NetworkPkg: SECURITY PATCH CVE-2023-45237

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542

Bug Overview:
PixieFail Bug #9
CVE-2023-45237
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Use of a Weak PseudoRandom Number Generator

Change Overview:

Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either

>
> EFI_STATUS
> EFIAPI
> PseudoRandomU32 (
>  OUT UINT32  *Output
>  );
>

or (depending on the use case)

>
> EFI_STATUS
> EFIAPI
> PseudoRandom (
>  OUT  VOID   *Output,
>  IN   UINTN  OutputLength
>  );
>

This is because the use of

Example:

The following code snippet PseudoRandomU32 () function is used:

>
> UINT32         Random;
>
> Status = PseudoRandomU32 (&Random);
> if (EFI_ERROR (Status)) {
>   DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n",
__func__, Status));
>   return Status;
> }
>

This also introduces a new PCD to enable/disable the use of the
secure implementation of algorithms for PseudoRandom () and
instead depend on the default implementation. This may be required for
some platforms where the UEFI Spec defined algorithms are not available.

>
> PcdEnforceSecureRngAlgorithms
>

If the platform does not have any one of the UEFI defined
secure RNG algorithms then the driver will assert.

Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
This commit is contained in:
Doug Flick 2024-05-08 22:56:28 -07:00 committed by mergify[bot]
parent a85336531c
commit 4c4ceb2ceb
27 changed files with 410 additions and 83 deletions

View File

@ -1,6 +1,7 @@
/** @file /** @file
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -189,6 +190,13 @@ Dhcp4CreateService (
{ {
DHCP_SERVICE *DhcpSb; DHCP_SERVICE *DhcpSb;
EFI_STATUS Status; EFI_STATUS Status;
UINT32 Random;
Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
return Status;
}
*Service = NULL; *Service = NULL;
DhcpSb = AllocateZeroPool (sizeof (DHCP_SERVICE)); DhcpSb = AllocateZeroPool (sizeof (DHCP_SERVICE));
@ -203,7 +211,7 @@ Dhcp4CreateService (
DhcpSb->Image = ImageHandle; DhcpSb->Image = ImageHandle;
InitializeListHead (&DhcpSb->Children); InitializeListHead (&DhcpSb->Children);
DhcpSb->DhcpState = Dhcp4Stopped; DhcpSb->DhcpState = Dhcp4Stopped;
DhcpSb->Xid = NET_RANDOM (NetRandomInitSeed ()); DhcpSb->Xid = Random;
CopyMem ( CopyMem (
&DhcpSb->ServiceBinding, &DhcpSb->ServiceBinding,
&mDhcp4ServiceBindingTemplate, &mDhcp4ServiceBindingTemplate,

View File

@ -3,7 +3,7 @@
implementation for Dhcp6 Driver. implementation for Dhcp6 Driver.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -123,6 +123,13 @@ Dhcp6CreateService (
{ {
DHCP6_SERVICE *Dhcp6Srv; DHCP6_SERVICE *Dhcp6Srv;
EFI_STATUS Status; EFI_STATUS Status;
UINT32 Random;
Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
return Status;
}
*Service = NULL; *Service = NULL;
Dhcp6Srv = AllocateZeroPool (sizeof (DHCP6_SERVICE)); Dhcp6Srv = AllocateZeroPool (sizeof (DHCP6_SERVICE));
@ -147,7 +154,7 @@ Dhcp6CreateService (
Dhcp6Srv->Signature = DHCP6_SERVICE_SIGNATURE; Dhcp6Srv->Signature = DHCP6_SERVICE_SIGNATURE;
Dhcp6Srv->Controller = Controller; Dhcp6Srv->Controller = Controller;
Dhcp6Srv->Image = ImageHandle; Dhcp6Srv->Image = ImageHandle;
Dhcp6Srv->Xid = (0xffffff & NET_RANDOM (NetRandomInitSeed ())); Dhcp6Srv->Xid = (0xffffff & Random);
CopyMem ( CopyMem (
&Dhcp6Srv->ServiceBinding, &Dhcp6Srv->ServiceBinding,

View File

@ -2,6 +2,7 @@
Functions implementation related with DHCPv4/v6 for DNS driver. Functions implementation related with DHCPv4/v6 for DNS driver.
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -277,6 +278,7 @@ GetDns4ServerFromDhcp4 (
EFI_DHCP4_TRANSMIT_RECEIVE_TOKEN Token; EFI_DHCP4_TRANSMIT_RECEIVE_TOKEN Token;
BOOLEAN IsDone; BOOLEAN IsDone;
UINTN Index; UINTN Index;
UINT32 Random;
Image = Instance->Service->ImageHandle; Image = Instance->Service->ImageHandle;
Controller = Instance->Service->ControllerHandle; Controller = Instance->Service->ControllerHandle;
@ -292,6 +294,12 @@ GetDns4ServerFromDhcp4 (
Data = NULL; Data = NULL;
InterfaceInfo = NULL; InterfaceInfo = NULL;
Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
return Status;
}
ZeroMem ((UINT8 *)ParaList, sizeof (ParaList)); ZeroMem ((UINT8 *)ParaList, sizeof (ParaList));
ZeroMem (&MnpConfigData, sizeof (EFI_MANAGED_NETWORK_CONFIG_DATA)); ZeroMem (&MnpConfigData, sizeof (EFI_MANAGED_NETWORK_CONFIG_DATA));
@ -467,7 +475,7 @@ GetDns4ServerFromDhcp4 (
Status = Dhcp4->Build (Dhcp4, &SeedPacket, 0, NULL, 2, ParaList, &Token.Packet); Status = Dhcp4->Build (Dhcp4, &SeedPacket, 0, NULL, 2, ParaList, &Token.Packet);
Token.Packet->Dhcp4.Header.Xid = HTONL (NET_RANDOM (NetRandomInitSeed ())); Token.Packet->Dhcp4.Header.Xid = Random;
Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)0x8000); Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)0x8000);

