mirror of https://github.com/acidanthera/audk.git
NetworkPkg: SECURITY PATCH CVE-2023-45237
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542 Bug Overview: PixieFail Bug #9 CVE-2023-45237 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Use of a Weak PseudoRandom Number Generator Change Overview: Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either > > EFI_STATUS > EFIAPI > PseudoRandomU32 ( > OUT UINT32 *Output > ); > or (depending on the use case) > > EFI_STATUS > EFIAPI > PseudoRandom ( > OUT VOID *Output, > IN UINTN OutputLength > ); > This is because the use of Example: The following code snippet PseudoRandomU32 () function is used: > > UINT32 Random; > > Status = PseudoRandomU32 (&Random); > if (EFI_ERROR (Status)) { > DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > return Status; > } > This also introduces a new PCD to enable/disable the use of the secure implementation of algorithms for PseudoRandom () and instead depend on the default implementation. This may be required for some platforms where the UEFI Spec defined algorithms are not available. > > PcdEnforceSecureRngAlgorithms > If the platform does not have any one of the UEFI defined secure RNG algorithms then the driver will assert. Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
This commit is contained in:
parent
a85336531c
commit
4c4ceb2ceb
|
@ -1,6 +1,7 @@
|
||||||
/** @file
|
/** @file
|
||||||
|
|
||||||
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
@ -189,6 +190,13 @@ Dhcp4CreateService (
|
||||||
{
|
{
|
||||||
DHCP_SERVICE *DhcpSb;
|
DHCP_SERVICE *DhcpSb;
|
||||||
EFI_STATUS Status;
|
EFI_STATUS Status;
|
||||||
|
UINT32 Random;
|
||||||
|
|
||||||
|
Status = PseudoRandomU32 (&Random);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
*Service = NULL;
|
*Service = NULL;
|
||||||
DhcpSb = AllocateZeroPool (sizeof (DHCP_SERVICE));
|
DhcpSb = AllocateZeroPool (sizeof (DHCP_SERVICE));
|
||||||
|
@ -203,7 +211,7 @@ Dhcp4CreateService (
|
||||||
DhcpSb->Image = ImageHandle;
|
DhcpSb->Image = ImageHandle;
|
||||||
InitializeListHead (&DhcpSb->Children);
|
InitializeListHead (&DhcpSb->Children);
|
||||||
DhcpSb->DhcpState = Dhcp4Stopped;
|
DhcpSb->DhcpState = Dhcp4Stopped;
|
||||||
DhcpSb->Xid = NET_RANDOM (NetRandomInitSeed ());
|
DhcpSb->Xid = Random;
|
||||||
CopyMem (
|
CopyMem (
|
||||||
&DhcpSb->ServiceBinding,
|
&DhcpSb->ServiceBinding,
|
||||||
&mDhcp4ServiceBindingTemplate,
|
&mDhcp4ServiceBindingTemplate,
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
implementation for Dhcp6 Driver.
|
implementation for Dhcp6 Driver.
|
||||||
|
|
||||||
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
@ -123,6 +123,13 @@ Dhcp6CreateService (
|
||||||
{
|
{
|
||||||
DHCP6_SERVICE *Dhcp6Srv;
|
DHCP6_SERVICE *Dhcp6Srv;
|
||||||
EFI_STATUS Status;
|
EFI_STATUS Status;
|
||||||
|
UINT32 Random;
|
||||||
|
|
||||||
|
Status = PseudoRandomU32 (&Random);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
*Service = NULL;
|
*Service = NULL;
|
||||||
Dhcp6Srv = AllocateZeroPool (sizeof (DHCP6_SERVICE));
|
Dhcp6Srv = AllocateZeroPool (sizeof (DHCP6_SERVICE));
|
||||||
|
@ -147,7 +154,7 @@ Dhcp6CreateService (
|
||||||
Dhcp6Srv->Signature = DHCP6_SERVICE_SIGNATURE;
|
Dhcp6Srv->Signature = DHCP6_SERVICE_SIGNATURE;
|
||||||
Dhcp6Srv->Controller = Controller;
|
Dhcp6Srv->Controller = Controller;
|
||||||
Dhcp6Srv->Image = ImageHandle;
|
Dhcp6Srv->Image = ImageHandle;
|
||||||
Dhcp6Srv->Xid = (0xffffff & NET_RANDOM (NetRandomInitSeed ()));
|
Dhcp6Srv->Xid = (0xffffff & Random);
|
||||||
|
|
||||||
CopyMem (
|
CopyMem (
|
||||||
&Dhcp6Srv->ServiceBinding,
|
&Dhcp6Srv->ServiceBinding,
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
Functions implementation related with DHCPv4/v6 for DNS driver.
|
Functions implementation related with DHCPv4/v6 for DNS driver.
|
||||||
|
|
||||||
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
@ -277,6 +278,7 @@ GetDns4ServerFromDhcp4 (
|
||||||
EFI_DHCP4_TRANSMIT_RECEIVE_TOKEN Token;
|
EFI_DHCP4_TRANSMIT_RECEIVE_TOKEN Token;
|
||||||
BOOLEAN IsDone;
|
BOOLEAN IsDone;
|
||||||
UINTN Index;
|
UINTN Index;
|
||||||
|
UINT32 Random;
|
||||||
|
|
||||||
Image = Instance->Service->ImageHandle;
|
Image = Instance->Service->ImageHandle;
|
||||||
Controller = Instance->Service->ControllerHandle;
|
Controller = Instance->Service->ControllerHandle;
|
||||||
|
@ -292,6 +294,12 @@ GetDns4ServerFromDhcp4 (
|
||||||
Data = NULL;
|
Data = NULL;
|
||||||
InterfaceInfo = NULL;
|
InterfaceInfo = NULL;
|
||||||
|
|
||||||
|
Status = PseudoRandomU32 (&Random);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
ZeroMem ((UINT8 *)ParaList, sizeof (ParaList));
|
ZeroMem ((UINT8 *)ParaList, sizeof (ParaList));
|
||||||
|
|
||||||
ZeroMem (&MnpConfigData, sizeof (EFI_MANAGED_NETWORK_CONFIG_DATA));
|
ZeroMem (&MnpConfigData, sizeof (EFI_MANAGED_NETWORK_CONFIG_DATA));
|
||||||
|
@ -467,7 +475,7 @@ GetDns4ServerFromDhcp4 (
|
||||||
|
|
||||||
Status = Dhcp4->Build (Dhcp4, &SeedPacket, 0, NULL, 2, ParaList, &Token.Packet);
|
Status = Dhcp4->Build (Dhcp4, &SeedPacket, 0, NULL, 2, ParaList, &Token.Packet);
|
||||||
|
|
||||||
Token.Packet->Dhcp4.Header.Xid = HTONL (NET_RANDOM (NetRandomInitSeed ()));
|
Token.Packet->Dhcp4.Header.Xid = Random;
|
||||||
|
|
||||||
Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)0x8000);
|
Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)0x8000);
|
||||||
|
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
DnsDxe support functions implementation.
|
DnsDxe support functions implementation.
