe/HttpBootDhcp6.c | 10 +-
> NetworkPkg/IScsiDxe/IScsiCHAP.c | 19 ++-
> NetworkPkg/IScsiDxe/IScsiMisc.c | 14 +--
> NetworkPkg/Ip4Dxe/Ip4Driver.c | 10 +-
> NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c | 9 +-
> NetworkPkg/Ip6Dxe/Ip6Driver.c | 17 ++-
> NetworkPkg/Ip6Dxe/Ip6If.c | 12 +-
> NetworkPkg/Ip6Dxe/Ip6Mld.c | 12 +-
> NetworkPkg/Ip6Dxe/Ip6Nd.c | 33 ++++-
> NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 129 +++++++++++++++++---
> NetworkPkg/TcpDxe/TcpDriver.c | 15 ++-
> NetworkPkg/Udp4Dxe/Udp4Driver.c | 10 +-
> NetworkPkg/Udp6Dxe/Udp6Driver.c | 11 +-
> NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c | 9 +-
> NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 11 +-
> NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c | 12 +-
> NetworkPkg/SecurityFixes.yaml | 39 ++++++
> 27 files changed, 408 insertions(+), 83 deletions(-)
>
> diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec
> index e06f35e7747c..7c4289b77b21 100644
> --- a/NetworkPkg/NetworkPkg.dec
> +++ b/NetworkPkg/NetworkPkg.dec
> @@ -5,6 +5,7 @@
> #
> # Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.<BR>
> # (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP<BR>
> +# Copyright (c) Microsoft Corporation
> #
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> #
> @@ -130,6 +131,12 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
> # @Prompt Indicates whether SnpDxe creates event for ExitBootServices() call.
> gEfiNetworkPkgTokenSpaceGuid.PcdSnpCreateExitBootServicesEvent|TRUE|BOOLEAN|0x1000000C
>
> + ## Enforces the use of Secure UEFI spec defined RNG algorithms for all network connections.
> + # TRUE - Enforce the use of Secure UEFI spec defined RNG algorithms.
> + # FALSE - Do not enforce and depend on the default implementation of RNG algorithm from the provider.
> + # @Prompt Enforce the use of Secure UEFI spec defined RNG algorithms.
> + gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|0x1000000D
> +
> [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
> ## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 6355).
> # 01 = DUID Based on Link-layer Address Plus Time [DUID-LLT]
> diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
> index 8145d256ec10..236ccd362efe 100644
> --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
> +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
> @@ -3,6 +3,7 @@
> #
> # Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
> # (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +# Copyright (c) Microsoft Corporation
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> #
> ##
> @@ -49,7 +50,10 @@ [Guids]
> gEfiSmbiosTableGuid ## SOMETIMES_CONSUMES ## SystemTable
> gEfiSmbios3TableGuid ## SOMETIMES_CONSUMES ## SystemTable
> gEfiAdapterInfoMediaStateGuid ## SOMETIMES_CONSUMES
> -
> + gEfiRngAlgorithmRaw ## CONSUMES
> + gEfiRngAlgorithmSp80090Ctr256Guid ## CONSUMES
> + gEfiRngAlgorithmSp80090Hmac256Guid ## CONSUMES
> + gEfiRngAlgorithmSp80090Hash256Guid ## CONSUMES
>
> [Protocols]
> gEfiSimpleNetworkProtocolGuid ## SOMETIMES_CONSUMES
> @@ -59,3 +63,10 @@ [Protocols]
> gEfiComponentNameProtocolGuid ## SOMETIMES_CONSUMES
> gEfiComponentName2ProtocolGuid ## SOMETIMES_CONSUMES
> gEfiAdapterInformationProtocolGuid ## SOMETIMES_CONSUMES
> + gEfiRngProtocolGuid ## CONSUMES
> +
> +[FixedPcd]
> + gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms ## CONSUMES
> +
> +[Depex]
> + gEfiRngProtocolGuid
> diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
> index c0acbdca5700..cf5423f4c537 100644
> --- a/NetworkPkg/TcpDxe/TcpDxe.inf
> +++ b/NetworkPkg/TcpDxe/TcpDxe.inf
> @@ -82,5 +82,8 @@ [Protocols]
> gEfiTcp6ProtocolGuid ## BY_START
> gEfiTcp6ServiceBindingProtocolGuid ## BY_START
>
> +[Depex]
> + gEfiHash2ServiceBindingProtocolGuid
> +
> [UserExtensions.TianoCore."ExtraFiles"]
> TcpDxeExtra.uni
> diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h
> index a951eee70ec9..91b2cd22613d 100644
> --- a/NetworkPkg/IScsiDxe/IScsiMisc.h
> +++ b/NetworkPkg/IScsiDxe/IScsiMisc.h
> @@ -2,6 +2,7 @@
> Miscellaneous definitions for iSCSI driver.
>
> Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) Microsoft Corporation
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -202,8 +203,11 @@ IScsiNetNtoi (
> @param[in, out] Rand The buffer to contain random numbers.
> @param[in] RandLength The length of the Rand buffer.
>
> + @retval EFI_SUCCESS on success
> + @retval others on error
> +
> **/
> -VOID
> +EFI_STATUS
> IScsiGenRandom (
> IN OUT UINT8 *Rand,
> IN UINTN RandLength
> diff --git a/NetworkPkg/Include/Library/NetLib.h b/NetworkPkg/Include/Library/NetLib.h
> index 8c0e62b3889c..e8108b79db8f 100644
> --- a/NetworkPkg/Include/Library/NetLib.h
> +++ b/NetworkPkg/Include/Library/NetLib.h
> @@ -3,6 +3,7 @@
> It provides basic functions for the UEFI network stack.
>
> Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) Microsoft Corporation
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -539,8 +540,6 @@ extern EFI_IPv4_ADDRESS mZeroIp4Addr;
> #define TICKS_PER_MS 10000U
> #define TICKS_PER_SECOND 10000000U
>
> -#define NET_RANDOM(Seed) ((UINT32) ((UINT32) (Seed) * 1103515245UL + 12345) % 4294967295UL)
> -
> /**
> Extract a UINT32 from a byte stream.
