[edk2-devel] [PATCH v3 08/20] NetworkPkg:: SECURITY PATCH CVE-2023-45237

[Doug Flick via groups.io]

From: Doug Flick 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542

Bug Overview:
PixieFail Bug #9
CVE-2023-45237
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Use of a Weak PseudoRandom Number Generator

Change Overview:

Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either

>
> EFI_STATUS
> EFIAPI
> PseudoRandomU32 (
>  OUT UINT32  *Output
>  );
>

or (depending on the use case)

>
> EFI_STATUS
> EFIAPI
> PseudoRandom (
>  OUT  VOID   *Output,
>  IN   UINTN  OutputLength
>  );
>

This is because the use of

Example:

The following code snippet PseudoRandomU32 () function is used:

>
> UINT32 Random;
>
> Status = PseudoRandomU32 ();
> if (EFI_ERROR (Status)) {
>   DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n",
__func__, Status));
>   return Status;
> }
>

This also introduces a new PCD to enable/disable the use of the
secure implementation of algorithms for PseudoRandom () and
instead depend on the default implementation. This may be required for
some platforms where the UEFI Spec defined algorithms are not available.

>
> PcdEnforceSecureRngAlgorithms
>

If the platform does not have any one of the UEFI defined
secure RNG algorithms then the driver will assert.

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/NetworkPkg.dec  |   7 ++
 NetworkPkg/Library/DxeNetLib/DxeNetLib.inf |  14 ++-
 NetworkPkg/TcpDxe/TcpDxe.inf   |   3 +
 NetworkPkg/IScsiDxe/IScsiMisc.h|   6 +-
 NetworkPkg/Include/Library/NetLib.h|  40 --
 NetworkPkg/Ip6Dxe/Ip6Nd.h  |   8 +-
 NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c  |  10 +-
 NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c  |  11 +-
 NetworkPkg/DnsDxe/DnsDhcp.c|  10 +-
 NetworkPkg/DnsDxe/DnsImpl.c|  11 +-
 NetworkPkg/HttpBootDxe/HttpBootDhcp6.c |  10 +-
 NetworkPkg/IScsiDxe/IScsiCHAP.c|  19 ++-
 NetworkPkg/IScsiDxe/IScsiMisc.c|  14 +--
 NetworkPkg/Ip4Dxe/Ip4Driver.c  |  10 +-
 NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c  |   9 +-
 NetworkPkg/Ip6Dxe/Ip6Driver.c  |  17 ++-
 NetworkPkg/Ip6Dxe/Ip6If.c  |  12 +-
 NetworkPkg/Ip6Dxe/Ip6Mld.c |  12 +-
 NetworkPkg/Ip6Dxe/Ip6Nd.c  |  33 -
 NetworkPkg/Library/DxeNetLib/DxeNetLib.c   | 130 +---
 NetworkPkg/TcpDxe/TcpDriver.c  |  15 ++-
 NetworkPkg/Udp4Dxe/Udp4Driver.c|  10 +-
 NetworkPkg/Udp6Dxe/Udp6Driver.c|  11 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c   |   9 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c   |  11 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c  |  12 +-
 NetworkPkg/SecurityFixes.yaml  |  39 ++
 27 files changed, 410 insertions(+), 83 deletions(-)

diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec
index e06f35e774..7c4289b77b 100644
--- a/NetworkPkg/NetworkPkg.dec
+++ b/NetworkPkg/NetworkPkg.dec
@@ -5,6 +5,7 @@
 #
 # Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.
 # (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP
+# Copyright (c) Microsoft Corporation
 #
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -130,6 +131,12 @@
   # @Prompt Indicates whether SnpDxe creates event for ExitBootServices() call.
   
gEfiNetworkPkgTokenSpaceGuid.PcdSnpCreateExitBootServicesEvent|TRUE|BOOLEAN|0x100C
 
+  ## Enforces the use of Secure UEFI spec defined RNG algorithms for all 
network connections.
+  # TRUE  - Enforce the use of Secure UEFI spec defined RNG algorithms.
+  # FALSE - Do not enforce and depend on the default implementation of RNG 
algorithm from the provider.
+  # @Prompt Enforce the use of Secure UEFI spec defined RNG algorithms.
+  
gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|0x100D
+
 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   ## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 
6355).
   # 01 = DUID Based on Link-layer Address Plus Time [DUID-LLT]
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf 
b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
index 8145d256ec..a8f534a293 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
@@ -3,6 +3,7 @@
 #
 #  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
 #  (C) Copyright 2015 Hewlett Packard Enterprise Development LP
+#  Copyright (c) Microsoft Corporation
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -49,7 +50,11 @@
   gEfiSmbiosTableGuid   ## SOMETIMES_CONSUMES  ## 
SystemTable
   gEfiSmbios3TableGuid  ## SOMETIMES_CONSUMES  ## 
SystemTable
   gEfiAdapterInfoMediaStateGuid ## SOMETIMES_CONSUMES
-
+  gEfiRngAlgorithmRaw   ## 

