REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542
Bug Overview:
PixieFail Bug #9
CVE-2023-45237
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Use of a Weak PseudoRandom Number Generator
Change Overview:
Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either
>
> EFI_STATUS
> EFIAPI
> PseudoRandomU32 (
> OUT UINT32 *Output
> );
>
or (depending on the use case)
>
> EFI_STATUS
> EFIAPI
> PseudoRandom (
> OUT VOID *Output,
> IN UINTN OutputLength
> );
>
This is because the use of
Example:
The following code snippet PseudoRandomU32 () function is used:
>
> UINT32 Random;
>
> Status = PseudoRandomU32 (&Random);
> if (EFI_ERROR (Status)) {
> DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n",
__func__, Status));
> return Status;
> }
>
This also introduces a new PCD to enable/disable the use of the
secure implementation of algorithms for PseudoRandom () and
instead depend on the default implementation. This may be required for
some platforms where the UEFI Spec defined algorithms are not available.
>
> PcdEnforceSecureRngAlgorithms
>
If the platform does not have any one of the UEFI defined
secure RNG algorithms then the driver will assert.
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737
Apply uncrustify changes to .c/.h files in the NetworkPkg package
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Fix various typos in comments and documentation.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Maciej Rabeda <maciej.rabeda@intel.com>
Signed-off-by: Antoine Coeur <coeur@gmx.fr>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Maciej Rabeda <maciej.rabeda@intel.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
Message-Id: <20200207010831.9046-40-philmd@redhat.com>
Both the "ControllerHandle" parameter of CloseProtocol() and the "Handle"
parameter of UninstallMultipleProtocolInterfaces() have type EFI_HANDLE,
not (EFI_HANDLE*).
This patch fixes actual bugs. The issues have been dormant likely because
they are on error paths. (Or, in case of TlsAuthConfigDxe, because the
driver is unloaded likely very infrequently.)
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Doug Flick
Michael Kubacki
Antoine Coeur
Laszlo Ersek
Liming Gao