>
> @@ -580,19 +579,40 @@ NetPutUint32 (
> );
>
> /**
> - Initialize a random seed using current time and monotonic count.
> + Generate a Random output data given a length.
>
> - Get current time and monotonic count first. Then initialize a random seed
> - based on some basic mathematics operation on the hour, day, minute, second,
> - nanosecond and year of the current time and the monotonic count value.
> + @param[out] Output - The buffer to store the generated random data.
> + @param[in] OutputLength - The length of the output buffer.
>
> - @return The random seed initialized with current time.
> + @retval EFI_SUCCESS On Success
> + @retval EFI_INVALID_PARAMETER Pointer is null or size is zero
> + @retval EFI_NOT_FOUND RNG protocol not found
> + @retval Others Error from RngProtocol->GetRNG()
>
> + @return Status code
> **/
> -UINT32
> +EFI_STATUS
> EFIAPI
> -NetRandomInitSeed (
> - VOID
> +PseudoRandom (
> + OUT VOID *Output,
> + IN UINTN OutputLength
> + );
> +
> +/**
> + Generate a 32-bit pseudo-random number.
> +
> + @param[out] Output - The buffer to store the generated random number.
> +
> + @retval EFI_SUCCESS On Success
> + @retval EFI_NOT_FOUND RNG protocol not found
> + @retval Others Error from RngProtocol->GetRNG()
> +
> + @return Status code
> +**/
> +EFI_STATUS
> +EFIAPI
> +PseudoRandomU32 (
> + OUT UINT32 *Output
> );
>
> #define NET_LIST_USER_STRUCT(Entry, Type, Field) \
> diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.h b/NetworkPkg/Ip6Dxe/Ip6Nd.h
> index bf64e9114e13..5795e23c7d71 100644
> --- a/NetworkPkg/Ip6Dxe/Ip6Nd.h
> +++ b/NetworkPkg/Ip6Dxe/Ip6Nd.h
> @@ -2,7 +2,7 @@
> Definition of Neighbor Discovery support routines.
>
> Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
> -
> + Copyright (c) Microsoft Corporation
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -780,10 +780,10 @@ Ip6OnArpResolved (
> /**
> Update the ReachableTime in IP6 service binding instance data, in milliseconds.
>
> - @param[in, out] IpSb Points to the IP6_SERVICE.
> -
> + @retval EFI_SUCCESS ReachableTime Updated
> + @retval others Failed to update ReachableTime
> **/
> -VOID
> +EFI_STATUS
> Ip6UpdateReachableTime (
> IN OUT IP6_SERVICE *IpSb
> );
> diff --git a/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c b/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
> index 8c37e93be3a8..892caee36846 100644
> --- a/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
> +++ b/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
> @@ -1,6 +1,7 @@
> /** @file
>
> Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) Microsoft Corporation
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -189,6 +190,13 @@ Dhcp4CreateService (
> {
> DHCP_SERVICE *DhcpSb;
> EFI_STATUS Status;
> + UINT32 Random;
> +
> + Status = PseudoRandomU32 (&Random);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
> + return Status;
> + }
>
> *Service = NULL;
> DhcpSb = AllocateZeroPool (sizeof (DHCP_SERVICE));
> @@ -203,7 +211,7 @@ Dhcp4CreateService (
> DhcpSb->Image = ImageHandle;
> InitializeListHead (&DhcpSb->Children);
> DhcpSb->DhcpState = Dhcp4Stopped;
> - DhcpSb->Xid = NET_RANDOM (NetRandomInitSeed ());
> + DhcpSb->Xid = Random;
> CopyMem (
> &DhcpSb->ServiceBinding,
> &mDhcp4ServiceBindingTemplate,
> diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
> index b591a4605bc9..e7f2787a98ba 100644
> --- a/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
> +++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
> @@ -3,7 +3,7 @@
> implementation for Dhcp6 Driver.
>
> Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> -
> + Copyright (c) Microsoft Corporation
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -123,6 +123,13 @@ Dhcp6CreateService (
> {
> DHCP6_SERVICE *Dhcp6Srv;
> EFI_STATUS Status;
> + UINT32 Random;
> +
> + Status = PseudoRandomU32 (&Random);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
> + return Status;
> + }
>
> *Service = NULL;
> Dhcp6Srv = AllocateZeroPool (sizeof (DHCP6_SERVICE));
> @@ -147,7 +154,7 @@ Dhcp6CreateService (
> Dhcp6Srv->Signature = DHCP6_SERVICE_SIGNATURE;
> Dhcp6Srv->Controller = Controller;
> Dhcp6Srv->Image = ImageHandle;
> - Dhcp6Srv->Xid = (0xffffff & NET_RANDOM (NetRandomInitSeed ()));
> + Dhcp6Srv->Xid = (0xffffff & Random);
>
> CopyMem (
> &Dhcp6Srv->ServiceBinding,
> diff --git a/NetworkPkg/DnsDxe/DnsDhcp.c b/NetworkPkg/DnsDxe/DnsDhcp.c
> index 933565a32df1..9eb3c1d2d81d 100644
> --- a/NetworkPkg/DnsDxe/DnsDhcp.c
> +++ b/NetworkPkg/DnsDxe/DnsDhcp.c
> @@ -2,6 +2,7 @@
> Functions implementation related with DHCPv4/v6 for DNS driver.