View File

@ -2,6 +2,7 @@
DnsDxe support functions implementation. DnsDxe support functions implementation.
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -1963,6 +1964,14 @@ ConstructDNSQuery (
NET_FRAGMENT Frag; NET_FRAGMENT Frag;
DNS_HEADER *DnsHeader; DNS_HEADER *DnsHeader;
DNS_QUERY_SECTION *DnsQuery; DNS_QUERY_SECTION *DnsQuery;
EFI_STATUS Status;
UINT32 Random;
Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
return Status;
}
// //
// Messages carried by UDP are restricted to 512 bytes (not counting the IP // Messages carried by UDP are restricted to 512 bytes (not counting the IP
@ -1977,7 +1986,7 @@ ConstructDNSQuery (
// Fill header // Fill header
// //
DnsHeader = (DNS_HEADER *)Frag.Bulk; DnsHeader = (DNS_HEADER *)Frag.Bulk;
DnsHeader->Identification = (UINT16)NET_RANDOM (NetRandomInitSeed ()); DnsHeader->Identification = (UINT16)Random;
DnsHeader->Flags.Uint16 = 0x0000; DnsHeader->Flags.Uint16 = 0x0000;
DnsHeader->Flags.Bits.RD = 1; DnsHeader->Flags.Bits.RD = 1;
DnsHeader->Flags.Bits.OpCode = DNS_FLAGS_OPCODE_STANDARD; DnsHeader->Flags.Bits.OpCode = DNS_FLAGS_OPCODE_STANDARD;

View File

@ -2,6 +2,7 @@
Functions implementation related with DHCPv6 for HTTP boot driver. Functions implementation related with DHCPv6 for HTTP boot driver.
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -951,6 +952,7 @@ HttpBootDhcp6Sarr (
UINT32 OptCount; UINT32 OptCount;
UINT8 Buffer[HTTP_BOOT_DHCP6_OPTION_MAX_SIZE]; UINT8 Buffer[HTTP_BOOT_DHCP6_OPTION_MAX_SIZE];
EFI_STATUS Status; EFI_STATUS Status;
UINT32 Random;
Dhcp6 = Private->Dhcp6; Dhcp6 = Private->Dhcp6;
ASSERT (Dhcp6 != NULL); ASSERT (Dhcp6 != NULL);
@ -961,6 +963,12 @@ HttpBootDhcp6Sarr (
OptCount = HttpBootBuildDhcp6Options (Private, OptList, Buffer); OptCount = HttpBootBuildDhcp6Options (Private, OptList, Buffer);
ASSERT (OptCount > 0); ASSERT (OptCount > 0);
Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
return Status;
}
Retransmit = AllocateZeroPool (sizeof (EFI_DHCP6_RETRANSMISSION)); Retransmit = AllocateZeroPool (sizeof (EFI_DHCP6_RETRANSMISSION));
if (Retransmit == NULL) { if (Retransmit == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
@ -976,7 +984,7 @@ HttpBootDhcp6Sarr (
Config.IaInfoEvent = NULL; Config.IaInfoEvent = NULL;
Config.RapidCommit = FALSE; Config.RapidCommit = FALSE;
Config.ReconfigureAccept = FALSE; Config.ReconfigureAccept = FALSE;
Config.IaDescriptor.IaId = NET_RANDOM (NetRandomInitSeed ()); Config.IaDescriptor.IaId = Random;
Config.IaDescriptor.Type = EFI_DHCP6_IA_TYPE_NA; Config.IaDescriptor.Type = EFI_DHCP6_IA_TYPE_NA;
Config.SolicitRetransmission = Retransmit; Config.SolicitRetransmission = Retransmit;
Retransmit->Irt = 4; Retransmit->Irt = 4;

View File

@ -3,6 +3,7 @@
Configuration. Configuration.
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -576,16 +577,24 @@ IScsiCHAPToSendReq (
// //
// CHAP_I=<I> // CHAP_I=<I>
// //
IScsiGenRandom ((UINT8 *)&AuthData->OutIdentifier, 1); Status = IScsiGenRandom ((UINT8 *)&AuthData->OutIdentifier, 1);
if (EFI_ERROR (Status)) {
break;
}
AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", AuthData->OutIdentifier); AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", AuthData->OutIdentifier);
IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_IDENTIFIER, ValueStr); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_IDENTIFIER, ValueStr);
// //
// CHAP_C=<C> // CHAP_C=<C>
// //
IScsiGenRandom ( Status = IScsiGenRandom (
(UINT8 *)AuthData->OutChallenge, (UINT8 *)AuthData->OutChallenge,
AuthData->Hash->DigestSize AuthData->Hash->DigestSize
); );
if (EFI_ERROR (Status)) {
break;
}
BinToHexStatus = IScsiBinToHex ( BinToHexStatus = IScsiBinToHex (
(UINT8 *)AuthData->OutChallenge, (UINT8 *)AuthData->OutChallenge,
AuthData->Hash->DigestSize, AuthData->Hash->DigestSize,

