Commit Graph

25 Commits

Author SHA1 Message Date
Doug Flick 4c4ceb2ceb NetworkPkg: SECURITY PATCH CVE-2023-45237
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542

Bug Overview:
PixieFail Bug #9
CVE-2023-45237
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Use of a Weak PseudoRandom Number Generator

Change Overview:

Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either

>
> EFI_STATUS
> EFIAPI
> PseudoRandomU32 (
>  OUT UINT32  *Output
>  );
>

or (depending on the use case)

>
> EFI_STATUS
> EFIAPI
> PseudoRandom (
>  OUT  VOID   *Output,
>  IN   UINTN  OutputLength
>  );
>

This is because the use of

Example:

The following code snippet PseudoRandomU32 () function is used:

>
> UINT32         Random;
>
> Status = PseudoRandomU32 (&Random);
> if (EFI_ERROR (Status)) {
>   DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n",
__func__, Status));
>   return Status;
> }
>

This also introduces a new PCD to enable/disable the use of the
secure implementation of algorithms for PseudoRandom () and
instead depend on the default implementation. This may be required for
some platforms where the UEFI Spec defined algorithms are not available.

>
> PcdEnforceSecureRngAlgorithms
>

If the platform does not have any one of the UEFI defined
secure RNG algorithms then the driver will assert.

Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-05-24 15:48:52 +00:00
Michael Kubacki d1050b9dff NetworkPkg: Apply uncrustify changes
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737

Apply uncrustify changes to .c/.h files in the NetworkPkg package

Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
2021-12-07 17:24:28 +00:00
Michael D Kinney c49ca4a29e NetworkPkg: Change use of EFI_D_* to DEBUG_*
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3739

Update all use of EFI_D_* defines in DEBUG() macros to DEBUG_* defines.

Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael Kubacki <michael.kubacki@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
2021-12-07 17:24:28 +00:00
Antoine Coeur 7de8045a09 NetworkPkg/Ip6Dxe: Fix various typos
Fix various typos in comments and documentation.

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Maciej Rabeda <maciej.rabeda@intel.com>
Signed-off-by: Antoine Coeur <coeur@gmx.fr>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Maciej Rabeda <maciej.rabeda@intel.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
Message-Id: <20200207010831.9046-41-philmd@redhat.com>
2020-02-10 22:30:07 +00:00
Laszlo Ersek bf7249df9c NetworkPkg: fix CloseProtocol & UninstallMultipleProtocolInterfaces calls
Both the "ControllerHandle" parameter of CloseProtocol() and the "Handle"
parameter of UninstallMultipleProtocolInterfaces() have type EFI_HANDLE,
not (EFI_HANDLE*).

This patch fixes actual bugs. The issues have been dormant likely because
they are on error paths. (Or, in case of TlsAuthConfigDxe, because the
driver is unloaded likely very infrequently.)

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-10-09 09:40:10 +02:00
Michael D Kinney ecf98fbcf8 NetworkPkg: Replace BSD License with BSD+Patent License
https://bugzilla.tianocore.org/show_bug.cgi?id=1373

Replace BSD 2-Clause License with BSD+Patent License.  This change is
based on the following emails:

  https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html
  https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html

RFCs with detailed process for the license change:

  V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html
  V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html
  V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
2019-04-09 10:58:15 -07:00
Jiaxin Wu a169a04fd2 NetworkPkg/Ip6Dxe: Clean the invalid IPv6 configuration during driver start.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1448

*v3: Change the if condition check to only clean the invalid configuration.

*v2: Add the warning debug message.

This patch is to clean the invalid data and continue to start IP6 driver.

Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
2019-02-19 08:31:15 +08:00
Jiaxin Wu 2d66393219 NetworkPkg/Ip6Dxe: Uninstall protocols when error happen in Driver Binding Start.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1447

This patch is to uninstall Ip6ServiceBindingProtocol and Ip6ConfigProtocol when
error happen in Driver Binding Start.

Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Signed-off-by: Michael Turner <Michael.Turner@microsoft.com>
Reviewed-By: Ye Ting <ting.ye@intel.com>
2019-02-12 08:25:37 +08:00
Liming Gao f75a7f568e NetworkPkg: Clean up source files
1. Do not use tab characters
2. No trailing white space in one line
3. All files must end with CRLF

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
2018-06-28 11:19:49 +08:00
Fu Siyuan b80a409739 NetworkPkg: Fix GCC build error.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2017-09-06 18:08:07 +08:00
Fu Siyuan 9a04dcffbb NetworkPkg/Ip6Dxe: fix a bug in IP6 driver for IpSec protocol notify.
The IP driver uses EfiCreateProtocolNotifyEvent() to register notify callback
function for IpSec protocol, but it didn't notice that the callback will always
be executed at least once, even the protocol wasn't in handle database.
As a result, the Ip6IpSecProcessPacket() will still always call LocateProtocol()
even the IpSec protocol is not installed, which will impact the network
performance.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
2017-09-06 14:57:45 +08:00
Giri P Mudusuru c2adf51f00 NetworkPkg: Fix typos in comments
- abstrated to abstracted
- apropriate to appropriate
- availabe to available
- ptototypes to prototypes
- prococol protocol

Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
2016-07-11 10:29:50 +08:00
Fu, Siyuan 5c944a654a NetworkPkg: Stop the timer before clean IP service.
In Ip6CleanService()it first cleaned some resources, then stop the timer .
While before the timer stopped it may try to access some already freed
data, which may generate an exception.
This patch updates the driver to stop the timer event before starting to
clean up the service data.

Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Subramanian Sriram <sriram-s@hpe.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Sriram Subramanian <sriram-s@hpe.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
2016-05-31 10:56:21 +08:00
Jiaxin Wu 7959b06748 NetworkPkg: Fix issue in Ip6Dxe SetData
EFI_NOT_READY should not be treated as an error status
returned from SetData for Ip6ConfigDataTypeManualAddress
since there is an asynchronous operation for DAD process.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
Reviewed-by: Sriram Subramanian <sriram-s@hpe.com>
Tested-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com>
2016-04-14 14:55:09 +08:00
Jiaxin Wu 4720106b99 NetworkPkg: Change the default IPv6 config policy
The default policy for Ip6Config is Ip6ConfigPolicyAutomatic,
which results in all NIC ports starting SARR process when it
receives RA message with M flag from IPv6 router. So, this
patch is used to changes the the default IPv6 config policy to
Ip6ConfigPolicyManualand also defer the SetData operation after
Ip6ConfigProtocol installed. This update let the other platform
drivers have chance to change the default config data by consume
Ip6ConfigProtocol.

Cc: Subramanian Sriram <sriram-s@hpe.com>
Cc: El-Haj-Mahmoud Samer <samer.el-haj-mahmoud@hpe.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Subramanian Sriram <sriram-s@hpe.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
2016-03-02 15:43:52 +08:00
Fu Siyuan 01097ae1c2 NetworkPkg: remove redundant words in function comment.
A function with void return type doesn't need @retval line in its function
comment. This patch removes one redundant line from Ip6 driver in r18365.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18384 6f19259b-4bc3-4df7-8a09-765794883524
2015-09-02 07:40:21 +00:00
Samer El-Haj-Mahmoud c79de074b6 MdeModulePkg/NetworkPkg: Locate IpSec on IP packet processing only if it's installed.
Modified the logic in Ip4Dxe and Ip6Dxe to not locate EFI_IPSEC2_PROTOCOL on each
message transmit/receive. Instead, register a callback in the drivers entry points
on the IpSec protocol installation, and process only if the protocol is installed.
This speeds up the network stacks when IpSec is not installed since there is a
penalty associated with searching the entire handle database on each packet processing.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <samer.el-haj-mahmoud@hp.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18365 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-31 07:44:12 +00:00
Fu Siyuan d551cc64cd 1. Mark the network volatile variables as deprecated in code comments and remove related code to set/get these variable.
2. Remove the GetTime() call when receiving Udp4/6 packets.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye, Ting <ting.ye@intel.com>
Reviewed-by: Wu, Jiaxin <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15497 6f19259b-4bc3-4df7-8a09-765794883524
2014-05-07 06:17:31 +00:00
Ye Ting 8fedfc04d9 Fixed the issue that IPv6 network stack assert infrequently – assert once every 300~400 PXE boots.
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ouyang Qian <qian.ouyang@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14422 6f19259b-4bc3-4df7-8a09-765794883524
2013-06-14 08:18:34 +00:00
sfu5 1f7eb561d9 Fix GCC build fail issue for MdeModulePkg and NetworkPkg.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Ouyang Qian <qian.ouyang@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14007 6f19259b-4bc3-4df7-8a09-765794883524
2012-12-17 06:48:35 +00:00
sfu5 216f79703b 1. Add EFI_COMPONENT_NAME2_PROTOCOL.GetControllerName() support.
2. Fix the driver binding Stop() hang issue in the network stack.
3. Add Ip4 raw data support.
4. Add iSCSI Dhcp option 60 support.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Ouyang Qian <qian.ouyang@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13995 6f19259b-4bc3-4df7-8a09-765794883524
2012-12-13 06:47:06 +00:00
tye1 f269f2afa1 Add manual configured gateway address back after system reset.
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Ouyang Qian <qian.ouyang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13860 6f19259b-4bc3-4df7-8a09-765794883524
2012-10-17 08:41:49 +00:00
sfu5 75dce34062 1. Fix a bug in PXE driver that the PXE boot do not restart if a new boot option on the different IP stack is selected.
2. Retrieve the IP information after iSCSI TCPv6 connection established and fill it into iBFT table.
3. Generate a random IAID for each NIC port to require different IPv6 address in PXE driver.
4. Update function EfiMtftp6Configure() and Mtftp6RrqHandleOack() to allocate at most one UdpIo.
5. Fix a typo from “destory” to “destroy” in network code.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Ouyang Qian <qian.ouyang@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13859 6f19259b-4bc3-4df7-8a09-765794883524
2012-10-17 08:23:41 +00:00
niruiyu 15ee13fca7 Fix the comments to follow UEFI Spec regarding how to check an EFI_HANDLE is valid/invalid.
Signed-off-by: niruiyu
Reviewed-by: lgao4

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11979 6f19259b-4bc3-4df7-8a09-765794883524
2011-07-05 09:21:22 +00:00
hhtian a3bcde70e6 Add NetworkPkg (P.UDK2010.UP3.Network.P1)
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10986 6f19259b-4bc3-4df7-8a09-765794883524
2010-11-01 06:13:54 +00:00