>
> Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) Microsoft Corporation
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -277,6 +278,7 @@ GetDns4ServerFromDhcp4 (
> EFI_DHCP4_TRANSMIT_RECEIVE_TOKEN Token;
> BOOLEAN IsDone;
> UINTN Index;
> + UINT32 Random;
>
> Image = Instance->Service->ImageHandle;
> Controller = Instance->Service->ControllerHandle;
> @@ -292,6 +294,12 @@ GetDns4ServerFromDhcp4 (
> Data = NULL;
> InterfaceInfo = NULL;
>
> + Status = PseudoRandomU32 (&Random);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
> + return Status;
> + }
> +
> ZeroMem ((UINT8 *)ParaList, sizeof (ParaList));
>
> ZeroMem (&MnpConfigData, sizeof (EFI_MANAGED_NETWORK_CONFIG_DATA));
> @@ -467,7 +475,7 @@ GetDns4ServerFromDhcp4 (
>
> Status = Dhcp4->Build (Dhcp4, &SeedPacket, 0, NULL, 2, ParaList, &Token.Packet);
>
> - Token.Packet->Dhcp4.Header.Xid = HTONL (NET_RANDOM (NetRandomInitSeed ()));
> + Token.Packet->Dhcp4.Header.Xid = Random;
>
> Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)0x8000);
>
> diff --git a/NetworkPkg/DnsDxe/DnsImpl.c b/NetworkPkg/DnsDxe/DnsImpl.c
> index d311812800fd..c2629bb8df1f 100644
> --- a/NetworkPkg/DnsDxe/DnsImpl.c
> +++ b/NetworkPkg/DnsDxe/DnsImpl.c
> @@ -2,6 +2,7 @@
> DnsDxe support functions implementation.
>
> Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) Microsoft Corporation
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -1963,6 +1964,14 @@ ConstructDNSQuery (
> NET_FRAGMENT Frag;
> DNS_HEADER *DnsHeader;
> DNS_QUERY_SECTION *DnsQuery;
> + EFI_STATUS Status;
> + UINT32 Random;
> +
> + Status = PseudoRandomU32 (&Random);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
> + return Status;
> + }
>
> //
> // Messages carried by UDP are restricted to 512 bytes (not counting the IP
> @@ -1977,7 +1986,7 @@ ConstructDNSQuery (
> // Fill header
> //
> DnsHeader = (DNS_HEADER *)Frag.Bulk;
> - DnsHeader->Identification = (UINT16)NET_RANDOM (NetRandomInitSeed ());
> + DnsHeader->Identification = (UINT16)Random;
> DnsHeader->Flags.Uint16 = 0x0000;
> DnsHeader->Flags.Bits.RD = 1;
> DnsHeader->Flags.Bits.OpCode = DNS_FLAGS_OPCODE_STANDARD;
> diff --git a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
> index b22cef4ff587..f964515b0fa6 100644
> --- a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
> +++ b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
> @@ -2,6 +2,7 @@
> Functions implementation related with DHCPv6 for HTTP boot driver.
>
> Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) Microsoft Corporation
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -951,6 +952,7 @@ HttpBootDhcp6Sarr (
> UINT32 OptCount;
> UINT8 Buffer[HTTP_BOOT_DHCP6_OPTION_MAX_SIZE];
> EFI_STATUS Status;
> + UINT32 Random;
>
> Dhcp6 = Private->Dhcp6;
> ASSERT (Dhcp6 != NULL);
> @@ -961,6 +963,12 @@ HttpBootDhcp6Sarr (
> OptCount = HttpBootBuildDhcp6Options (Private, OptList, Buffer);
> ASSERT (OptCount > 0);
>
> + Status = PseudoRandomU32 (&Random);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
> + return Status;
> + }
> +
> Retransmit = AllocateZeroPool (sizeof (EFI_DHCP6_RETRANSMISSION));
> if (Retransmit == NULL) {
> return EFI_OUT_OF_RESOURCES;
> @@ -976,7 +984,7 @@ HttpBootDhcp6Sarr (
> Config.IaInfoEvent = NULL;
> Config.RapidCommit = FALSE;
> Config.ReconfigureAccept = FALSE;
> - Config.IaDescriptor.IaId = NET_RANDOM (NetRandomInitSeed ());
> + Config.IaDescriptor.IaId = Random;
> Config.IaDescriptor.Type = EFI_DHCP6_IA_TYPE_NA;
> Config.SolicitRetransmission = Retransmit;
> Retransmit->Irt = 4;
> diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c
> index b507f11cd45e..bebb1ac29b9c 100644
> --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c
> +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c
> @@ -3,6 +3,7 @@
> Configuration.
>
> Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) Microsoft Corporation
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -576,16 +577,24 @@ IScsiCHAPToSendReq (
> //
> // CHAP_I=<I>
> //
> - IScsiGenRandom ((UINT8 *)&AuthData->OutIdentifier, 1);
> + Status = IScsiGenRandom ((UINT8 *)&AuthData->OutIdentifier, 1);
> + if (EFI_ERROR (Status)) {
> + break;
> + }
> +
> AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", AuthData->OutIdentifier);
> IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_IDENTIFIER, ValueStr);
> //
> // CHAP_C=<C>
> //
> - IScsiGenRandom (
> - (UINT8 *)AuthData->OutChallenge,
> - AuthData->Hash->DigestSize
> - );
> + Status = IScsiGenRandom (
> + (UINT8 *)AuthData->OutChallenge,
> + AuthData->Hash->DigestSize
> + );
> + if (EFI_ERROR (Status)) {
> + break;
> + }
> +
> BinToHexStatus = IScsiBinToHex (
> (UINT8 *)AuthData->OutChallenge,
> AuthData->Hash->DigestSize,
> diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c
> index 78dc5c73d35a..2159b8494963 100644
> --- a/NetworkPkg/IScsiDxe/IScsiMisc.c
> +++ b/NetworkPkg/IScsiDxe/IScsiMisc.c
> @@ -2,6 +2,7 @@
> Miscellaneous routines for iSCSI driver.
>
> Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) Microsoft Corporation
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -474,20 +475,17 @@ IScsiNetNtoi (
> @param[in, out] Rand The buffer to contain random numbers.
> @param[in] RandLength The length of the Rand buffer.