View File

@ -2,6 +2,7 @@
Miscellaneous routines for iSCSI driver. Miscellaneous routines for iSCSI driver.
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -474,20 +475,17 @@ IScsiNetNtoi (
@param[in, out] Rand The buffer to contain random numbers. @param[in, out] Rand The buffer to contain random numbers.
@param[in] RandLength The length of the Rand buffer. @param[in] RandLength The length of the Rand buffer.
@retval EFI_SUCCESS on success
@retval others on error
**/ **/
VOID EFI_STATUS
IScsiGenRandom ( IScsiGenRandom (
IN OUT UINT8 *Rand, IN OUT UINT8 *Rand,
IN UINTN RandLength IN UINTN RandLength
) )
{ {
UINT32 Random; return PseudoRandom (Rand, RandLength);
while (RandLength > 0) {
Random = NET_RANDOM (NetRandomInitSeed ());
*Rand++ = (UINT8)(Random);
RandLength--;
}
} }
/** /**

View File

@ -2,6 +2,7 @@
Miscellaneous definitions for iSCSI driver. Miscellaneous definitions for iSCSI driver.
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -202,8 +203,11 @@ IScsiNetNtoi (
@param[in, out] Rand The buffer to contain random numbers. @param[in, out] Rand The buffer to contain random numbers.
@param[in] RandLength The length of the Rand buffer. @param[in] RandLength The length of the Rand buffer.
@retval EFI_SUCCESS on success
@retval others on error
**/ **/
VOID EFI_STATUS
IScsiGenRandom ( IScsiGenRandom (
IN OUT UINT8 *Rand, IN OUT UINT8 *Rand,
IN UINTN RandLength IN UINTN RandLength

View File

@ -3,6 +3,7 @@
It provides basic functions for the UEFI network stack. It provides basic functions for the UEFI network stack.
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -539,8 +540,6 @@ extern EFI_IPv4_ADDRESS mZeroIp4Addr;
#define TICKS_PER_MS 10000U #define TICKS_PER_MS 10000U
#define TICKS_PER_SECOND 10000000U #define TICKS_PER_SECOND 10000000U
#define NET_RANDOM(Seed) ((UINT32) ((UINT32) (Seed) * 1103515245UL + 12345) % 4294967295UL)
/** /**
Extract a UINT32 from a byte stream. Extract a UINT32 from a byte stream.
@ -580,19 +579,40 @@ NetPutUint32 (
); );
/** /**
Initialize a random seed using current time and monotonic count. Generate a Random output data given a length.
Get current time and monotonic count first. Then initialize a random seed @param[out] Output - The buffer to store the generated random data.
based on some basic mathematics operation on the hour, day, minute, second, @param[in] OutputLength - The length of the output buffer.
nanosecond and year of the current time and the monotonic count value.
@return The random seed initialized with current time. @retval EFI_SUCCESS On Success
@retval EFI_INVALID_PARAMETER Pointer is null or size is zero
@retval EFI_NOT_FOUND RNG protocol not found
@retval Others Error from RngProtocol->GetRNG()
@return Status code
**/ **/
UINT32 EFI_STATUS
EFIAPI EFIAPI
NetRandomInitSeed ( PseudoRandom (
VOID OUT VOID *Output,
IN UINTN OutputLength
);
/**
Generate a 32-bit pseudo-random number.
@param[out] Output - The buffer to store the generated random number.
@retval EFI_SUCCESS On Success
@retval EFI_NOT_FOUND RNG protocol not found
@retval Others Error from RngProtocol->GetRNG()
@return Status code
**/
EFI_STATUS
EFIAPI
PseudoRandomU32 (
OUT UINT32 *Output
); );
#define NET_LIST_USER_STRUCT(Entry, Type, Field) \ #define NET_LIST_USER_STRUCT(Entry, Type, Field) \

View File

@ -2,6 +2,7 @@
The driver binding and service binding protocol for IP4 driver. The driver binding and service binding protocol for IP4 driver.
Copyright (c) 2005 - 2019, Intel Corporation. All rights reserved.<BR> Copyright (c) 2005 - 2019, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR> (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
@ -549,11 +550,18 @@ Ip4DriverBindingStart (
EFI_IP4_CONFIG2_PROTOCOL *Ip4Cfg2; EFI_IP4_CONFIG2_PROTOCOL *Ip4Cfg2;
UINTN Index; UINTN Index;
IP4_CONFIG2_DATA_ITEM *DataItem; IP4_CONFIG2_DATA_ITEM *DataItem;
UINT32 Random;
IpSb = NULL; IpSb = NULL;
Ip4Cfg2 = NULL; Ip4Cfg2 = NULL;
DataItem = NULL; DataItem = NULL;
Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
return Status;
}
// //
// Test for the Ip4 service binding protocol // Test for the Ip4 service binding protocol
// //
@ -653,7 +661,7 @@ Ip4DriverBindingStart (
// //
// Initialize the IP4 ID // Initialize the IP4 ID
// //
mIp4Id = (UINT16)NET_RANDOM (NetRandomInitSeed ()); mIp4Id = (UINT16)Random;
return Status; return Status;

View File

@ -2276,6 +2276,13 @@ Ip6ConfigInitInstance (
UINTN Index; UINTN Index;
UINT16 IfIndex; UINT16 IfIndex;
IP6_CONFIG_DATA_ITEM *DataItem; IP6_CONFIG_DATA_ITEM *DataItem;
UINT32 Random;
Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
return Status;
}
IpSb = IP6_SERVICE_FROM_IP6_CONFIG_INSTANCE (Instance); IpSb = IP6_SERVICE_FROM_IP6_CONFIG_INSTANCE (Instance);
@ -2381,7 +2388,7 @@ Ip6ConfigInitInstance (
// The NV variable is not set, so generate a random IAID, and write down the // The NV variable is not set, so generate a random IAID, and write down the
// fresh new configuration as the NV variable now. // fresh new configuration as the NV variable now.
// //
Instance->IaId = NET_RANDOM (NetRandomInitSeed ()); Instance->IaId = Random;
for (Index = 0; Index < IpSb->SnpMode.HwAddressSize; Index++) { for (Index = 0; Index < IpSb->SnpMode.HwAddressSize; Index++) {
Instance->IaId |= (IpSb->SnpMode.CurrentAddress.Addr[Index] << ((Index << 3) & 31)); Instance->IaId |= (IpSb->SnpMode.CurrentAddress.Addr[Index] << ((Index << 3) & 31));

