REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
This patch series patches the following CVEs:
- CVE-2023-45236: Predictable TCP Initial Sequence Numbers
- CVE-2023-45237: Use of a Weak PseudoRandom Number Generator
In order to patch these CVEs, the following changes were made:
- NetworkPkg no longer performs it's own random number generation,
instead it uses EFI_RNG_PROTOCOL provided by the plaform to
generate random numbers.
- This change was made such that any future random number
generation vulnerabilities will be a result of the platforms
implementation of the EFI_RNG_PROTOCOL and not the NetworkPkg
- NetworkPkg uses the TCP initial sequence number algorithm as described
in RFC 6528 to generate the initial sequence number for TCP connections.
- This change was made to ensure that the initial sequence number
is not predictable and therefore cannot be used in a TCP hijacking
attack.
In addition to the above changes, the following changes were made:
- EmulatorPkg OvmfPkg, and ArmVirtPkg were updated to include the
Hash2DxeCrypto driver to support TCP ISN generation using
EFI_HASH2_PROTOCOL
- EmulatorPkg was updated to include the
RngDxe driver to support random number generation using the
EFI_RNG_PROTOCOL
- OvmfPkg, and ArmVirtPkg were updated to include the
virtio-rng-pci device to support random number generation using the
EFI_RNG_PROTOCOL using the existing VirtioRngDxe driver
- SecurityPkg was updated to fix an incorrect limitation on the
GetRng function in the RngDxe driver where the minimum amount of
random data that could be requested was 32 bytes (256 bits) instead
of what the caller requested
- MdePkg was updated to include MockUefiBootServicesTableLib,
MockRng, and MockHash2 protocols for testing
- NetworkPkg was updated to include a test for the PxeBcDhcp6 driver
due to underlying changes
Cc: Liming Gao <[email protected]>
Signed-off-by: Doug Flick [MSFT] <[email protected]>
Doug Flick (13):
EmulatorPkg: : Add RngDxe to EmulatorPkg
EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg
OvmfPkg:PlatformCI: Support virtio-rng-pci
OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg
ArmVirtPkg:PlatformCI: Support virtio-rng-pci
ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg
SecurityPkg: RngDxe: Remove incorrect limitation on GetRng
NetworkPkg:: SECURITY PATCH CVE-2023-45237
NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236
MdePkg: : Add MockUefiBootServicesTableLib
MdePkg: : Adds Protocol for MockRng
MdePkg: Add MockHash2 Protocol for testing
NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes
NetworkPkg/NetworkPkg.dec
| 7 +
ArmVirtPkg/ArmVirtQemu.dsc
| 5 +
ArmVirtPkg/ArmVirtQemuKernel.dsc
| 5 +
EmulatorPkg/EmulatorPkg.dsc
| 14 +-
MdePkg/Test/MdePkgHostTest.dsc
| 1 +
NetworkPkg/Test/NetworkPkgHostTest.dsc
| 1 +
OvmfPkg/OvmfPkgIa32.dsc
| 6 +-
OvmfPkg/OvmfPkgIa32X64.dsc
| 6 +-
OvmfPkg/OvmfPkgX64.dsc
| 6 +-
OvmfPkg/OvmfXen.dsc
| 5 +
EmulatorPkg/EmulatorPkg.fdf
| 11 +-
OvmfPkg/OvmfPkgIa32.fdf
| 5 +
OvmfPkg/OvmfPkgIa32X64.fdf
| 5 +
OvmfPkg/OvmfPkgX64.fdf
| 5 +
OvmfPkg/OvmfXen.fdf
| 5 +
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
| 32 +++
NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
| 13 +-
NetworkPkg/TcpDxe/TcpDxe.inf
| 11 +-
NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
| 3 +-
MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
| 78 +++++++
MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
| 67 ++++++
MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
| 48 ++++
NetworkPkg/IScsiDxe/IScsiMisc.h
| 6 +-
NetworkPkg/Include/Library/NetLib.h
| 40 +++-
NetworkPkg/Ip6Dxe/Ip6Nd.h
| 8 +-
NetworkPkg/TcpDxe/TcpFunc.h
| 23 +-
NetworkPkg/TcpDxe/TcpMain.h
| 59 ++++-
NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
| 10 +-
NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
| 11 +-
NetworkPkg/DnsDxe/DnsDhcp.c
| 10 +-
NetworkPkg/DnsDxe/DnsImpl.c
| 11 +-
NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
| 10 +-
NetworkPkg/IScsiDxe/IScsiCHAP.c
| 19 +-
NetworkPkg/IScsiDxe/IScsiMisc.c
| 14 +-
NetworkPkg/Ip4Dxe/Ip4Driver.c
| 10 +-
NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
| 9 +-
NetworkPkg/Ip6Dxe/Ip6Driver.c
| 17 +-
NetworkPkg/Ip6Dxe/Ip6If.c
| 12 +-
NetworkPkg/Ip6Dxe/Ip6Mld.c
| 12 +-
NetworkPkg/Ip6Dxe/Ip6Nd.c
| 33 ++-
NetworkPkg/Library/DxeNetLib/DxeNetLib.c
| 129 +++++++++--
NetworkPkg/TcpDxe/TcpDriver.c
| 105 ++++++++-
NetworkPkg/TcpDxe/TcpInput.c
| 13 +-
NetworkPkg/TcpDxe/TcpMisc.c
| 242 ++++++++++++++++++--
NetworkPkg/TcpDxe/TcpTimer.c
| 3 +-
NetworkPkg/Udp4Dxe/Udp4Driver.c
| 10 +-
NetworkPkg/Udp6Dxe/Udp6Driver.c
| 11 +-
NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
| 9 +-
NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
| 11 +-
NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
| 12 +-
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
| 8 -
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
| 5 +
ArmVirtPkg/PlatformCI/PlatformBuildLib.py
| 2 +
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp
| 69 ++++++
MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
| 27 +++
MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
| 21 ++
NetworkPkg/SecurityFixes.yaml
| 61 +++++
NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
| 102 ++++++++-
OvmfPkg/PlatformCI/PlatformBuildLib.py
| 2 +
59 files changed, 1345 insertions(+), 150 deletions(-)
create mode 100644
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
create mode 100644
MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
create mode 100644
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp
create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118716): https://edk2.groups.io/g/devel/message/118716
Mute This Topic: https://groups.io/mt/105996578/21656
Group Owner: [email protected]
Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