>
> + @retval EFI_SUCCESS on success
> + @retval others on error
> +
> **/
> -VOID
> +EFI_STATUS
> IScsiGenRandom (
> IN OUT UINT8 *Rand,
> IN UINTN RandLength
> )
> {
> - UINT32 Random;
> -
> - while (RandLength > 0) {
> - Random = NET_RANDOM (NetRandomInitSeed ());
> - *Rand++ = (UINT8)(Random);
> - RandLength--;
> - }
> + return PseudoRandom (Rand, RandLength);
> }
>
> /**
> diff --git a/NetworkPkg/Ip4Dxe/Ip4Driver.c b/NetworkPkg/Ip4Dxe/Ip4Driver.c
> index ec483ff01fa9..683423f38dc7 100644
> --- a/NetworkPkg/Ip4Dxe/Ip4Driver.c
> +++ b/NetworkPkg/Ip4Dxe/Ip4Driver.c
> @@ -2,6 +2,7 @@
> The driver binding and service binding protocol for IP4 driver.
>
> Copyright (c) 2005 - 2019, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) Microsoft Corporation
> (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
> @@ -549,11 +550,18 @@ Ip4DriverBindingStart (
> EFI_IP4_CONFIG2_PROTOCOL *Ip4Cfg2;
> UINTN Index;
> IP4_CONFIG2_DATA_ITEM *DataItem;
> + UINT32 Random;
>
> IpSb = NULL;
> Ip4Cfg2 = NULL;
> DataItem = NULL;
>
> + Status = PseudoRandomU32 (&Random);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
> + return Status;
> + }
> +
> //
> // Test for the Ip4 service binding protocol
> //
> @@ -653,7 +661,7 @@ Ip4DriverBindingStart (
> //
> // Initialize the IP4 ID
> //
> - mIp4Id = (UINT16)NET_RANDOM (NetRandomInitSeed ());
> + mIp4Id = (UINT16)Random;
>
> return Status;
>
> diff --git a/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c b/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
> index 70e232ce6c4d..4c1354d26cc1 100644
> --- a/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
> +++ b/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
> @@ -2276,6 +2276,13 @@ Ip6ConfigInitInstance (
> UINTN Index;
> UINT16 IfIndex;
> IP6_CONFIG_DATA_ITEM *DataItem;
> + UINT32 Random;
> +
> + Status = PseudoRandomU32 (&Random);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
> + return Status;
> + }
>
> IpSb = IP6_SERVICE_FROM_IP6_CONFIG_INSTANCE (Instance);
>
> @@ -2381,7 +2388,7 @@ Ip6ConfigInitInstance (
> // The NV variable is not set, so generate a random IAID, and write down the
> // fresh new configuration as the NV variable now.
> //
> - Instance->IaId = NET_RANDOM (NetRandomInitSeed ());
> + Instance->IaId = Random;
>
> for (Index = 0; Index < IpSb->SnpMode.HwAddressSize; Index++) {
> Instance->IaId |= (IpSb->SnpMode.CurrentAddress.Addr[Index] << ((Index << 3) & 31));
> diff --git a/NetworkPkg/Ip6Dxe/Ip6Driver.c b/NetworkPkg/Ip6Dxe/Ip6Driver.c
> index b483a7d136d9..cbe011dad472 100644
> --- a/NetworkPkg/Ip6Dxe/Ip6Driver.c
> +++ b/NetworkPkg/Ip6Dxe/Ip6Driver.c
> @@ -3,7 +3,7 @@
>
> Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
> (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
> -
> + Copyright (c) Microsoft Corporation
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -316,7 +316,11 @@ Ip6CreateService (
> IpSb->CurHopLimit = IP6_HOP_LIMIT;
> IpSb->LinkMTU = IP6_MIN_LINK_MTU;
> IpSb->BaseReachableTime = IP6_REACHABLE_TIME;
> - Ip6UpdateReachableTime (IpSb);
> + Status = Ip6UpdateReachableTime (IpSb);
> + if (EFI_ERROR (Status)) {
> + goto ON_ERROR;
> + }
> +
> //
> // RFC4861 RETRANS_TIMER: 1,000 milliseconds
> //
> @@ -516,11 +520,18 @@ Ip6DriverBindingStart (
> EFI_STATUS Status;
> EFI_IP6_CONFIG_PROTOCOL *Ip6Cfg;
> IP6_CONFIG_DATA_ITEM *DataItem;
> + UINT32 Random;
>
> IpSb = NULL;
> Ip6Cfg = NULL;
> DataItem = NULL;
>
> + Status = PseudoRandomU32 (&Random);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
> + return Status;
> + }
> +
> //
> // Test for the Ip6 service binding protocol
> //
> @@ -656,7 +667,7 @@ Ip6DriverBindingStart (
> //
> // Initialize the IP6 ID
> //
> - mIp6Id = NET_RANDOM (NetRandomInitSeed ());
> + mIp6Id = Random;
>
> return EFI_SUCCESS;
>
> diff --git a/NetworkPkg/Ip6Dxe/Ip6If.c b/NetworkPkg/Ip6Dxe/Ip6If.c
> index 4629c05f25a0..f3d11c4d2155 100644
> --- a/NetworkPkg/Ip6Dxe/Ip6If.c
> +++ b/NetworkPkg/Ip6Dxe/Ip6If.c
> @@ -2,7 +2,7 @@
> Implement IP6 pseudo interface.
>
> Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> -
> + Copyright (c) Microsoft Corporation
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -89,6 +89,14 @@ Ip6SetAddress (
> IP6_PREFIX_LIST_ENTRY *PrefixEntry;
> UINT64 Delay;
> IP6_DELAY_JOIN_LIST *DelayNode;
> + EFI_STATUS Status;
> + UINT32 Random;
> +
> + Status = PseudoRandomU32 (&Random);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
> + return Status;
> + }
>
> NET_CHECK_SIGNATURE (Interface, IP6_INTERFACE_SIGNATURE);
>
> @@ -164,7 +172,7 @@ Ip6SetAddress (
> // Thus queue the address to be processed in Duplicate Address Detection module
> // after the delay time (in milliseconds).