View File

@ -3,7 +3,7 @@
Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR> (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -316,7 +316,11 @@ Ip6CreateService (
IpSb->CurHopLimit = IP6_HOP_LIMIT; IpSb->CurHopLimit = IP6_HOP_LIMIT;
IpSb->LinkMTU = IP6_MIN_LINK_MTU; IpSb->LinkMTU = IP6_MIN_LINK_MTU;
IpSb->BaseReachableTime = IP6_REACHABLE_TIME; IpSb->BaseReachableTime = IP6_REACHABLE_TIME;
Ip6UpdateReachableTime (IpSb); Status = Ip6UpdateReachableTime (IpSb);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
// //
// RFC4861 RETRANS_TIMER: 1,000 milliseconds // RFC4861 RETRANS_TIMER: 1,000 milliseconds
// //
@ -516,11 +520,18 @@ Ip6DriverBindingStart (
EFI_STATUS Status; EFI_STATUS Status;
EFI_IP6_CONFIG_PROTOCOL *Ip6Cfg; EFI_IP6_CONFIG_PROTOCOL *Ip6Cfg;
IP6_CONFIG_DATA_ITEM *DataItem; IP6_CONFIG_DATA_ITEM *DataItem;
UINT32 Random;
IpSb = NULL; IpSb = NULL;
Ip6Cfg = NULL; Ip6Cfg = NULL;
DataItem = NULL; DataItem = NULL;
Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
return Status;
}
// //
// Test for the Ip6 service binding protocol // Test for the Ip6 service binding protocol
// //
@ -656,7 +667,7 @@ Ip6DriverBindingStart (
// //
// Initialize the IP6 ID // Initialize the IP6 ID
// //
mIp6Id = NET_RANDOM (NetRandomInitSeed ()); mIp6Id = Random;
return EFI_SUCCESS; return EFI_SUCCESS;

View File

@ -2,7 +2,7 @@
Implement IP6 pseudo interface. Implement IP6 pseudo interface.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -89,6 +89,14 @@ Ip6SetAddress (
IP6_PREFIX_LIST_ENTRY *PrefixEntry; IP6_PREFIX_LIST_ENTRY *PrefixEntry;
UINT64 Delay; UINT64 Delay;
IP6_DELAY_JOIN_LIST *DelayNode; IP6_DELAY_JOIN_LIST *DelayNode;
EFI_STATUS Status;
UINT32 Random;
Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
return Status;
}
NET_CHECK_SIGNATURE (Interface, IP6_INTERFACE_SIGNATURE); NET_CHECK_SIGNATURE (Interface, IP6_INTERFACE_SIGNATURE);
@ -164,7 +172,7 @@ Ip6SetAddress (
// Thus queue the address to be processed in Duplicate Address Detection module // Thus queue the address to be processed in Duplicate Address Detection module
// after the delay time (in milliseconds). // after the delay time (in milliseconds).
// //
Delay = (UINT64)NET_RANDOM (NetRandomInitSeed ()); Delay = (UINT64)Random;
Delay = MultU64x32 (Delay, IP6_ONE_SECOND_IN_MS); Delay = MultU64x32 (Delay, IP6_ONE_SECOND_IN_MS);
Delay = RShiftU64 (Delay, 32); Delay = RShiftU64 (Delay, 32);

View File

@ -697,6 +697,14 @@ Ip6UpdateDelayTimer (
) )
{ {
UINT32 Delay; UINT32 Delay;
EFI_STATUS Status;
UINT32 Random;
Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
return Status;
}
// //
// If the Query packet specifies a Maximum Response Delay of zero, perform timer // If the Query packet specifies a Maximum Response Delay of zero, perform timer
@ -715,7 +723,7 @@ Ip6UpdateDelayTimer (
// is less than the remaining value of the running timer. // is less than the remaining value of the running timer.
// //
if ((Group->DelayTimer == 0) || (Delay < Group->DelayTimer)) { if ((Group->DelayTimer == 0) || (Delay < Group->DelayTimer)) {
Group->DelayTimer = Delay / 4294967295UL * NET_RANDOM (NetRandomInitSeed ()); Group->DelayTimer = Delay / 4294967295UL * Random;
} }
return EFI_SUCCESS; return EFI_SUCCESS;