|
||||||
|
|
||||||
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
@ -1963,6 +1964,14 @@ ConstructDNSQuery (
|
||||||
NET_FRAGMENT Frag;
|
NET_FRAGMENT Frag;
|
||||||
DNS_HEADER *DnsHeader;
|
DNS_HEADER *DnsHeader;
|
||||||
DNS_QUERY_SECTION *DnsQuery;
|
DNS_QUERY_SECTION *DnsQuery;
|
||||||
|
EFI_STATUS Status;
|
||||||
|
UINT32 Random;
|
||||||
|
|
||||||
|
Status = PseudoRandomU32 (&Random);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Messages carried by UDP are restricted to 512 bytes (not counting the IP
|
// Messages carried by UDP are restricted to 512 bytes (not counting the IP
|
||||||
|
@ -1977,7 +1986,7 @@ ConstructDNSQuery (
|
||||||
// Fill header
|
// Fill header
|
||||||
//
|
//
|
||||||
DnsHeader = (DNS_HEADER *)Frag.Bulk;
|
DnsHeader = (DNS_HEADER *)Frag.Bulk;
|
||||||
DnsHeader->Identification = (UINT16)NET_RANDOM (NetRandomInitSeed ());
|
DnsHeader->Identification = (UINT16)Random;
|
||||||
DnsHeader->Flags.Uint16 = 0x0000;
|
DnsHeader->Flags.Uint16 = 0x0000;
|
||||||
DnsHeader->Flags.Bits.RD = 1;
|
DnsHeader->Flags.Bits.RD = 1;
|
||||||
DnsHeader->Flags.Bits.OpCode = DNS_FLAGS_OPCODE_STANDARD;
|
DnsHeader->Flags.Bits.OpCode = DNS_FLAGS_OPCODE_STANDARD;
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
Functions implementation related with DHCPv6 for HTTP boot driver.
|
Functions implementation related with DHCPv6 for HTTP boot driver.
|
||||||
|
|
||||||
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
@ -951,6 +952,7 @@ HttpBootDhcp6Sarr (
|
||||||
UINT32 OptCount;
|
UINT32 OptCount;
|
||||||
UINT8 Buffer[HTTP_BOOT_DHCP6_OPTION_MAX_SIZE];
|
UINT8 Buffer[HTTP_BOOT_DHCP6_OPTION_MAX_SIZE];
|
||||||
EFI_STATUS Status;
|
EFI_STATUS Status;
|
||||||
|
UINT32 Random;
|
||||||
|
|
||||||
Dhcp6 = Private->Dhcp6;
|
Dhcp6 = Private->Dhcp6;
|
||||||
ASSERT (Dhcp6 != NULL);
|
ASSERT (Dhcp6 != NULL);
|
||||||
|
@ -961,6 +963,12 @@ HttpBootDhcp6Sarr (
|
||||||
OptCount = HttpBootBuildDhcp6Options (Private, OptList, Buffer);
|
OptCount = HttpBootBuildDhcp6Options (Private, OptList, Buffer);
|
||||||
ASSERT (OptCount > 0);
|
ASSERT (OptCount > 0);
|
||||||
|
|
||||||
|
Status = PseudoRandomU32 (&Random);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
Retransmit = AllocateZeroPool (sizeof (EFI_DHCP6_RETRANSMISSION));
|
Retransmit = AllocateZeroPool (sizeof (EFI_DHCP6_RETRANSMISSION));
|
||||||
if (Retransmit == NULL) {
|
if (Retransmit == NULL) {
|
||||||
return EFI_OUT_OF_RESOURCES;
|
return EFI_OUT_OF_RESOURCES;
|
||||||
|
@ -976,7 +984,7 @@ HttpBootDhcp6Sarr (
|
||||||
Config.IaInfoEvent = NULL;
|
Config.IaInfoEvent = NULL;
|
||||||
Config.RapidCommit = FALSE;
|
Config.RapidCommit = FALSE;
|
||||||
Config.ReconfigureAccept = FALSE;
|
Config.ReconfigureAccept = FALSE;
|
||||||
Config.IaDescriptor.IaId = NET_RANDOM (NetRandomInitSeed ());
|
Config.IaDescriptor.IaId = Random;
|
||||||
Config.IaDescriptor.Type = EFI_DHCP6_IA_TYPE_NA;
|
Config.IaDescriptor.Type = EFI_DHCP6_IA_TYPE_NA;
|
||||||
Config.SolicitRetransmission = Retransmit;
|
Config.SolicitRetransmission = Retransmit;
|
||||||
Retransmit->Irt = 4;
|
Retransmit->Irt = 4;
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
Configuration.
|
Configuration.
|
||||||
|
|
||||||
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
@ -576,16 +577,24 @@ IScsiCHAPToSendReq (
|
||||||
//
|
//
|
||||||
// CHAP_I=<I>
|
// CHAP_I=<I>
|
||||||
//
|
//
|
||||||
IScsiGenRandom ((UINT8 *)&AuthData->OutIdentifier, 1);
|
Status = IScsiGenRandom ((UINT8 *)&AuthData->OutIdentifier, 1);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", AuthData->OutIdentifier);
|
AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", AuthData->OutIdentifier);
|
||||||
IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_IDENTIFIER, ValueStr);
|
IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_IDENTIFIER, ValueStr);
|
||||||
//
|
//
|
||||||
// CHAP_C=<C>
|
// CHAP_C=<C>
|
||||||
//
|
//
|
||||||
IScsiGenRandom (
|
Status = IScsiGenRandom (
|
||||||
(UINT8 *)AuthData->OutChallenge,
|
(UINT8 *)AuthData->OutChallenge,
|
||||||
AuthData->Hash->DigestSize
|
AuthData->Hash->DigestSize
|
||||||
);
|
);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
BinToHexStatus = IScsiBinToHex (
|
BinToHexStatus = IScsiBinToHex (
|
||||||
(UINT8 *)AuthData->OutChallenge,
|
(UINT8 *)AuthData->OutChallenge,
|
||||||
AuthData->Hash->DigestSize,
|
AuthData->Hash->DigestSize,
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
Miscellaneous routines for iSCSI driver.
|
Miscellaneous routines for iSCSI driver.
|
||||||
|
|
||||||
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
@ -474,20 +475,17 @@ IScsiNetNtoi (
|
||||||
@param[in, out] Rand The buffer to contain random numbers.
|
@param[in, out] Rand The buffer to contain random numbers.
|
||||||
@param[in] RandLength The length of the Rand buffer.
|
@param[in] RandLength The length of the Rand buffer.
|
||||||
|
|
||||||
|
@retval EFI_SUCCESS on success
|
||||||
|
@retval others on error
|
||||||
|
|
||||||
**/
|
**/
|
||||||
VOID
|
EFI_STATUS
|
||||||
IScsiGenRandom (
|
IScsiGenRandom (
|
||||||
IN OUT UINT8 *Rand,
|
IN OUT UINT8 *Rand,
|
||||||
IN UINTN RandLength
|
IN UINTN RandLength
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
UINT32 Random;
|
return PseudoRandom (Rand, RandLength);
|
||||||
|
|
||||||
while (RandLength > 0) {
|
|
||||||
Random = NET_RANDOM (NetRandomInitSeed ());
|
|
||||||
*Rand++ = (UINT8)(Random);
|
|
||||||
RandLength--;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
Miscellaneous definitions for iSCSI driver.