> //
> - Delay = (UINT64)NET_RANDOM (NetRandomInitSeed ());
> + Delay = (UINT64)Random;
> Delay = MultU64x32 (Delay, IP6_ONE_SECOND_IN_MS);
> Delay = RShiftU64 (Delay, 32);
>
> diff --git a/NetworkPkg/Ip6Dxe/Ip6Mld.c b/NetworkPkg/Ip6Dxe/Ip6Mld.c
> index e6b2b653e295..498a11854305 100644
> --- a/NetworkPkg/Ip6Dxe/Ip6Mld.c
> +++ b/NetworkPkg/Ip6Dxe/Ip6Mld.c
> @@ -696,7 +696,15 @@ Ip6UpdateDelayTimer (
> IN OUT IP6_MLD_GROUP *Group
> )
> {
> - UINT32 Delay;
> + UINT32 Delay;
> + EFI_STATUS Status;
> + UINT32 Random;
> +
> + Status = PseudoRandomU32 (&Random);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
> + return Status;
> + }
>
> //
> // If the Query packet specifies a Maximum Response Delay of zero, perform timer
> @@ -715,7 +723,7 @@ Ip6UpdateDelayTimer (
> // is less than the remaining value of the running timer.
> //
> if ((Group->DelayTimer == 0) || (Delay < Group->DelayTimer)) {
> - Group->DelayTimer = Delay / 4294967295UL * NET_RANDOM (NetRandomInitSeed ());
> + Group->DelayTimer = Delay / 4294967295UL * Random;
> }
>
> return EFI_SUCCESS;
> diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.c b/NetworkPkg/Ip6Dxe/Ip6Nd.c
> index c10c7017f88d..72aa45c10f3f 100644
> --- a/NetworkPkg/Ip6Dxe/Ip6Nd.c
> +++ b/NetworkPkg/Ip6Dxe/Ip6Nd.c
> @@ -2,7 +2,7 @@
> Implementation of Neighbor Discovery support routines.
>
> Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> -
> + Copyright (c) Microsoft Corporation
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -16,17 +16,28 @@ EFI_MAC_ADDRESS mZeroMacAddress;
>
> @param[in, out] IpSb Points to the IP6_SERVICE.
>
> + @retval EFI_SUCCESS ReachableTime Updated
> + @retval others Failed to update ReachableTime
> **/
> -VOID
> +EFI_STATUS
> Ip6UpdateReachableTime (
> IN OUT IP6_SERVICE *IpSb
> )
> {
> - UINT32 Random;
> + UINT32 Random;
> + EFI_STATUS Status;
>
> - Random = (NetRandomInitSeed () / 4294967295UL) * IP6_RANDOM_FACTOR_SCALE;
> + Status = PseudoRandomU32 (&Random);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
> + return Status;
> + }
> +
> + Random = (Random / 4294967295UL) * IP6_RANDOM_FACTOR_SCALE;
> Random = Random + IP6_MIN_RANDOM_FACTOR_SCALED;
> IpSb->ReachableTime = (IpSb->BaseReachableTime * Random) / IP6_RANDOM_FACTOR_SCALE;
> +
> + return EFI_SUCCESS;
> }
>
> /**
> @@ -972,10 +983,17 @@ Ip6InitDADProcess (
> IP6_SERVICE *IpSb;
> EFI_STATUS Status;
> UINT32 MaxDelayTick;
> + UINT32 Random;
>
> NET_CHECK_SIGNATURE (IpIf, IP6_INTERFACE_SIGNATURE);
> ASSERT (AddressInfo != NULL);
>
> + Status = PseudoRandomU32 (&Random);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
> + return Status;
> + }
> +
> //
> // Do nothing if we have already started DAD on the address.
> //
> @@ -1014,7 +1032,7 @@ Ip6InitDADProcess (
> Entry->Transmit = 0;
> Entry->Receive = 0;
> MaxDelayTick = IP6_MAX_RTR_SOLICITATION_DELAY / IP6_TIMER_INTERVAL_IN_MS;
> - Entry->RetransTick = (MaxDelayTick * ((NET_RANDOM (NetRandomInitSeed ()) % 5) + 1)) / 5;
> + Entry->RetransTick = (MaxDelayTick * ((Random % 5) + 1)) / 5;
> Entry->AddressInfo = AddressInfo;
> Entry->Callback = Callback;
> Entry->Context = Context;
> @@ -2078,7 +2096,10 @@ Ip6ProcessRouterAdvertise (
> // in BaseReachableTime and recompute a ReachableTime.
> //
> IpSb->BaseReachableTime = ReachableTime;
> - Ip6UpdateReachableTime (IpSb);
> + Status = Ip6UpdateReachableTime (IpSb);
> + if (EFI_ERROR (Status)) {
> + goto Exit;
> + }
> }
>
> if (RetransTimer != 0) {
> diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
> index fd4a9e15a892..b13853b23c7e 100644
> --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
> +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
> @@ -3,6 +3,7 @@
>
> Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
> (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +Copyright (c) Microsoft Corporation
> SPDX-License-Identifier: BSD-2-Clause-Patent
> **/
>
> @@ -31,6 +32,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> #include <Library/DevicePathLib.h>
> #include <Library/PrintLib.h>
> #include <Library/UefiLib.h>
> +#include <Protocol/Rng.h>
>
> #define NIC_ITEM_CONFIG_SIZE (sizeof (NIC_IP4_CONFIG_INFO) + sizeof (EFI_IP4_ROUTE_TABLE) * MAX_IP4_CONFIG_IN_VARIABLE)
> #define DEFAULT_ZERO_START ((UINTN) ~0)
> @@ -127,6 +129,24 @@ GLOBAL_REMOVE_IF_UNREFERENCED VLAN_DEVICE_PATH mNetVlanDevicePathTemplate = {
> 0
> };
>
> +//
> +// These represent UEFI SPEC defined algorithms that should be supported by
> +// the RNG protocol and are generally considered secure.
> +//
> +// The order of the algorithms in this array is important. This order is the order
> +// in which the algorithms will be tried by the RNG protocol.
> +// If your platform needs to use a specific algorithm for the random number generator,
> +// then you should place that algorithm first in the array.
