REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
This patch series patches the following CVEs:
- CVE-2023-45236: Predictable TCP Initial Sequence Numbers
- CVE-2023-45237: Use of a Weak PseudoRandom Number Generator
In order to patch these CVEs, the following changes were made:
- NetworkPkg no longer performs it's own random number generation,
instead it uses EFI_RNG_PROTOCOL provided by the plaform to
generate random numbers.
- This change was made such that any future random number
generation vulnerabilities will be a result of the platforms
implementation of the EFI_RNG_PROTOCOL and not the NetworkPkg
- NetworkPkg uses the TCP initial sequence number algorithm as described
in RFC 6528 to generate the initial sequence number for TCP connections.
- This change was made to ensure that the initial sequence number
is not predictable and therefore cannot be used in a TCP hijacking
attack.
In addition to the above changes, the following changes were made:
- EmulatorPkg OvmfPkg, and ArmVirtPkg were updated to include the
Hash2DxeCrypto driver to support TCP ISN generation using
EFI_HASH2_PROTOCOL
- EmulatorPkg was updated to include the
RngDxe driver to support random number generation using the
EFI_RNG_PROTOCOL
- OvmfPkg, and ArmVirtPkg were updated to include the
virtio-rng-pci device to support random number generation using the
EFI_RNG_PROTOCOL using the existing VirtioRngDxe driver
- ArmVirtPkg and OvmfPkg were updated to disable the NIST algorithms
in the NetworkPkg due to the driver only supporting EFI_RNG_ALGORITHM
- MdePkg was updated to include MockUefiBootServicesTableLib,
MockRng, and MockHash2 protocols for testing
- NetworkPkg was updated to include a test for the PxeBcDhcp6 driver
due to underlying changes
Cc: Liming Gao <gaolim...@byosoft.com.cn>
Signed-off-by: Doug Flick [MSFT] <doug.e...@gmail.com>
Doug Flick (14):
EmulatorPkg: : Add RngDxe to EmulatorPkg
EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg
OvmfPkg:PlatformCI: Support virtio-rng-pci
OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg
ArmVirtPkg:PlatformCI: Support virtio-rng-pci
ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg
NetworkPkg:: SECURITY PATCH CVE-2023-45237
NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236
OvmfPkg: Disable NIST Algorithms NetworkPkg
ArmVirtPkg: : Disables NIST algorithms NetworkPkg
MdePkg: : Add MockUefiBootServicesTableLib
MdePkg: : Adds Protocol for MockRng
MdePkg: Add MockHash2 Protocol for testing
NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes
NetworkPkg/NetworkPkg.dec
| 7 +
ArmVirtPkg/ArmVirt.dsc.inc
| 7 +
ArmVirtPkg/ArmVirtQemu.dsc
| 5 +
ArmVirtPkg/ArmVirtQemuKernel.dsc
| 5 +
EmulatorPkg/EmulatorPkg.dsc
| 14 +-
MdePkg/Test/MdePkgHostTest.dsc
| 1 +
NetworkPkg/Test/NetworkPkgHostTest.dsc
| 1 +
OvmfPkg/OvmfPkgIa32.dsc
| 13 +-
OvmfPkg/OvmfPkgIa32X64.dsc
| 15 +-
OvmfPkg/OvmfPkgX64.dsc
| 13 +-
OvmfPkg/OvmfXen.dsc
| 12 +
EmulatorPkg/EmulatorPkg.fdf
| 11 +-
OvmfPkg/OvmfPkgIa32.fdf
| 5 +
OvmfPkg/OvmfPkgIa32X64.fdf
| 5 +
OvmfPkg/OvmfPkgX64.fdf
| 5 +
OvmfPkg/OvmfXen.fdf
| 5 +
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
| 32 +++
NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
| 12 +-
NetworkPkg/TcpDxe/TcpDxe.inf
| 11 +-
NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
| 3 +-
MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
| 78 +++++++
MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
| 67 ++++++
MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
| 48 ++++
NetworkPkg/IScsiDxe/IScsiMisc.h
| 6 +-
NetworkPkg/Include/Library/NetLib.h
| 40 +++-
NetworkPkg/Ip6Dxe/Ip6Nd.h
| 8 +-
NetworkPkg/TcpDxe/TcpFunc.h
| 23 +-
NetworkPkg/TcpDxe/TcpMain.h
| 59 ++++-
NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
| 10 +-
NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
| 11 +-
NetworkPkg/DnsDxe/DnsDhcp.c
| 10 +-
NetworkPkg/DnsDxe/DnsImpl.c
| 11 +-
NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
| 10 +-
NetworkPkg/IScsiDxe/IScsiCHAP.c
| 19 +-
NetworkPkg/IScsiDxe/IScsiMisc.c
| 14 +-
NetworkPkg/Ip4Dxe/Ip4Driver.c
| 10 +-
NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
| 9 +-
NetworkPkg/Ip6Dxe/Ip6Driver.c
| 17 +-
NetworkPkg/Ip6Dxe/Ip6If.c
| 12 +-
NetworkPkg/Ip6Dxe/Ip6Mld.c
| 12 +-
NetworkPkg/Ip6Dxe/Ip6Nd.c
| 33 ++-
NetworkPkg/Library/DxeNetLib/DxeNetLib.c
| 129 +++++++++--
NetworkPkg/TcpDxe/TcpDriver.c
| 105 ++++++++-
NetworkPkg/TcpDxe/TcpInput.c
| 13 +-
NetworkPkg/TcpDxe/TcpMisc.c
| 242 ++++++++++++++++++--
NetworkPkg/TcpDxe/TcpTimer.c
| 3 +-
NetworkPkg/Udp4Dxe/Udp4Driver.c
| 10 +-
NetworkPkg/Udp6Dxe/Udp6Driver.c
| 11 +-
NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
| 9 +-
NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
| 11 +-
NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
| 12 +-
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
| 5 +
ArmVirtPkg/PlatformCI/PlatformBuildLib.py
| 2 +
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp
| 69 ++++++
MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
| 27 +++
MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
| 21 ++
NetworkPkg/SecurityFixes.yaml
| 61 +++++
NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
| 102 ++++++++-
OvmfPkg/PlatformCI/PlatformBuildLib.py
| 2 +
59 files changed, 1381 insertions(+), 142 deletions(-)
create mode 100644
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
create mode 100644
MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
create mode 100644
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp
create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118673): https://edk2.groups.io/g/devel/message/118673
Mute This Topic: https://groups.io/mt/105983238/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