View File

@ -2,7 +2,7 @@
Implementation of Neighbor Discovery support routines. Implementation of Neighbor Discovery support routines.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -16,17 +16,28 @@ EFI_MAC_ADDRESS mZeroMacAddress;
@param[in, out] IpSb Points to the IP6_SERVICE. @param[in, out] IpSb Points to the IP6_SERVICE.
@retval EFI_SUCCESS ReachableTime Updated
@retval others Failed to update ReachableTime
**/ **/
VOID EFI_STATUS
Ip6UpdateReachableTime ( Ip6UpdateReachableTime (
IN OUT IP6_SERVICE *IpSb IN OUT IP6_SERVICE *IpSb
) )
{ {
UINT32 Random; UINT32 Random;
EFI_STATUS Status;
Random = (NetRandomInitSeed () / 4294967295UL) * IP6_RANDOM_FACTOR_SCALE; Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
return Status;
}
Random = (Random / 4294967295UL) * IP6_RANDOM_FACTOR_SCALE;
Random = Random + IP6_MIN_RANDOM_FACTOR_SCALED; Random = Random + IP6_MIN_RANDOM_FACTOR_SCALED;
IpSb->ReachableTime = (IpSb->BaseReachableTime * Random) / IP6_RANDOM_FACTOR_SCALE; IpSb->ReachableTime = (IpSb->BaseReachableTime * Random) / IP6_RANDOM_FACTOR_SCALE;
return EFI_SUCCESS;
} }
/** /**
@ -972,10 +983,17 @@ Ip6InitDADProcess (
IP6_SERVICE *IpSb; IP6_SERVICE *IpSb;
EFI_STATUS Status; EFI_STATUS Status;
UINT32 MaxDelayTick; UINT32 MaxDelayTick;
UINT32 Random;
NET_CHECK_SIGNATURE (IpIf, IP6_INTERFACE_SIGNATURE); NET_CHECK_SIGNATURE (IpIf, IP6_INTERFACE_SIGNATURE);
ASSERT (AddressInfo != NULL); ASSERT (AddressInfo != NULL);
Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
return Status;
}
// //
// Do nothing if we have already started DAD on the address. // Do nothing if we have already started DAD on the address.
// //
@ -1014,7 +1032,7 @@ Ip6InitDADProcess (
Entry->Transmit = 0; Entry->Transmit = 0;
Entry->Receive = 0; Entry->Receive = 0;
MaxDelayTick = IP6_MAX_RTR_SOLICITATION_DELAY / IP6_TIMER_INTERVAL_IN_MS; MaxDelayTick = IP6_MAX_RTR_SOLICITATION_DELAY / IP6_TIMER_INTERVAL_IN_MS;
Entry->RetransTick = (MaxDelayTick * ((NET_RANDOM (NetRandomInitSeed ()) % 5) + 1)) / 5; Entry->RetransTick = (MaxDelayTick * ((Random % 5) + 1)) / 5;
Entry->AddressInfo = AddressInfo; Entry->AddressInfo = AddressInfo;
Entry->Callback = Callback; Entry->Callback = Callback;
Entry->Context = Context; Entry->Context = Context;
@ -2078,7 +2096,10 @@ Ip6ProcessRouterAdvertise (
// in BaseReachableTime and recompute a ReachableTime. // in BaseReachableTime and recompute a ReachableTime.
// //
IpSb->BaseReachableTime = ReachableTime; IpSb->BaseReachableTime = ReachableTime;
Ip6UpdateReachableTime (IpSb); Status = Ip6UpdateReachableTime (IpSb);
if (EFI_ERROR (Status)) {
goto Exit;
}
} }
if (RetransTimer != 0) { if (RetransTimer != 0) {

View File

@ -2,7 +2,7 @@
Definition of Neighbor Discovery support routines. Definition of Neighbor Discovery support routines.
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -780,10 +780,10 @@ Ip6OnArpResolved (
/** /**
Update the ReachableTime in IP6 service binding instance data, in milliseconds. Update the ReachableTime in IP6 service binding instance data, in milliseconds.
@param[in, out] IpSb Points to the IP6_SERVICE. @retval EFI_SUCCESS ReachableTime Updated
@retval others Failed to update ReachableTime
**/ **/
VOID EFI_STATUS
Ip6UpdateReachableTime ( Ip6UpdateReachableTime (
IN OUT IP6_SERVICE *IpSb IN OUT IP6_SERVICE *IpSb
); );

View File

@ -3,6 +3,7 @@
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -31,6 +32,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DevicePathLib.h> #include <Library/DevicePathLib.h>
#include <Library/PrintLib.h> #include <Library/PrintLib.h>
#include <Library/UefiLib.h> #include <Library/UefiLib.h>
#include <Protocol/Rng.h>
#define NIC_ITEM_CONFIG_SIZE (sizeof (NIC_IP4_CONFIG_INFO) + sizeof (EFI_IP4_ROUTE_TABLE) * MAX_IP4_CONFIG_IN_VARIABLE) #define NIC_ITEM_CONFIG_SIZE (sizeof (NIC_IP4_CONFIG_INFO) + sizeof (EFI_IP4_ROUTE_TABLE) * MAX_IP4_CONFIG_IN_VARIABLE)
#define DEFAULT_ZERO_START ((UINTN) ~0) #define DEFAULT_ZERO_START ((UINTN) ~0)
@ -127,6 +129,25 @@ GLOBAL_REMOVE_IF_UNREFERENCED VLAN_DEVICE_PATH mNetVlanDevicePathTemplate = {
0 0
}; };
//
// These represent UEFI SPEC defined algorithms that should be supported by
// the RNG protocol and are generally considered secure.
//
// The order of the algorithms in this array is important. This order is the order
// in which the algorithms will be tried by the RNG protocol.
// If your platform needs to use a specific algorithm for the random number generator,
// then you should place that algorithm first in the array.
//
GLOBAL_REMOVE_IF_UNREFERENCED EFI_GUID *mSecureHashAlgorithms[] = {
&gEfiRngAlgorithmSp80090Ctr256Guid, // SP800-90A DRBG CTR using AES-256
&gEfiRngAlgorithmSp80090Hmac256Guid, // SP800-90A DRBG HMAC using SHA-256
&gEfiRngAlgorithmSp80090Hash256Guid, // SP800-90A DRBG Hash using SHA-256
&gEfiRngAlgorithmArmRndr, // unspecified SP800-90A DRBG via ARM RNDR register
&gEfiRngAlgorithmRaw, // Raw data from NRBG (or TRNG)
};
#define SECURE_HASH_ALGORITHMS_SIZE (sizeof (mSecureHashAlgorithms) / sizeof (EFI_GUID *))
/** /**
Locate the handles that support SNP, then open one of them Locate the handles that support SNP, then open one of them
to send the syslog packets. The caller isn't required to close to send the syslog packets. The caller isn't required to close
@ -884,34 +905,107 @@ Ip6Swap128 (
} }
/** /**
Initialize a random seed using current time and monotonic count. Generate a Random output data given a length.
Get current time and monotonic count first. Then initialize a random seed @param[out] Output - The buffer to store the generated random data.
based on some basic mathematics operation on the hour, day, minute, second, @param[in] OutputLength - The length of the output buffer.
nanosecond and year of the current time and the monotonic count value.
@return The random seed initialized with current time. @retval EFI_SUCCESS On Success
@retval EFI_INVALID_PARAMETER Pointer is null or size is zero
@retval EFI_NOT_FOUND RNG protocol not found
@retval Others Error from RngProtocol->GetRNG()
@return Status code
**/ **/
UINT32 EFI_STATUS
EFIAPI EFIAPI
NetRandomInitSeed ( PseudoRandom (
VOID OUT VOID *Output,
IN UINTN OutputLength
) )
{ {
EFI_TIME Time; EFI_RNG_PROTOCOL *RngProtocol;
UINT32 Seed; EFI_STATUS Status;
UINT64 MonotonicCount; UINTN AlgorithmIndex;
gRT->GetTime (&Time, NULL); if ((Output == NULL) || (OutputLength == 0)) {
Seed = (Time.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | Time.Second); return EFI_INVALID_PARAMETER;
Seed ^= Time.Nanosecond; }
Seed ^= Time.Year << 7;
gBS->GetNextMonotonicCount (&MonotonicCount); Status = gBS->LocateProtocol (&gEfiRngProtocolGuid, NULL, (VOID **)&RngProtocol);
Seed += (UINT32)MonotonicCount; if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Failed to locate EFI_RNG_PROTOCOL: %r\n", Status));
ASSERT_EFI_ERROR (Status);
return Status;
}
return Seed; if (PcdGetBool (PcdEnforceSecureRngAlgorithms)) {
for (AlgorithmIndex = 0; AlgorithmIndex < SECURE_HASH_ALGORITHMS_SIZE; AlgorithmIndex++) {
Status = RngProtocol->GetRNG (RngProtocol, mSecureHashAlgorithms[AlgorithmIndex], OutputLength, (UINT8 *)Output);
if (!EFI_ERROR (Status)) {
//
// Secure Algorithm was supported on this platform
//
return EFI_SUCCESS;
} else if (Status == EFI_UNSUPPORTED) {
//
// Secure Algorithm was not supported on this platform
//
DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
//
// Try the next secure algorithm
//
continue;
} else {
//
// Some other error occurred
//
DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
ASSERT_EFI_ERROR (Status);
return Status;
}
}
//
// If we get here, we failed to generate random data using any secure algorithm
// Platform owner should ensure that at least one secure algorithm is supported
//
ASSERT_EFI_ERROR (Status);
return Status;
}
//
// Lets try using the default algorithm (which may not be secure)
//
Status = RngProtocol->GetRNG (RngProtocol, NULL, OutputLength, (UINT8 *)Output);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a failed to generate random data: %r\n", __func__, Status));
ASSERT_EFI_ERROR (Status);
return Status;
}
return EFI_SUCCESS;
}
/**
Generate a 32-bit pseudo-random number.
@param[out] Output - The buffer to store the generated random number.
@retval EFI_SUCCESS On Success
@retval EFI_NOT_FOUND RNG protocol not found
@retval Others Error from RngProtocol->GetRNG()
@return Status code
**/
EFI_STATUS
EFIAPI
PseudoRandomU32 (
OUT UINT32 *Output
)
{
return PseudoRandom (Output, sizeof (*Output));
} }
/** /**

View File

@ -3,6 +3,7 @@
# #
# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> # (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
# Copyright (c) Microsoft Corporation
# SPDX-License-Identifier: BSD-2-Clause-Patent # SPDX-License-Identifier: BSD-2-Clause-Patent
# #
## ##
@ -49,7 +50,11 @@
gEfiSmbiosTableGuid ## SOMETIMES_CONSUMES ## SystemTable gEfiSmbiosTableGuid ## SOMETIMES_CONSUMES ## SystemTable
gEfiSmbios3TableGuid ## SOMETIMES_CONSUMES ## SystemTable gEfiSmbios3TableGuid ## SOMETIMES_CONSUMES ## SystemTable
gEfiAdapterInfoMediaStateGuid ## SOMETIMES_CONSUMES gEfiAdapterInfoMediaStateGuid ## SOMETIMES_CONSUMES
gEfiRngAlgorithmRaw ## CONSUMES
gEfiRngAlgorithmSp80090Ctr256Guid ## CONSUMES
gEfiRngAlgorithmSp80090Hmac256Guid ## CONSUMES
gEfiRngAlgorithmSp80090Hash256Guid ## CONSUMES
gEfiRngAlgorithmArmRndr ## CONSUMES
[Protocols] [Protocols]
gEfiSimpleNetworkProtocolGuid ## SOMETIMES_CONSUMES gEfiSimpleNetworkProtocolGuid ## SOMETIMES_CONSUMES
@ -59,3 +64,10 @@
gEfiComponentNameProtocolGuid ## SOMETIMES_CONSUMES gEfiComponentNameProtocolGuid ## SOMETIMES_CONSUMES
gEfiComponentName2ProtocolGuid ## SOMETIMES_CONSUMES gEfiComponentName2ProtocolGuid ## SOMETIMES_CONSUMES
gEfiAdapterInformationProtocolGuid ## SOMETIMES_CONSUMES gEfiAdapterInformationProtocolGuid ## SOMETIMES_CONSUMES
gEfiRngProtocolGuid ## CONSUMES
[FixedPcd]
gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms ## CONSUMES
[Depex]
gEfiRngProtocolGuid

View File

@ -5,6 +5,7 @@
# #
# Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP<BR> # (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP<BR>
# Copyright (c) Microsoft Corporation
# #
# SPDX-License-Identifier: BSD-2-Clause-Patent # SPDX-License-Identifier: BSD-2-Clause-Patent
# #
@ -130,6 +131,12 @@
# @Prompt Indicates whether SnpDxe creates event for ExitBootServices() call. # @Prompt Indicates whether SnpDxe creates event for ExitBootServices() call.
gEfiNetworkPkgTokenSpaceGuid.PcdSnpCreateExitBootServicesEvent|TRUE|BOOLEAN|0x1000000C gEfiNetworkPkgTokenSpaceGuid.PcdSnpCreateExitBootServicesEvent|TRUE|BOOLEAN|0x1000000C
## Enforces the use of Secure UEFI spec defined RNG algorithms for all network connections.
# TRUE - Enforce the use of Secure UEFI spec defined RNG algorithms.
# FALSE - Do not enforce and depend on the default implementation of RNG algorithm from the provider.
# @Prompt Enforce the use of Secure UEFI spec defined RNG algorithms.
gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|0x1000000D
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 6355). ## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 6355).
# 01 = DUID Based on Link-layer Address Plus Time [DUID-LLT] # 01 = DUID Based on Link-layer Address Plus Time [DUID-LLT]

View File

@ -122,3 +122,42 @@ CVE_2023_45235:
- http://www.openwall.com/lists/oss-security/2024/01/16/2 - http://www.openwall.com/lists/oss-security/2024/01/16/2
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
CVE_2023_45237:
commit_titles:
- "NetworkPkg:: SECURITY PATCH CVE 2023-45237"
cve: CVE-2023-45237
date_reported: 2023-08-28 13:56 UTC
description: "Bug 09 - Use of a Weak PseudoRandom Number Generator"
note:
files_impacted:
- NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
- NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
- NetworkPkg/DnsDxe/DnsDhcp.c
- NetworkPkg/DnsDxe/DnsImpl.c
- NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
- NetworkPkg/IScsiDxe/IScsiCHAP.c
- NetworkPkg/IScsiDxe/IScsiMisc.c
- NetworkPkg/IScsiDxe/IScsiMisc.h
- NetworkPkg/Include/Library/NetLib.h
- NetworkPkg/Ip4Dxe/Ip4Driver.c
- NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
- NetworkPkg/Ip6Dxe/Ip6Driver.c
- NetworkPkg/Ip6Dxe/Ip6If.c
- NetworkPkg/Ip6Dxe/Ip6Mld.c
- NetworkPkg/Ip6Dxe/Ip6Nd.c
- NetworkPkg/Ip6Dxe/Ip6Nd.h
- NetworkPkg/Library/DxeNetLib/DxeNetLib.c
- NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
- NetworkPkg/NetworkPkg.dec
- NetworkPkg/TcpDxe/TcpDriver.c
- NetworkPkg/Udp4Dxe/Udp4Driver.c
- NetworkPkg/Udp6Dxe/Udp6Driver.c
- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
- NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
links:
- https://bugzilla.tianocore.org/show_bug.cgi?id=4542
- https://nvd.nist.gov/vuln/detail/CVE-2023-45237
- http://www.openwall.com/lists/oss-security/2024/01/16/2
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html

View File

@ -2,7 +2,7 @@
The driver binding and service binding protocol for the TCP driver. The driver binding and service binding protocol for the TCP driver.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -163,7 +163,13 @@ TcpDriverEntryPoint (
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
UINT32 Seed; UINT32 Random;
Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Status));
return Status;
}
// //
// Install the TCP Driver Binding Protocol // Install the TCP Driver Binding Protocol
@ -203,9 +209,8 @@ TcpDriverEntryPoint (
// //
// Initialize ISS and random port. // Initialize ISS and random port.
// //
Seed = NetRandomInitSeed (); mTcpGlobalIss = Random % mTcpGlobalIss;
mTcpGlobalIss = NET_RANDOM (Seed) % mTcpGlobalIss; mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN));
mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (NET_RANDOM (Seed) % TCP_PORT_KNOWN));
mTcp6RandomPort = mTcp4RandomPort; mTcp6RandomPort = mTcp4RandomPort;
return EFI_SUCCESS; return EFI_SUCCESS;

View File

@ -82,5 +82,8 @@
gEfiTcp6ProtocolGuid ## BY_START gEfiTcp6ProtocolGuid ## BY_START
gEfiTcp6ServiceBindingProtocolGuid ## BY_START gEfiTcp6ServiceBindingProtocolGuid ## BY_START
[Depex]
gEfiHash2ServiceBindingProtocolGuid
[UserExtensions.TianoCore."ExtraFiles"] [UserExtensions.TianoCore."ExtraFiles"]
TcpDxeExtra.uni TcpDxeExtra.uni

View File

@ -1,6 +1,7 @@
/** @file /** @file
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -555,6 +556,13 @@ Udp4DriverEntryPoint (
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
UINT32 Random;
Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
return Status;
}
// //
// Install the Udp4DriverBinding and Udp4ComponentName protocols. // Install the Udp4DriverBinding and Udp4ComponentName protocols.
@ -571,7 +579,7 @@ Udp4DriverEntryPoint (
// //
// Initialize the UDP random port. // Initialize the UDP random port.
// //
mUdp4RandomPort = (UINT16)(((UINT16)NetRandomInitSeed ()) % UDP4_PORT_KNOWN + UDP4_PORT_KNOWN); mUdp4RandomPort = (UINT16)(((UINT16)Random) % UDP4_PORT_KNOWN + UDP4_PORT_KNOWN);
} }
return Status; return Status;

View File

@ -2,7 +2,7 @@
Driver Binding functions and Service Binding functions for the Network driver module. Driver Binding functions and Service Binding functions for the Network driver module.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -596,6 +596,13 @@ Udp6DriverEntryPoint (
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
UINT32 Random;
Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
return Status;
}
// //
// Install the Udp6DriverBinding and Udp6ComponentName protocols. // Install the Udp6DriverBinding and Udp6ComponentName protocols.
@ -614,7 +621,7 @@ Udp6DriverEntryPoint (
// Initialize the UDP random port. // Initialize the UDP random port.
// //
mUdp6RandomPort = (UINT16)( mUdp6RandomPort = (UINT16)(
((UINT16)NetRandomInitSeed ()) % ((UINT16)Random) %
UDP6_PORT_KNOWN + UDP6_PORT_KNOWN +
UDP6_PORT_KNOWN UDP6_PORT_KNOWN
); );

View File

@ -2,7 +2,7 @@
Functions implementation related with DHCPv4 for UefiPxeBc Driver. Functions implementation related with DHCPv4 for UefiPxeBc Driver.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -1381,6 +1381,12 @@ PxeBcDhcp4Discover (
UINT8 VendorOptLen; UINT8 VendorOptLen;
UINT32 Xid; UINT32 Xid;
Status = PseudoRandomU32 (&Xid);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
return Status;
}
Mode = Private->PxeBc.Mode; Mode = Private->PxeBc.Mode;
Dhcp4 = Private->Dhcp4; Dhcp4 = Private->Dhcp4;
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
@ -1471,7 +1477,6 @@ PxeBcDhcp4Discover (
// //
// Set fields of the token for the request packet. // Set fields of the token for the request packet.
// //
Xid = NET_RANDOM (NetRandomInitSeed ());
Token.Packet->Dhcp4.Header.Xid = HTONL (Xid); Token.Packet->Dhcp4.Header.Xid = HTONL (Xid);
Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)((IsBCast) ? 0x8000 : 0x0)); Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)((IsBCast) ? 0x8000 : 0x0));
CopyMem (&Token.Packet->Dhcp4.Header.ClientAddr, &Private->StationIp, sizeof (EFI_IPv4_ADDRESS)); CopyMem (&Token.Packet->Dhcp4.Header.ClientAddr, &Private->StationIp, sizeof (EFI_IPv4_ADDRESS));

View File

@ -2180,7 +2180,7 @@ PxeBcDhcp6Discover (
UINTN ReadSize; UINTN ReadSize;
UINT16 OpCode; UINT16 OpCode;
UINT16 OpLen; UINT16 OpLen;
UINT32 Xid; UINT32 Random;
EFI_STATUS Status; EFI_STATUS Status;
UINTN DiscoverLenNeeded; UINTN DiscoverLenNeeded;
@ -2198,6 +2198,12 @@ PxeBcDhcp6Discover (
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
return Status;
}
DiscoverLenNeeded = sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET); DiscoverLenNeeded = sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET);
Discover = AllocateZeroPool (DiscoverLenNeeded); Discover = AllocateZeroPool (DiscoverLenNeeded);
if (Discover == NULL) { if (Discover == NULL) {
@ -2207,8 +2213,7 @@ PxeBcDhcp6Discover (
// //
// Build the discover packet by the cached request packet before. // Build the discover packet by the cached request packet before.
// //
Xid = NET_RANDOM (NetRandomInitSeed ()); Discover->TransactionId = HTONL (Random);
Discover->TransactionId = HTONL (Xid);
Discover->MessageType = Request->Dhcp6.Header.MessageType; Discover->MessageType = Request->Dhcp6.Header.MessageType;
RequestOpt = Request->Dhcp6.Option; RequestOpt = Request->Dhcp6.Option;
DiscoverOpt = Discover->DhcpOptions; DiscoverOpt = Discover->DhcpOptions;

View File

@ -3,6 +3,7 @@
(C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR> (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR> Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
@ -892,6 +893,13 @@ PxeBcCreateIp6Children (
PXEBC_PRIVATE_PROTOCOL *Id; PXEBC_PRIVATE_PROTOCOL *Id;
EFI_SIMPLE_NETWORK_PROTOCOL *Snp; EFI_SIMPLE_NETWORK_PROTOCOL *Snp;
UINTN Index; UINTN Index;
UINT32 Random;
Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Failed to generate random number using EFI_RNG_PROTOCOL: %r\n", Status));
return Status;
}
if (Private->Ip6Nic != NULL) { if (Private->Ip6Nic != NULL) {
// //
@ -935,9 +943,9 @@ PxeBcCreateIp6Children (
} }
// //
// Generate a random IAID for the Dhcp6 assigned address. // Set a random IAID for the Dhcp6 assigned address.
// //
Private->IaId = NET_RANDOM (NetRandomInitSeed ()); Private->IaId = Random;
if (Private->Snp != NULL) { if (Private->Snp != NULL) {
for (Index = 0; Index < Private->Snp->Mode->HwAddressSize; Index++) { for (Index = 0; Index < Private->Snp->Mode->HwAddressSize; Index++) {
Private->IaId |= (Private->Snp->Mode->CurrentAddress.Addr[Index] << ((Index << 3) & 31)); Private->IaId |= (Private->Snp->Mode->CurrentAddress.Addr[Index] << ((Index << 3) & 31));