> +//
> +GLOBAL_REMOVE_IF_UNREFERENCED EFI_GUID *mSecureHashAlgorithms[] = {
> + &gEfiRngAlgorithmSp80090Ctr256Guid, // SP800-90A DRBG CTR using AES-256
> + &gEfiRngAlgorithmSp80090Hmac256Guid, // SP800-90A DRBG HMAC using SHA-256
> + &gEfiRngAlgorithmSp80090Hash256Guid, // SP800-90A DRBG Hash using SHA-256
> + &gEfiRngAlgorithmRaw, // Raw data from NRBG (or TRNG)
> +};
> +
> +#define SECURE_HASH_ALGORITHMS_SIZE (sizeof (mSecureHashAlgorithms) / sizeof (EFI_GUID *))
> +
> /**
> Locate the handles that support SNP, then open one of them
> to send the syslog packets. The caller isn't required to close
> @@ -884,34 +904,107 @@ Ip6Swap128 (
> }
>
> /**
> - Initialize a random seed using current time and monotonic count.
> + Generate a Random output data given a length.
>
> - Get current time and monotonic count first. Then initialize a random seed
> - based on some basic mathematics operation on the hour, day, minute, second,
> - nanosecond and year of the current time and the monotonic count value.
> + @param[out] Output - The buffer to store the generated random data.
> + @param[in] OutputLength - The length of the output buffer.
>
> - @return The random seed initialized with current time.
> + @retval EFI_SUCCESS On Success
> + @retval EFI_INVALID_PARAMETER Pointer is null or size is zero
> + @retval EFI_NOT_FOUND RNG protocol not found
> + @retval Others Error from RngProtocol->GetRNG()
>
> + @return Status code
> **/
> -UINT32
> +EFI_STATUS
> EFIAPI
> -NetRandomInitSeed (
> - VOID
> +PseudoRandom (
> + OUT VOID *Output,
> + IN UINTN OutputLength
> )
> {
> - EFI_TIME Time;
> - UINT32 Seed;
> - UINT64 MonotonicCount;
> + EFI_RNG_PROTOCOL *RngProtocol;
> + EFI_STATUS Status;
> + UINTN AlgorithmIndex;
>
> - gRT->GetTime (&Time, NULL);
> - Seed = (Time.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | Time.Second);
> - Seed ^= Time.Nanosecond;
> - Seed ^= Time.Year << 7;
> + if ((Output == NULL) || (OutputLength == 0)) {
> + return EFI_INVALID_PARAMETER;
> + }
>
> - gBS->GetNextMonotonicCount (&MonotonicCount);
> - Seed += (UINT32)MonotonicCount;
> + Status = gBS->LocateProtocol (&gEfiRngProtocolGuid, NULL, (VOID **)&RngProtocol);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "Failed to locate EFI_RNG_PROTOCOL: %r\n", Status));
> + ASSERT_EFI_ERROR (Status);
> + return Status;
> + }
>
> - return Seed;
> + if (PcdGetBool (PcdEnforceSecureRngAlgorithms)) {
> + for (AlgorithmIndex = 0; AlgorithmIndex < SECURE_HASH_ALGORITHMS_SIZE; AlgorithmIndex++) {
> + Status = RngProtocol->GetRNG (RngProtocol, mSecureHashAlgorithms[AlgorithmIndex], OutputLength, (UINT8 *)Output);
> + if (!EFI_ERROR (Status)) {
> + //
> + // Secure Algorithm was supported on this platform
> + //
> + return EFI_SUCCESS;
> + } else if (Status == EFI_UNSUPPORTED) {
> + //
> + // Secure Algorithm was not supported on this platform
> + //
> + DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
> +
> + //
> + // Try the next secure algorithm
> + //
> + continue;
> + } else {
> + //
> + // Some other error occurred
> + //
> + DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
> + ASSERT_EFI_ERROR (Status);
> + return Status;
> + }
> + }
> +
> + //
> + // If we get here, we failed to generate random data using any secure algorithm
> + // Platform owner should ensure that at least one secure algorithm is supported
> + //
> + ASSERT_EFI_ERROR (Status);
> + return Status;
> + }
> +
> + //
> + // Lets try using the default algorithm (which may not be secure)
> + //
> + Status = RngProtocol->GetRNG (RngProtocol, NULL, OutputLength, (UINT8 *)Output);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a failed to generate random data: %r\n", __func__, Status));
> + ASSERT_EFI_ERROR (Status);
> + return Status;
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Generate a 32-bit pseudo-random number.
> +
> + @param[out] Output - The buffer to store the generated random number.
> +
> + @retval EFI_SUCCESS On Success
> + @retval EFI_NOT_FOUND RNG protocol not found
> + @retval Others Error from RngProtocol->GetRNG()
> +
> + @return Status code
> +**/
> +EFI_STATUS
> +EFIAPI
> +PseudoRandomU32 (
> + OUT UINT32 *Output
> + )
> +{
> + return PseudoRandom (Output, sizeof (*Output));
> }
>
> /**
> diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
> index 98a90e02109b..8fe6badd687c 100644
> --- a/NetworkPkg/TcpDxe/TcpDriver.c
> +++ b/NetworkPkg/TcpDxe/TcpDriver.c
> @@ -2,7 +2,7 @@
> The driver binding and service binding protocol for the TCP driver.
>
> Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> -
> + Copyright (c) Microsoft Corporation
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -163,7 +163,13 @@ TcpDriverEntryPoint (
> )
> {
> EFI_STATUS Status;
> - UINT32 Seed;
> + UINT32 Random;
> +
> + Status = PseudoRandomU32 (&Random);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Status));
> + return Status;
> + }
>
> //
> // Install the TCP Driver Binding Protocol
> @@ -203,9 +209,8 @@ TcpDriverEntryPoint (
> //
> // Initialize ISS and random port.