|
Miscellaneous definitions for iSCSI driver.
|
||||||
|
|
||||||
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
@ -202,8 +203,11 @@ IScsiNetNtoi (
|
||||||
@param[in, out] Rand The buffer to contain random numbers.
|
@param[in, out] Rand The buffer to contain random numbers.
|
||||||
@param[in] RandLength The length of the Rand buffer.
|
@param[in] RandLength The length of the Rand buffer.
|
||||||
|
|
||||||
|
@retval EFI_SUCCESS on success
|
||||||
|
@retval others on error
|
||||||
|
|
||||||
**/
|
**/
|
||||||
VOID
|
EFI_STATUS
|
||||||
IScsiGenRandom (
|
IScsiGenRandom (
|
||||||
IN OUT UINT8 *Rand,
|
IN OUT UINT8 *Rand,
|
||||||
IN UINTN RandLength
|
IN UINTN RandLength
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
It provides basic functions for the UEFI network stack.
|
It provides basic functions for the UEFI network stack.
|
||||||
|
|
||||||
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
@ -539,8 +540,6 @@ extern EFI_IPv4_ADDRESS mZeroIp4Addr;
|
||||||
#define TICKS_PER_MS 10000U
|
#define TICKS_PER_MS 10000U
|
||||||
#define TICKS_PER_SECOND 10000000U
|
#define TICKS_PER_SECOND 10000000U
|
||||||
|
|
||||||
#define NET_RANDOM(Seed) ((UINT32) ((UINT32) (Seed) * 1103515245UL + 12345) % 4294967295UL)
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Extract a UINT32 from a byte stream.
|
Extract a UINT32 from a byte stream.
|
||||||
|
|
||||||
|
@ -580,19 +579,40 @@ NetPutUint32 (
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Initialize a random seed using current time and monotonic count.
|
Generate a Random output data given a length.
|
||||||
|
|
||||||
Get current time and monotonic count first. Then initialize a random seed
|
@param[out] Output - The buffer to store the generated random data.
|
||||||
based on some basic mathematics operation on the hour, day, minute, second,
|
@param[in] OutputLength - The length of the output buffer.
|
||||||
nanosecond and year of the current time and the monotonic count value.
|
|
||||||
|
|
||||||
@return The random seed initialized with current time.
|
@retval EFI_SUCCESS On Success
|
||||||
|
@retval EFI_INVALID_PARAMETER Pointer is null or size is zero
|
||||||
|
@retval EFI_NOT_FOUND RNG protocol not found
|
||||||
|
@retval Others Error from RngProtocol->GetRNG()
|
||||||
|
|
||||||
|
@return Status code
|
||||||
**/
|
**/
|
||||||
UINT32
|
EFI_STATUS
|
||||||
EFIAPI
|
EFIAPI
|
||||||
NetRandomInitSeed (
|
PseudoRandom (
|
||||||
VOID
|
OUT VOID *Output,
|
||||||
|
IN UINTN OutputLength
|
||||||
|
);
|
||||||
|
|
||||||
|
/**
|
||||||
|
Generate a 32-bit pseudo-random number.
|
||||||
|
|
||||||
|
@param[out] Output - The buffer to store the generated random number.
|
||||||
|
|
||||||
|
@retval EFI_SUCCESS On Success
|
||||||
|
@retval EFI_NOT_FOUND RNG protocol not found
|
||||||
|
@retval Others Error from RngProtocol->GetRNG()
|
||||||
|
|
||||||
|
@return Status code
|
||||||
|
**/
|
||||||
|
EFI_STATUS
|
||||||
|
EFIAPI
|
||||||
|
PseudoRandomU32 (
|
||||||
|
OUT UINT32 *Output
|
||||||
);
|
);
|
||||||
|
|
||||||
#define NET_LIST_USER_STRUCT(Entry, Type, Field) \
|
#define NET_LIST_USER_STRUCT(Entry, Type, Field) \
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
The driver binding and service binding protocol for IP4 driver.
|
The driver binding and service binding protocol for IP4 driver.
|
||||||
|
|
||||||
Copyright (c) 2005 - 2019, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2005 - 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
|
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
|
||||||
|
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
@ -549,11 +550,18 @@ Ip4DriverBindingStart (
|
||||||
EFI_IP4_CONFIG2_PROTOCOL *Ip4Cfg2;
|
EFI_IP4_CONFIG2_PROTOCOL *Ip4Cfg2;
|
||||||
UINTN Index;
|
UINTN Index;
|
||||||
IP4_CONFIG2_DATA_ITEM *DataItem;
|
IP4_CONFIG2_DATA_ITEM *DataItem;
|
||||||
|
UINT32 Random;
|
||||||
|
|
||||||
IpSb = NULL;
|
IpSb = NULL;
|
||||||
Ip4Cfg2 = NULL;
|
Ip4Cfg2 = NULL;
|
||||||
DataItem = NULL;
|
DataItem = NULL;
|
||||||
|
|
||||||
|
Status = PseudoRandomU32 (&Random);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Test for the Ip4 service binding protocol
|
// Test for the Ip4 service binding protocol
|
||||||
//
|
//
|
||||||
|
@ -653,7 +661,7 @@ Ip4DriverBindingStart (
|
||||||
//
|
//
|
||||||
// Initialize the IP4 ID
|
// Initialize the IP4 ID
|
||||||
//
|
//
|
||||||
mIp4Id = (UINT16)NET_RANDOM (NetRandomInitSeed ());
|
mIp4Id = (UINT16)Random;
|
||||||
|
|
||||||
return Status;
|
return Status;
|
||||||
|
|
||||||
|
|
|
@ -2276,6 +2276,13 @@ Ip6ConfigInitInstance (
|
||||||
UINTN Index;
|
UINTN Index;
|
||||||
UINT16 IfIndex;
|
UINT16 IfIndex;
|
||||||
IP6_CONFIG_DATA_ITEM *DataItem;
|
IP6_CONFIG_DATA_ITEM *DataItem;
|
||||||
|
UINT32 Random;
|
||||||
|
|
||||||
|
Status = PseudoRandomU32 (&Random);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
IpSb = IP6_SERVICE_FROM_IP6_CONFIG_INSTANCE (Instance);
|
IpSb = IP6_SERVICE_FROM_IP6_CONFIG_INSTANCE (Instance);
|
||||||
|
|
||||||
|
@ -2381,7 +2388,7 @@ Ip6ConfigInitInstance (
|
||||||
// The NV variable is not set, so generate a random IAID, and write down the
|
// The NV variable is not set, so generate a random IAID, and write down the
|
||||||
// fresh new configuration as the NV variable now.
|
// fresh new configuration as the NV variable now.