[edk2-devel] [PATCH v3 08/20] NetworkPkg:: SECURITY PATCH CVE-2023-45237

[Doug Flick via groups.io]

From: Doug Flick 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542

Bug Overview:
PixieFail Bug #9
CVE-2023-45237
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Use of a Weak PseudoRandom Number Generator

Change Overview:

Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either

>
> EFI_STATUS
> EFIAPI
> PseudoRandomU32 (
>  OUT UINT32  *Output
>  );
>

or (depending on the use case)

>
> EFI_STATUS
> EFIAPI
> PseudoRandom (
>  OUT  VOID   *Output,
>  IN   UINTN  OutputLength
>  );
>

This is because the use of

Example:

The following code snippet PseudoRandomU32 () function is used:

>
> UINT32 Random;
>
> Status = PseudoRandomU32 ();
> if (EFI_ERROR (Status)) {
>   DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n",
__func__, Status));
>   return Status;
> }
>

This also introduces a new PCD to enable/disable the use of the
secure implementation of algorithms for PseudoRandom () and
instead depend on the default implementation. This may be required for
some platforms where the UEFI Spec defined algorithms are not available.

>
> PcdEnforceSecureRngAlgorithms
>

If the platform does not have any one of the UEFI defined
secure RNG algorithms then the driver will assert.

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/NetworkPkg.dec  |   7 ++
 NetworkPkg/Library/DxeNetLib/DxeNetLib.inf |  14 ++-
 NetworkPkg/TcpDxe/TcpDxe.inf   |   3 +
 NetworkPkg/IScsiDxe/IScsiMisc.h|   6 +-
 NetworkPkg/Include/Library/NetLib.h|  40 --
 NetworkPkg/Ip6Dxe/Ip6Nd.h  |   8 +-
 NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c  |  10 +-
 NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c  |  11 +-
 NetworkPkg/DnsDxe/DnsDhcp.c|  10 +-
 NetworkPkg/DnsDxe/DnsImpl.c|  11 +-
 NetworkPkg/HttpBootDxe/HttpBootDhcp6.c |  10 +-
 NetworkPkg/IScsiDxe/IScsiCHAP.c|  19 ++-
 NetworkPkg/IScsiDxe/IScsiMisc.c|  14 +--
 NetworkPkg/Ip4Dxe/Ip4Driver.c  |  10 +-
 NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c  |   9 +-
 NetworkPkg/Ip6Dxe/Ip6Driver.c  |  17 ++-
 NetworkPkg/Ip6Dxe/Ip6If.c  |  12 +-
 NetworkPkg/Ip6Dxe/Ip6Mld.c |  12 +-
 NetworkPkg/Ip6Dxe/Ip6Nd.c  |  33 -
 NetworkPkg/Library/DxeNetLib/DxeNetLib.c   | 130 +---
 NetworkPkg/TcpDxe/TcpDriver.c  |  15 ++-
 NetworkPkg/Udp4Dxe/Udp4Driver.c|  10 +-
 NetworkPkg/Udp6Dxe/Udp6Driver.c|  11 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c   |   9 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c   |  11 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c  |  12 +-
 NetworkPkg/SecurityFixes.yaml  |  39 ++
 27 files changed, 410 insertions(+), 83 deletions(-)

diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec
index e06f35e774..7c4289b77b 100644
--- a/NetworkPkg/NetworkPkg.dec
+++ b/NetworkPkg/NetworkPkg.dec
@@ -5,6 +5,7 @@
 #
 # Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.
 # (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP
+# Copyright (c) Microsoft Corporation
 #
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -130,6 +131,12 @@
   # @Prompt Indicates whether SnpDxe creates event for ExitBootServices() call.
   
gEfiNetworkPkgTokenSpaceGuid.PcdSnpCreateExitBootServicesEvent|TRUE|BOOLEAN|0x100C
 
+  ## Enforces the use of Secure UEFI spec defined RNG algorithms for all 
network connections.
+  # TRUE  - Enforce the use of Secure UEFI spec defined RNG algorithms.
+  # FALSE - Do not enforce and depend on the default implementation of RNG 
algorithm from the provider.
+  # @Prompt Enforce the use of Secure UEFI spec defined RNG algorithms.
+  
gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|0x100D
+
 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   ## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 
6355).
   # 01 = DUID Based on Link-layer Address Plus Time [DUID-LLT]
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf 
b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
index 8145d256ec..a8f534a293 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
@@ -3,6 +3,7 @@
 #
 #  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
 #  (C) Copyright 2015 Hewlett Packard Enterprise Development LP
+#  Copyright (c) Microsoft Corporation
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -49,7 +50,11 @@
   gEfiSmbiosTableGuid   ## SOMETIMES_CONSUMES  ## 
SystemTable
   gEfiSmbios3TableGuid  ## SOMETIMES_CONSUMES  ## 
SystemTable
   gEfiAdapterInfoMediaStateGuid ## SOMETIMES_CONSUMES
-
+  gEfiRngAlgorithmRaw   ##