> //
> - Seed = NetRandomInitSeed ();
> - mTcpGlobalIss = NET_RANDOM (Seed) % mTcpGlobalIss;
> - mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (NET_RANDOM (Seed) % TCP_PORT_KNOWN));
> + mTcpGlobalIss = Random % mTcpGlobalIss;
> + mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN));
> mTcp6RandomPort = mTcp4RandomPort;
>
> return EFI_SUCCESS;
> diff --git a/NetworkPkg/Udp4Dxe/Udp4Driver.c b/NetworkPkg/Udp4Dxe/Udp4Driver.c
> index cb917fcfc90f..c7ea16f4cd6f 100644
> --- a/NetworkPkg/Udp4Dxe/Udp4Driver.c
> +++ b/NetworkPkg/Udp4Dxe/Udp4Driver.c
> @@ -1,6 +1,7 @@
> /** @file
>
> Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) Microsoft Corporation
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -555,6 +556,13 @@ Udp4DriverEntryPoint (
> )
> {
> EFI_STATUS Status;
> + UINT32 Random;
> +
> + Status = PseudoRandomU32 (&Random);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
> + return Status;
> + }
>
> //
> // Install the Udp4DriverBinding and Udp4ComponentName protocols.
> @@ -571,7 +579,7 @@ Udp4DriverEntryPoint (
> //
> // Initialize the UDP random port.
> //
> - mUdp4RandomPort = (UINT16)(((UINT16)NetRandomInitSeed ()) % UDP4_PORT_KNOWN + UDP4_PORT_KNOWN);
> + mUdp4RandomPort = (UINT16)(((UINT16)Random) % UDP4_PORT_KNOWN + UDP4_PORT_KNOWN);
> }
>
> return Status;
> diff --git a/NetworkPkg/Udp6Dxe/Udp6Driver.c b/NetworkPkg/Udp6Dxe/Udp6Driver.c
> index ae96fb996627..edb758d57ca4 100644
> --- a/NetworkPkg/Udp6Dxe/Udp6Driver.c
> +++ b/NetworkPkg/Udp6Dxe/Udp6Driver.c
> @@ -2,7 +2,7 @@
> Driver Binding functions and Service Binding functions for the Network driver module.
>
> Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> -
> + Copyright (c) Microsoft Corporation
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -596,6 +596,13 @@ Udp6DriverEntryPoint (
> )
> {
> EFI_STATUS Status;
> + UINT32 Random;
> +
> + Status = PseudoRandomU32 (&Random);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
> + return Status;
> + }
>
> //
> // Install the Udp6DriverBinding and Udp6ComponentName protocols.
> @@ -614,7 +621,7 @@ Udp6DriverEntryPoint (
> // Initialize the UDP random port.
> //
> mUdp6RandomPort = (UINT16)(
> - ((UINT16)NetRandomInitSeed ()) %
> + ((UINT16)Random) %
> UDP6_PORT_KNOWN +
> UDP6_PORT_KNOWN
> );
> diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
> index 91146b78cb1e..452038c2194c 100644
> --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
> +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
> @@ -2,7 +2,7 @@
> Functions implementation related with DHCPv4 for UefiPxeBc Driver.
>
> Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> -
> + Copyright (c) Microsoft Corporation
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -1381,6 +1381,12 @@ PxeBcDhcp4Discover (
> UINT8 VendorOptLen;
> UINT32 Xid;
>
> + Status = PseudoRandomU32 (&Xid);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
> + return Status;
> + }
> +
> Mode = Private->PxeBc.Mode;
> Dhcp4 = Private->Dhcp4;
> Status = EFI_SUCCESS;
> @@ -1471,7 +1477,6 @@ PxeBcDhcp4Discover (
> //
> // Set fields of the token for the request packet.
> //
> - Xid = NET_RANDOM (NetRandomInitSeed ());
> Token.Packet->Dhcp4.Header.Xid = HTONL (Xid);
> Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)((IsBCast) ? 0x8000 : 0x0));
> CopyMem (&Token.Packet->Dhcp4.Header.ClientAddr, &Private->StationIp, sizeof (EFI_IPv4_ADDRESS));
> diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
> index 7fd1281c1184..bcabbd221983 100644
> --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
> +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
> @@ -2180,7 +2180,7 @@ PxeBcDhcp6Discover (
> UINTN ReadSize;
> UINT16 OpCode;
> UINT16 OpLen;
> - UINT32 Xid;
> + UINT32 Random;
> EFI_STATUS Status;
> UINTN DiscoverLenNeeded;
>
> @@ -2198,6 +2198,12 @@ PxeBcDhcp6Discover (
> return EFI_DEVICE_ERROR;
> }
>
> + Status = PseudoRandomU32 (&Random);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
> + return Status;
> + }
> +
> DiscoverLenNeeded = sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET);
> Discover = AllocateZeroPool (DiscoverLenNeeded);
> if (Discover == NULL) {
> @@ -2207,8 +2213,7 @@ PxeBcDhcp6Discover (
> //
> // Build the discover packet by the cached request packet before.
> //
> - Xid = NET_RANDOM (NetRandomInitSeed ());
> - Discover->TransactionId = HTONL (Xid);
> + Discover->TransactionId = HTONL (Random);
> Discover->MessageType = Request->Dhcp6.Header.MessageType;
> RequestOpt = Request->Dhcp6.Option;
> DiscoverOpt = Discover->DhcpOptions;
> diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
> index d84aca7e85ab..4cd915b41157 100644
> --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
> +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
> @@ -3,6 +3,7 @@
>
> (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
> Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR>
> + Copyright (c) Microsoft Corporation
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> @@ -892,6 +893,13 @@ PxeBcCreateIp6Children (
> PXEBC_PRIVATE_PROTOCOL *Id;
> EFI_SIMPLE_NETWORK_PROTOCOL *Snp;
> UINTN Index;
> + UINT32 Random;
> +
> + Status = PseudoRandomU32 (&Random);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "Failed to generate random number using EFI_RNG_PROTOCOL: %r\n", Status));
> + return Status;
> + }
>
> if (Private->Ip6Nic != NULL) {
> //
> @@ -935,9 +943,9 @@ PxeBcCreateIp6Children (
> }
>
> //
> - // Generate a random IAID for the Dhcp6 assigned address.
> + // Set a random IAID for the Dhcp6 assigned address.