|
||||||
//
|
//
|
||||||
Instance->IaId = NET_RANDOM (NetRandomInitSeed ());
|
Instance->IaId = Random;
|
||||||
|
|
||||||
for (Index = 0; Index < IpSb->SnpMode.HwAddressSize; Index++) {
|
for (Index = 0; Index < IpSb->SnpMode.HwAddressSize; Index++) {
|
||||||
Instance->IaId |= (IpSb->SnpMode.CurrentAddress.Addr[Index] << ((Index << 3) & 31));
|
Instance->IaId |= (IpSb->SnpMode.CurrentAddress.Addr[Index] << ((Index << 3) & 31));
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
|
|
||||||
Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
|
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
@ -316,7 +316,11 @@ Ip6CreateService (
|
||||||
IpSb->CurHopLimit = IP6_HOP_LIMIT;
|
IpSb->CurHopLimit = IP6_HOP_LIMIT;
|
||||||
IpSb->LinkMTU = IP6_MIN_LINK_MTU;
|
IpSb->LinkMTU = IP6_MIN_LINK_MTU;
|
||||||
IpSb->BaseReachableTime = IP6_REACHABLE_TIME;
|
IpSb->BaseReachableTime = IP6_REACHABLE_TIME;
|
||||||
Ip6UpdateReachableTime (IpSb);
|
Status = Ip6UpdateReachableTime (IpSb);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
goto ON_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// RFC4861 RETRANS_TIMER: 1,000 milliseconds
|
// RFC4861 RETRANS_TIMER: 1,000 milliseconds
|
||||||
//
|
//
|
||||||
|
@ -516,11 +520,18 @@ Ip6DriverBindingStart (
|
||||||
EFI_STATUS Status;
|
EFI_STATUS Status;
|
||||||
EFI_IP6_CONFIG_PROTOCOL *Ip6Cfg;
|
EFI_IP6_CONFIG_PROTOCOL *Ip6Cfg;
|
||||||
IP6_CONFIG_DATA_ITEM *DataItem;
|
IP6_CONFIG_DATA_ITEM *DataItem;
|
||||||
|
UINT32 Random;
|
||||||
|
|
||||||
IpSb = NULL;
|
IpSb = NULL;
|
||||||
Ip6Cfg = NULL;
|
Ip6Cfg = NULL;
|
||||||
DataItem = NULL;
|
DataItem = NULL;
|
||||||
|
|
||||||
|
Status = PseudoRandomU32 (&Random);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Test for the Ip6 service binding protocol
|
// Test for the Ip6 service binding protocol
|
||||||
//
|
//
|
||||||
|
@ -656,7 +667,7 @@ Ip6DriverBindingStart (
|
||||||
//
|
//
|
||||||
// Initialize the IP6 ID
|
// Initialize the IP6 ID
|
||||||
//
|
//
|
||||||
mIp6Id = NET_RANDOM (NetRandomInitSeed ());
|
mIp6Id = Random;
|
||||||
|
|
||||||
return EFI_SUCCESS;
|
return EFI_SUCCESS;
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
Implement IP6 pseudo interface.
|
Implement IP6 pseudo interface.
|
||||||
|
|
||||||
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
@ -89,6 +89,14 @@ Ip6SetAddress (
|
||||||
IP6_PREFIX_LIST_ENTRY *PrefixEntry;
|
IP6_PREFIX_LIST_ENTRY *PrefixEntry;
|
||||||
UINT64 Delay;
|
UINT64 Delay;
|
||||||
IP6_DELAY_JOIN_LIST *DelayNode;
|
IP6_DELAY_JOIN_LIST *DelayNode;
|
||||||
|
EFI_STATUS Status;
|
||||||
|
UINT32 Random;
|
||||||
|
|
||||||
|
Status = PseudoRandomU32 (&Random);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
NET_CHECK_SIGNATURE (Interface, IP6_INTERFACE_SIGNATURE);
|
NET_CHECK_SIGNATURE (Interface, IP6_INTERFACE_SIGNATURE);
|
||||||
|
|
||||||
|
@ -164,7 +172,7 @@ Ip6SetAddress (
|
||||||
// Thus queue the address to be processed in Duplicate Address Detection module
|
// Thus queue the address to be processed in Duplicate Address Detection module
|
||||||
// after the delay time (in milliseconds).
|
// after the delay time (in milliseconds).
|
||||||
//
|
//
|
||||||
Delay = (UINT64)NET_RANDOM (NetRandomInitSeed ());
|
Delay = (UINT64)Random;
|
||||||
Delay = MultU64x32 (Delay, IP6_ONE_SECOND_IN_MS);
|
Delay = MultU64x32 (Delay, IP6_ONE_SECOND_IN_MS);
|
||||||
Delay = RShiftU64 (Delay, 32);
|
Delay = RShiftU64 (Delay, 32);
|
||||||
|
|
||||||
|
|
|
@ -697,6 +697,14 @@ Ip6UpdateDelayTimer (
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
UINT32 Delay;
|
UINT32 Delay;
|
||||||
|
EFI_STATUS Status;
|
||||||
|
UINT32 Random;
|
||||||
|
|
||||||
|
Status = PseudoRandomU32 (&Random);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// If the Query packet specifies a Maximum Response Delay of zero, perform timer
|
// If the Query packet specifies a Maximum Response Delay of zero, perform timer
|
||||||
|
@ -715,7 +723,7 @@ Ip6UpdateDelayTimer (
|
||||||
// is less than the remaining value of the running timer.
|
// is less than the remaining value of the running timer.
|
||||||
//
|
//
|
||||||
if ((Group->DelayTimer == 0) || (Delay < Group->DelayTimer)) {
|
if ((Group->DelayTimer == 0) || (Delay < Group->DelayTimer)) {
|
||||||
Group->DelayTimer = Delay / 4294967295UL * NET_RANDOM (NetRandomInitSeed ());
|
Group->DelayTimer = Delay / 4294967295UL * Random;
|
||||||
}
|
}
|
||||||
|
|
||||||
return EFI_SUCCESS;
|
return EFI_SUCCESS;
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
Implementation of Neighbor Discovery support routines.
|
Implementation of Neighbor Discovery support routines.
|
||||||
|
|
||||||
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
@ -16,17 +16,28 @@ EFI_MAC_ADDRESS mZeroMacAddress;
|
||||||
|
|
||||||
@param[in, out] IpSb Points to the IP6_SERVICE.
|
@param[in, out] IpSb Points to the IP6_SERVICE.
|
||||||
|
|
||||||
|
@retval EFI_SUCCESS ReachableTime Updated
|
||||||
|
@retval others Failed to update ReachableTime
|
||||||
**/
|
**/
|
||||||
VOID
|
EFI_STATUS
|
||||||
Ip6UpdateReachableTime (
|
Ip6UpdateReachableTime (
|
||||||
IN OUT IP6_SERVICE *IpSb
|
IN OUT IP6_SERVICE *IpSb
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
UINT32 Random;
|
UINT32 Random;
|
||||||
|
EFI_STATUS Status;
|
||||||
|
|
||||||
Random = (NetRandomInitSeed () / 4294967295UL) * IP6_RANDOM_FACTOR_SCALE;
|
Status = PseudoRandomU32 (&Random);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
|
Random = (Random / 4294967295UL) * IP6_RANDOM_FACTOR_SCALE;
|
||||||
Random = Random + IP6_MIN_RANDOM_FACTOR_SCALED;
|
Random = Random + IP6_MIN_RANDOM_FACTOR_SCALED;
|
||||||
IpSb->ReachableTime = (IpSb->BaseReachableTime * Random) / IP6_RANDOM_FACTOR_SCALE;
|
IpSb->ReachableTime = (IpSb->BaseReachableTime * Random) / IP6_RANDOM_FACTOR_SCALE;
|
||||||
|
|
||||||
|
return EFI_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -972,10 +983,17 @@ Ip6InitDADProcess (
|
||||||
IP6_SERVICE *IpSb;
|
IP6_SERVICE *IpSb;
|
||||||
EFI_STATUS Status;
|
EFI_STATUS Status;
|
||||||
UINT32 MaxDelayTick;
|
UINT32 MaxDelayTick;
|
||||||
|
UINT32 Random;
|
||||||
|
|
||||||
NET_CHECK_SIGNATURE (IpIf, IP6_INTERFACE_SIGNATURE);
|
NET_CHECK_SIGNATURE (IpIf, IP6_INTERFACE_SIGNATURE);
|
||||||
ASSERT (AddressInfo != NULL);
|
ASSERT (AddressInfo != NULL);
|
||||||
|
|
||||||
|
Status = PseudoRandomU32 (&Random);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Do nothing if we have already started DAD on the address.
|
// Do nothing if we have already started DAD on the address.
|
||||||
//
|
//
|
||||||
|
@ -1014,7 +1032,7 @@ Ip6InitDADProcess (
|
||||||
Entry->Transmit = 0;
|
Entry->Transmit = 0;
|
||||||
Entry->Receive = 0;
|
Entry->Receive = 0;
|
||||||
MaxDelayTick = IP6_MAX_RTR_SOLICITATION_DELAY / IP6_TIMER_INTERVAL_IN_MS;
|
MaxDelayTick = IP6_MAX_RTR_SOLICITATION_DELAY / IP6_TIMER_INTERVAL_IN_MS;
|
||||||
Entry->RetransTick = (MaxDelayTick * ((NET_RANDOM (NetRandomInitSeed ()) % 5) + 1)) / 5;
|
Entry->RetransTick = (MaxDelayTick * ((Random % 5) + 1)) / 5;
|
||||||
Entry->AddressInfo = AddressInfo;
|
Entry->AddressInfo = AddressInfo;
|
||||||
Entry->Callback = Callback;
|
Entry->Callback = Callback;
|
||||||
Entry->Context = Context;
|
Entry->Context = Context;
|
||||||
|
@ -2078,7 +2096,10 @@ Ip6ProcessRouterAdvertise (
|
||||||
// in BaseReachableTime and recompute a ReachableTime.
|
// in BaseReachableTime and recompute a ReachableTime.
|
||||||
//
|
//
|
||||||
IpSb->BaseReachableTime = ReachableTime;
|
IpSb->BaseReachableTime = ReachableTime;
|
||||||
Ip6UpdateReachableTime (IpSb);
|
Status = Ip6UpdateReachableTime (IpSb);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
goto Exit;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (RetransTimer != 0) {
|
if (RetransTimer != 0) {
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
Definition of Neighbor Discovery support routines.
|
Definition of Neighbor Discovery support routines.
|
||||||
|
|
||||||
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
@ -780,10 +780,10 @@ Ip6OnArpResolved (
|
||||||
/**
|
/**
|
||||||
Update the ReachableTime in IP6 service binding instance data, in milliseconds.
|
Update the ReachableTime in IP6 service binding instance data, in milliseconds.
|
||||||
|
|
||||||
@param[in, out] IpSb Points to the IP6_SERVICE.
|
@retval EFI_SUCCESS ReachableTime Updated
|
||||||
|
@retval others Failed to update ReachableTime
|
||||||
**/
|
**/
|
||||||
VOID
|
EFI_STATUS
|
||||||
Ip6UpdateReachableTime (
|
Ip6UpdateReachableTime (
|
||||||
IN OUT IP6_SERVICE *IpSb
|
IN OUT IP6_SERVICE *IpSb
|
||||||
);
|
);
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
|
|
||||||
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
|
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
**/
|
**/
|
||||||
|
|
||||||
|
@ -31,6 +32,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
#include <Library/DevicePathLib.h>
|
#include <Library/DevicePathLib.h>
|
||||||
#include <Library/PrintLib.h>
|
#include <Library/PrintLib.h>
|
||||||
#include <Library/UefiLib.h>
|
#include <Library/UefiLib.h>
|
||||||
|
#include <Protocol/Rng.h>
|
||||||
|
|
||||||
#define NIC_ITEM_CONFIG_SIZE (sizeof (NIC_IP4_CONFIG_INFO) + sizeof (EFI_IP4_ROUTE_TABLE) * MAX_IP4_CONFIG_IN_VARIABLE)
|
#define NIC_ITEM_CONFIG_SIZE (sizeof (NIC_IP4_CONFIG_INFO) + sizeof (EFI_IP4_ROUTE_TABLE) * MAX_IP4_CONFIG_IN_VARIABLE)
|
||||||
#define DEFAULT_ZERO_START ((UINTN) ~0)
|
#define DEFAULT_ZERO_START ((UINTN) ~0)
|
||||||
|
@ -127,6 +129,25 @@ GLOBAL_REMOVE_IF_UNREFERENCED VLAN_DEVICE_PATH mNetVlanDevicePathTemplate = {
|
||||||
0
|
0
|
||||||
};
|
};
|
||||||
|
|
||||||
|
//
|
||||||
|
// These represent UEFI SPEC defined algorithms that should be supported by
|
||||||
|
// the RNG protocol and are generally considered secure.
|
||||||
|
//
|
||||||
|
// The order of the algorithms in this array is important. This order is the order
|
||||||
|
// in which the algorithms will be tried by the RNG protocol.
|
||||||
|
// If your platform needs to use a specific algorithm for the random number generator,
|
||||||
|
// then you should place that algorithm first in the array.
|
||||||
|
//
|
||||||
|
GLOBAL_REMOVE_IF_UNREFERENCED EFI_GUID *mSecureHashAlgorithms[] = {
|
||||||
|
&gEfiRngAlgorithmSp80090Ctr256Guid, // SP800-90A DRBG CTR using AES-256
|
||||||
|
&gEfiRngAlgorithmSp80090Hmac256Guid, // SP800-90A DRBG HMAC using SHA-256
|
||||||
|
&gEfiRngAlgorithmSp80090Hash256Guid, // SP800-90A DRBG Hash using SHA-256
|
||||||
|
&gEfiRngAlgorithmArmRndr, // unspecified SP800-90A DRBG via ARM RNDR register
|
||||||
|
&gEfiRngAlgorithmRaw, // Raw data from NRBG (or TRNG)
|
||||||
|
};
|
||||||
|
|
||||||
|
#define SECURE_HASH_ALGORITHMS_SIZE (sizeof (mSecureHashAlgorithms) / sizeof (EFI_GUID *))
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Locate the handles that support SNP, then open one of them
|
Locate the handles that support SNP, then open one of them
|
||||||
to send the syslog packets. The caller isn't required to close
|
to send the syslog packets. The caller isn't required to close
|
||||||
|
@ -884,34 +905,107 @@ Ip6Swap128 (
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Initialize a random seed using current time and monotonic count.
|
Generate a Random output data given a length.
|
||||||
|
|
||||||
Get current time and monotonic count first. Then initialize a random seed
|
@param[out] Output - The buffer to store the generated random data.
|
||||||
based on some basic mathematics operation on the hour, day, minute, second,
|
@param[in] OutputLength - The length of the output buffer.
|
||||||
nanosecond and year of the current time and the monotonic count value.
|
|
||||||
|
|
||||||
@return The random seed initialized with current time.
|
@retval EFI_SUCCESS On Success
|
||||||
|
@retval EFI_INVALID_PARAMETER Pointer is null or size is zero
|
||||||
|
@retval EFI_NOT_FOUND RNG protocol not found
|
||||||
|
@retval Others Error from RngProtocol->GetRNG()
|
||||||
|
|
||||||
|
@return Status code
|
||||||
**/
|
**/
|
||||||
UINT32
|
EFI_STATUS
|
||||||
EFIAPI
|
EFIAPI
|
||||||
NetRandomInitSeed (
|
PseudoRandom (
|
||||||
VOID
|
OUT VOID *Output,
|
||||||
|
IN UINTN OutputLength
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
EFI_TIME Time;
|
EFI_RNG_PROTOCOL *RngProtocol;
|
||||||
UINT32 Seed;
|
EFI_STATUS Status;
|
||||||
UINT64 MonotonicCount;
|
UINTN AlgorithmIndex;
|
||||||
|
|
||||||
gRT->GetTime (&Time, NULL);
|
if ((Output == NULL) || (OutputLength == 0)) {
|
||||||
Seed = (Time.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | Time.Second);
|
return EFI_INVALID_PARAMETER;
|
||||||
Seed ^= Time.Nanosecond;
|
}
|
||||||
Seed ^= Time.Year << 7;
|
|
||||||
|
|
||||||
gBS->GetNextMonotonicCount (&MonotonicCount);
|
Status = gBS->LocateProtocol (&gEfiRngProtocolGuid, NULL, (VOID **)&RngProtocol);
|
||||||
Seed += (UINT32)MonotonicCount;
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "Failed to locate EFI_RNG_PROTOCOL: %r\n", Status));
|
||||||
|
ASSERT_EFI_ERROR (Status);
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
return Seed;
|
if (PcdGetBool (PcdEnforceSecureRngAlgorithms)) {
|
||||||
|
for (AlgorithmIndex = 0; AlgorithmIndex < SECURE_HASH_ALGORITHMS_SIZE; AlgorithmIndex++) {
|
||||||
|
Status = RngProtocol->GetRNG (RngProtocol, mSecureHashAlgorithms[AlgorithmIndex], OutputLength, (UINT8 *)Output);
|
||||||
|
if (!EFI_ERROR (Status)) {
|
||||||
|
//
|
||||||
|
// Secure Algorithm was supported on this platform
|
||||||
|
//
|
||||||
|
return EFI_SUCCESS;
|
||||||
|
} else if (Status == EFI_UNSUPPORTED) {
|
||||||
|
//
|
||||||
|
// Secure Algorithm was not supported on this platform
|
||||||
|
//
|
||||||
|
DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
|
||||||
|
|
||||||
|
//
|
||||||
|
// Try the next secure algorithm
|
||||||
|
//
|
||||||
|
continue;
|
||||||
|
} else {
|
||||||
|
//
|
||||||
|
// Some other error occurred
|
||||||
|
//
|
||||||
|
DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
|
||||||
|
ASSERT_EFI_ERROR (Status);
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// If we get here, we failed to generate random data using any secure algorithm
|
||||||
|
// Platform owner should ensure that at least one secure algorithm is supported
|
||||||
|
//
|
||||||
|
ASSERT_EFI_ERROR (Status);
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// Lets try using the default algorithm (which may not be secure)
|
||||||
|
//
|
||||||
|
Status = RngProtocol->GetRNG (RngProtocol, NULL, OutputLength, (UINT8 *)Output);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a failed to generate random data: %r\n", __func__, Status));
|
||||||
|
ASSERT_EFI_ERROR (Status);
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
|
return EFI_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
Generate a 32-bit pseudo-random number.
|
||||||
|
|
||||||
|
@param[out] Output - The buffer to store the generated random number.
|
||||||
|
|
||||||
|
@retval EFI_SUCCESS On Success
|
||||||
|
@retval EFI_NOT_FOUND RNG protocol not found
|
||||||
|
@retval Others Error from RngProtocol->GetRNG()
|
||||||
|
|
||||||
|
@return Status code
|
||||||
|
**/
|
||||||
|
EFI_STATUS
|
||||||
|
EFIAPI
|
||||||
|
PseudoRandomU32 (
|
||||||
|
OUT UINT32 *Output
|
||||||
|
)
|
||||||
|
{
|
||||||
|
return PseudoRandom (Output, sizeof (*Output));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
#
|
#
|
||||||
# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
|
# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
|
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
|
||||||
|
# Copyright (c) Microsoft Corporation
|
||||||
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
#
|
#
|
||||||
##
|
##
|
||||||
|
@ -49,7 +50,11 @@
|
||||||
gEfiSmbiosTableGuid ## SOMETIMES_CONSUMES ## SystemTable
|
gEfiSmbiosTableGuid ## SOMETIMES_CONSUMES ## SystemTable
|
||||||
gEfiSmbios3TableGuid ## SOMETIMES_CONSUMES ## SystemTable
|
gEfiSmbios3TableGuid ## SOMETIMES_CONSUMES ## SystemTable
|
||||||
gEfiAdapterInfoMediaStateGuid ## SOMETIMES_CONSUMES
|
gEfiAdapterInfoMediaStateGuid ## SOMETIMES_CONSUMES
|
||||||
|
gEfiRngAlgorithmRaw ## CONSUMES
|
||||||
|
gEfiRngAlgorithmSp80090Ctr256Guid ## CONSUMES
|
||||||
|
gEfiRngAlgorithmSp80090Hmac256Guid ## CONSUMES
|
||||||
|
gEfiRngAlgorithmSp80090Hash256Guid ## CONSUMES
|
||||||
|
gEfiRngAlgorithmArmRndr ## CONSUMES
|
||||||
|
|
||||||
[Protocols]
|
[Protocols]
|
||||||
gEfiSimpleNetworkProtocolGuid ## SOMETIMES_CONSUMES
|
gEfiSimpleNetworkProtocolGuid ## SOMETIMES_CONSUMES
|
||||||
|
@ -59,3 +64,10 @@
|
||||||
gEfiComponentNameProtocolGuid ## SOMETIMES_CONSUMES
|
gEfiComponentNameProtocolGuid ## SOMETIMES_CONSUMES
|
||||||
gEfiComponentName2ProtocolGuid ## SOMETIMES_CONSUMES
|
gEfiComponentName2ProtocolGuid ## SOMETIMES_CONSUMES
|
||||||
gEfiAdapterInformationProtocolGuid ## SOMETIMES_CONSUMES
|
gEfiAdapterInformationProtocolGuid ## SOMETIMES_CONSUMES
|
||||||
|
gEfiRngProtocolGuid ## CONSUMES
|
||||||
|
|
||||||
|
[FixedPcd]
|
||||||
|
gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms ## CONSUMES
|
||||||
|
|
||||||
|
[Depex]
|
||||||
|
gEfiRngProtocolGuid
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
#
|
#
|
||||||
# Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.<BR>
|
# Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.<BR>
|
||||||
# (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP<BR>
|
# (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP<BR>
|
||||||
|
# Copyright (c) Microsoft Corporation
|
||||||
#
|
#
|
||||||
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
#
|
#
|
||||||
|
@ -130,6 +131,12 @@
|
||||||
# @Prompt Indicates whether SnpDxe creates event for ExitBootServices() call.
|
# @Prompt Indicates whether SnpDxe creates event for ExitBootServices() call.
|
||||||
gEfiNetworkPkgTokenSpaceGuid.PcdSnpCreateExitBootServicesEvent|TRUE|BOOLEAN|0x1000000C
|
gEfiNetworkPkgTokenSpaceGuid.PcdSnpCreateExitBootServicesEvent|TRUE|BOOLEAN|0x1000000C
|
||||||
|
|
||||||
|
## Enforces the use of Secure UEFI spec defined RNG algorithms for all network connections.
|
||||||
|
# TRUE - Enforce the use of Secure UEFI spec defined RNG algorithms.
|
||||||
|
# FALSE - Do not enforce and depend on the default implementation of RNG algorithm from the provider.
|
||||||
|
# @Prompt Enforce the use of Secure UEFI spec defined RNG algorithms.
|
||||||
|
gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|0x1000000D
|
||||||
|
|
||||||
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
|
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
|
||||||
## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 6355).
|
## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 6355).
|
||||||
# 01 = DUID Based on Link-layer Address Plus Time [DUID-LLT]
|
# 01 = DUID Based on Link-layer Address Plus Time [DUID-LLT]
|
||||||
|
|
|
@ -122,3 +122,42 @@ CVE_2023_45235:
|
||||||
- http://www.openwall.com/lists/oss-security/2024/01/16/2
|
- http://www.openwall.com/lists/oss-security/2024/01/16/2
|
||||||
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
|
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
|
||||||
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
|
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
|
||||||
|
CVE_2023_45237:
|
||||||
|
commit_titles:
|
||||||
|
- "NetworkPkg:: SECURITY PATCH CVE 2023-45237"
|
||||||
|
cve: CVE-2023-45237
|
||||||
|
date_reported: 2023-08-28 13:56 UTC
|
||||||
|
description: "Bug 09 - Use of a Weak PseudoRandom Number Generator"
|
||||||
|
note:
|
||||||
|
files_impacted:
|
||||||
|
- NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
|
||||||
|
- NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
|
||||||
|
- NetworkPkg/DnsDxe/DnsDhcp.c
|
||||||
|
- NetworkPkg/DnsDxe/DnsImpl.c
|
||||||
|
- NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
|
||||||
|
- NetworkPkg/IScsiDxe/IScsiCHAP.c
|
||||||
|
- NetworkPkg/IScsiDxe/IScsiMisc.c
|
||||||
|
- NetworkPkg/IScsiDxe/IScsiMisc.h
|
||||||
|
- NetworkPkg/Include/Library/NetLib.h
|
||||||
|
- NetworkPkg/Ip4Dxe/Ip4Driver.c
|
||||||
|
- NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
|
||||||
|
- NetworkPkg/Ip6Dxe/Ip6Driver.c
|
||||||
|
- NetworkPkg/Ip6Dxe/Ip6If.c
|
||||||
|
- NetworkPkg/Ip6Dxe/Ip6Mld.c
|
||||||
|
- NetworkPkg/Ip6Dxe/Ip6Nd.c
|
||||||
|
- NetworkPkg/Ip6Dxe/Ip6Nd.h
|
||||||
|
- NetworkPkg/Library/DxeNetLib/DxeNetLib.c
|
||||||
|
- NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
|
||||||
|
- NetworkPkg/NetworkPkg.dec
|
||||||
|
- NetworkPkg/TcpDxe/TcpDriver.c
|
||||||
|
- NetworkPkg/Udp4Dxe/Udp4Driver.c
|
||||||
|
- NetworkPkg/Udp6Dxe/Udp6Driver.c
|
||||||
|
- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
|
||||||
|
- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
|
||||||
|
- NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
|
||||||
|
links:
|
||||||
|
- https://bugzilla.tianocore.org/show_bug.cgi?id=4542
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-45237
|
||||||
|
- http://www.openwall.com/lists/oss-security/2024/01/16/2
|
||||||
|
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
|
||||||
|
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
The driver binding and service binding protocol for the TCP driver.
|
The driver binding and service binding protocol for the TCP driver.
|
||||||
|
|
||||||
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
@ -163,7 +163,13 @@ TcpDriverEntryPoint (
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
EFI_STATUS Status;
|
EFI_STATUS Status;
|
||||||
UINT32 Seed;
|
UINT32 Random;
|
||||||
|
|
||||||
|
Status = PseudoRandomU32 (&Random);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Install the TCP Driver Binding Protocol
|
// Install the TCP Driver Binding Protocol
|
||||||
|
@ -203,9 +209,8 @@ TcpDriverEntryPoint (
|
||||||
//
|
//
|
||||||
// Initialize ISS and random port.
|
// Initialize ISS and random port.
|
||||||
//
|
//
|
||||||
Seed = NetRandomInitSeed ();
|
mTcpGlobalIss = Random % mTcpGlobalIss;
|
||||||
mTcpGlobalIss = NET_RANDOM (Seed) % mTcpGlobalIss;
|
mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN));
|
||||||
mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (NET_RANDOM (Seed) % TCP_PORT_KNOWN));
|
|
||||||
mTcp6RandomPort = mTcp4RandomPort;
|
mTcp6RandomPort = mTcp4RandomPort;
|
||||||
|
|
||||||
return EFI_SUCCESS;
|
return EFI_SUCCESS;
|
||||||
|
|
|
@ -82,5 +82,8 @@
|
||||||
gEfiTcp6ProtocolGuid ## BY_START
|
gEfiTcp6ProtocolGuid ## BY_START
|
||||||
gEfiTcp6ServiceBindingProtocolGuid ## BY_START
|
gEfiTcp6ServiceBindingProtocolGuid ## BY_START
|
||||||
|
|
||||||
|
[Depex]
|
||||||
|
gEfiHash2ServiceBindingProtocolGuid
|
||||||
|
|
||||||
[UserExtensions.TianoCore."ExtraFiles"]
|
[UserExtensions.TianoCore."ExtraFiles"]
|
||||||
TcpDxeExtra.uni
|
TcpDxeExtra.uni
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
/** @file
|
/** @file
|
||||||
|
|
||||||
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
@ -555,6 +556,13 @@ Udp4DriverEntryPoint (
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
EFI_STATUS Status;
|
EFI_STATUS Status;
|
||||||
|
UINT32 Random;
|
||||||
|
|
||||||
|
Status = PseudoRandomU32 (&Random);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Install the Udp4DriverBinding and Udp4ComponentName protocols.
|
// Install the Udp4DriverBinding and Udp4ComponentName protocols.
|
||||||
|
@ -571,7 +579,7 @@ Udp4DriverEntryPoint (
|
||||||
//
|
//
|
||||||
// Initialize the UDP random port.
|
// Initialize the UDP random port.
|
||||||
//
|
//
|
||||||
mUdp4RandomPort = (UINT16)(((UINT16)NetRandomInitSeed ()) % UDP4_PORT_KNOWN + UDP4_PORT_KNOWN);
|
mUdp4RandomPort = (UINT16)(((UINT16)Random) % UDP4_PORT_KNOWN + UDP4_PORT_KNOWN);
|
||||||
}
|
}
|
||||||
|
|
||||||
return Status;
|
return Status;
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
Driver Binding functions and Service Binding functions for the Network driver module.
|
Driver Binding functions and Service Binding functions for the Network driver module.
|
||||||
|
|
||||||
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
@ -596,6 +596,13 @@ Udp6DriverEntryPoint (
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
EFI_STATUS Status;
|
EFI_STATUS Status;
|
||||||
|
UINT32 Random;
|
||||||
|
|
||||||
|
Status = PseudoRandomU32 (&Random);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Install the Udp6DriverBinding and Udp6ComponentName protocols.
|
// Install the Udp6DriverBinding and Udp6ComponentName protocols.
|
||||||
|
@ -614,7 +621,7 @@ Udp6DriverEntryPoint (
|
||||||
// Initialize the UDP random port.
|
// Initialize the UDP random port.
|
||||||
//
|
//
|
||||||
mUdp6RandomPort = (UINT16)(
|
mUdp6RandomPort = (UINT16)(
|
||||||
((UINT16)NetRandomInitSeed ()) %
|
((UINT16)Random) %
|
||||||
UDP6_PORT_KNOWN +
|
UDP6_PORT_KNOWN +
|
||||||
UDP6_PORT_KNOWN
|
UDP6_PORT_KNOWN
|
||||||
);
|
);
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
Functions implementation related with DHCPv4 for UefiPxeBc Driver.
|
Functions implementation related with DHCPv4 for UefiPxeBc Driver.
|
||||||
|
|
||||||
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
@ -1381,6 +1381,12 @@ PxeBcDhcp4Discover (
|
||||||
UINT8 VendorOptLen;
|
UINT8 VendorOptLen;
|
||||||
UINT32 Xid;
|
UINT32 Xid;
|
||||||
|
|
||||||
|
Status = PseudoRandomU32 (&Xid);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
Mode = Private->PxeBc.Mode;
|
Mode = Private->PxeBc.Mode;
|
||||||
Dhcp4 = Private->Dhcp4;
|
Dhcp4 = Private->Dhcp4;
|
||||||
Status = EFI_SUCCESS;
|
Status = EFI_SUCCESS;
|
||||||
|
@ -1471,7 +1477,6 @@ PxeBcDhcp4Discover (
|
||||||
//
|
//
|
||||||
// Set fields of the token for the request packet.
|
// Set fields of the token for the request packet.
|
||||||
//
|
//
|
||||||
Xid = NET_RANDOM (NetRandomInitSeed ());
|
|
||||||
Token.Packet->Dhcp4.Header.Xid = HTONL (Xid);
|
Token.Packet->Dhcp4.Header.Xid = HTONL (Xid);
|
||||||
Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)((IsBCast) ? 0x8000 : 0x0));
|
Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)((IsBCast) ? 0x8000 : 0x0));
|
||||||
CopyMem (&Token.Packet->Dhcp4.Header.ClientAddr, &Private->StationIp, sizeof (EFI_IPv4_ADDRESS));
|
CopyMem (&Token.Packet->Dhcp4.Header.ClientAddr, &Private->StationIp, sizeof (EFI_IPv4_ADDRESS));
|
||||||
|
|
|
@ -2180,7 +2180,7 @@ PxeBcDhcp6Discover (
|
||||||
UINTN ReadSize;
|
UINTN ReadSize;
|
||||||
UINT16 OpCode;
|
UINT16 OpCode;
|
||||||
UINT16 OpLen;
|
UINT16 OpLen;
|
||||||
UINT32 Xid;
|
UINT32 Random;
|
||||||
EFI_STATUS Status;
|
EFI_STATUS Status;
|
||||||
UINTN DiscoverLenNeeded;
|
UINTN DiscoverLenNeeded;
|
||||||
|
|
||||||
|
@ -2198,6 +2198,12 @@ PxeBcDhcp6Discover (
|
||||||
return EFI_DEVICE_ERROR;
|
return EFI_DEVICE_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Status = PseudoRandomU32 (&Random);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
DiscoverLenNeeded = sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET);
|
DiscoverLenNeeded = sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET);
|
||||||
Discover = AllocateZeroPool (DiscoverLenNeeded);
|
Discover = AllocateZeroPool (DiscoverLenNeeded);
|
||||||
if (Discover == NULL) {
|
if (Discover == NULL) {
|
||||||
|
@ -2207,8 +2213,7 @@ PxeBcDhcp6Discover (
|
||||||
//
|
//
|
||||||
// Build the discover packet by the cached request packet before.
|
// Build the discover packet by the cached request packet before.
|
||||||
//
|
//
|
||||||
Xid = NET_RANDOM (NetRandomInitSeed ());
|
Discover->TransactionId = HTONL (Random);
|
||||||
Discover->TransactionId = HTONL (Xid);
|
|
||||||
Discover->MessageType = Request->Dhcp6.Header.MessageType;
|
Discover->MessageType = Request->Dhcp6.Header.MessageType;
|
||||||
RequestOpt = Request->Dhcp6.Option;
|
RequestOpt = Request->Dhcp6.Option;
|
||||||
DiscoverOpt = Discover->DhcpOptions;
|
DiscoverOpt = Discover->DhcpOptions;
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
|
|
||||||
(C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
|
(C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
|
||||||
Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation
|
||||||
|
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
@ -892,6 +893,13 @@ PxeBcCreateIp6Children (
|
||||||
PXEBC_PRIVATE_PROTOCOL *Id;
|
PXEBC_PRIVATE_PROTOCOL *Id;
|
||||||
EFI_SIMPLE_NETWORK_PROTOCOL *Snp;
|
EFI_SIMPLE_NETWORK_PROTOCOL *Snp;
|
||||||
UINTN Index;
|
UINTN Index;
|
||||||
|
UINT32 Random;
|
||||||
|
|
||||||
|
Status = PseudoRandomU32 (&Random);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "Failed to generate random number using EFI_RNG_PROTOCOL: %r\n", Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
if (Private->Ip6Nic != NULL) {
|
if (Private->Ip6Nic != NULL) {
|
||||||
//
|
//
|
||||||
|
@ -935,9 +943,9 @@ PxeBcCreateIp6Children (
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Generate a random IAID for the Dhcp6 assigned address.
|
// Set a random IAID for the Dhcp6 assigned address.
|
||||||
//
|
//
|
||||||
Private->IaId = NET_RANDOM (NetRandomInitSeed ());
|
Private->IaId = Random;
|
||||||
if (Private->Snp != NULL) {
|
if (Private->Snp != NULL) {
|
||||||
for (Index = 0; Index < Private->Snp->Mode->HwAddressSize; Index++) {
|
for (Index = 0; Index < Private->Snp->Mode->HwAddressSize; Index++) {
|
||||||
Private->IaId |= (Private->Snp->Mode->CurrentAddress.Addr[Index] << ((Index << 3) & 31));
|
Private->IaId |= (Private->Snp->Mode->CurrentAddress.Addr[Index] << ((Index << 3) & 31));
|
||||||
|
|
Loading…
Reference in New Issue