> //
> - Private->IaId = NET_RANDOM (NetRandomInitSeed ());
> + Private->IaId = Random;
> if (Private->Snp != NULL) {
> for (Index = 0; Index < Private->Snp->Mode->HwAddressSize; Index++) {
> Private->IaId |= (Private->Snp->Mode->CurrentAddress.Addr[Index] << ((Index << 3) & 31));
> diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml
> index fa42025e0d82..20a4555019d9 100644
> --- a/NetworkPkg/SecurityFixes.yaml
> +++ b/NetworkPkg/SecurityFixes.yaml
> @@ -122,3 +122,42 @@ CVE_2023_45235:
> - http://www.openwall.com/lists/oss-security/2024/01/16/2
> - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
> - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
> +CVE_2023_45237:
> + commit_titles:
> + - "NetworkPkg:: SECURITY PATCH CVE 2023-45237"
> + cve: CVE-2023-45237
> + date_reported: 2023-08-28 13:56 UTC
> + description: "Bug 09 - Use of a Weak PseudoRandom Number Generator"
> + note:
> + files_impacted:
> + - NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
> + - NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
> + - NetworkPkg/DnsDxe/DnsDhcp.c
> + - NetworkPkg/DnsDxe/DnsImpl.c
> + - NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
> + - NetworkPkg/IScsiDxe/IScsiCHAP.c
> + - NetworkPkg/IScsiDxe/IScsiMisc.c
> + - NetworkPkg/IScsiDxe/IScsiMisc.h
> + - NetworkPkg/Include/Library/NetLib.h
> + - NetworkPkg/Ip4Dxe/Ip4Driver.c
> + - NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
> + - NetworkPkg/Ip6Dxe/Ip6Driver.c
> + - NetworkPkg/Ip6Dxe/Ip6If.c
> + - NetworkPkg/Ip6Dxe/Ip6Mld.c
> + - NetworkPkg/Ip6Dxe/Ip6Nd.c
> + - NetworkPkg/Ip6Dxe/Ip6Nd.h
> + - NetworkPkg/Library/DxeNetLib/DxeNetLib.c
> + - NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
> + - NetworkPkg/NetworkPkg.dec
> + - NetworkPkg/TcpDxe/TcpDriver.c
> + - NetworkPkg/Udp4Dxe/Udp4Driver.c
> + - NetworkPkg/Udp6Dxe/Udp6Driver.c
> + - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
> + - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
> + - NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
> + links:
> + - https://bugzilla.tianocore.org/show_bug.cgi?id=4542
> + - https://nvd.nist.gov/vuln/detail/CVE-2023-45237
> + - http://www.openwall.com/lists/oss-security/2024/01/16/2
> + - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
> + - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
> --
> 2.34.1
>
>
>
> ------------
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#118724): https://edk2.groups.io/g/devel/message/118724
> Mute This Topic: https://groups.io/mt/105996586/5717338
> Group Owner: devel+owner@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub [ardb+tianocore@kernel.org]
> ------------
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118865): https://edk2.groups.io/g/devel/message/118865
Mute This Topic: https://groups.io/mt/105996586/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-05-13 14:30 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-09 5:56 [edk2-devel] [PATCH v2 00/13] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 01/13] EmulatorPkg: : Add RngDxe to EmulatorPkg Doug Flick via groups.io
2024-05-10 3:10 ` Ni, Ray
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 02/13] EmulatorPkg: : Add Hash2DxeCrypto " Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 03/13] OvmfPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
2024-05-09 8:45 ` Ard Biesheuvel
2024-05-09 8:45 ` Ard Biesheuvel
2024-05-09 18:21 ` Doug Flick via groups.io
2024-05-10 0:54 ` 回复: " gaoliming via groups.io
2024-05-10 17:13 ` [edk2-devel] " Doug Flick via groups.io
2024-05-11 8:40 ` Ard Biesheuvel
2024-05-13 9:22 ` Gerd Hoffmann
2024-05-13 17:24 ` Ard Biesheuvel
2024-05-17 3:27 ` Doug Flick via groups.io
2024-05-17 7:27 ` Ard Biesheuvel
2024-05-17 9:48 ` Gerd Hoffmann
2024-05-24 3:02 ` 回复: " gaoliming via groups.io
2024-05-14 19:55 ` Pedro Falcato
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 04/13] OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 05/13] ArmVirtPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 06/13] ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 07/13] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng Doug Flick via groups.io
2024-05-10 10:23 ` Yao, Jiewen
2024-05-10 21:12 ` Doug Flick via groups.io
2024-05-11 0:24 ` Yao, Jiewen
2024-05-13 15:53 ` PierreGondois
2024-05-11 8:26 ` Ard Biesheuvel
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 08/13] NetworkPkg:: SECURITY PATCH CVE-2023-45237 Doug Flick via groups.io
2024-05-13 14:30 ` Ard Biesheuvel [this message]
2024-05-15 19:14 ` Saloni Kasbekar
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 09/13] NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236 Doug Flick via groups.io
2024-05-15 21:38 ` Saloni Kasbekar
2024-05-21 19:28 ` Doug Flick via groups.io
2024-05-24 1:24 ` 回复: " gaoliming via groups.io
2024-05-24 4:23 ` Saloni Kasbekar
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 10/13] MdePkg: : Add MockUefiBootServicesTableLib Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 11/13] MdePkg: : Adds Protocol for MockRng Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 12/13] MdePkg: Add MockHash2 Protocol for testing Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 13/13] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes Doug Flick via groups.io
2024-05-24 4:24 ` Saloni Kasbekar
2024-05-09 9:40 ` 回复: [edk2-devel][edk2-stable202405] [PATCH v2 00/13] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 gaoliming via groups.io
2024-05-09 18:26 ` [edk2-devel] " Doug Flick via groups.io
2024-05-15 0:41 ` 回复: " gaoliming via groups.io
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMj1kXHWkwBOc62J1iefPN43mS=MaSuba2LHzKsSo33_5U13Eg@mail.gmail.com' \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox