tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
audk/NetworkPkg/HttpBootDxe
History
Doug Flick 4c4ceb2ceb NetworkPkg: SECURITY PATCH CVE-2023-45237 
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542

Bug Overview:
PixieFail Bug #9
CVE-2023-45237
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Use of a Weak PseudoRandom Number Generator

Change Overview:

Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either

>
> EFI_STATUS
> EFIAPI
> PseudoRandomU32 (
>  OUT UINT32  *Output
>  );
>

or (depending on the use case)

>
> EFI_STATUS
> EFIAPI
> PseudoRandom (
>  OUT  VOID   *Output,
>  IN   UINTN  OutputLength
>  );
>

This is because the use of

Example:

The following code snippet PseudoRandomU32 () function is used:

>
> UINT32         Random;
>
> Status = PseudoRandomU32 (&Random);
> if (EFI_ERROR (Status)) {
>   DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n",
__func__, Status));
>   return Status;
> }
>

This also introduces a new PCD to enable/disable the use of the
secure implementation of algorithms for PseudoRandom () and
instead depend on the default implementation. This may be required for
some platforms where the UEFI Spec defined algorithms are not available.

>
> PcdEnforceSecureRngAlgorithms
>

If the platform does not have any one of the UEFI defined
secure RNG algorithms then the driver will assert.

Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
 		2024-05-24 15:48:52 +00:00
..
HttpBootClient.c NetworkPkg/HttpBootDxe: Add Support for HTTP Boot Basic Authentication 2022-07-19 17:43:07 +00:00
HttpBootClient.h NetworkPkg: Increase HTTP buffer size and enable TCP window scaling 2023-09-08 20:49:49 +00:00
HttpBootComponentName.c NetworkPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
HttpBootComponentName.h NetworkPkg: Replace BSD License with BSD+Patent License 2019-04-09 10:58:15 -07:00
HttpBootConfig.c NetworkPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
HttpBootConfig.h NetworkPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
HttpBootConfigNVDataStruc.h NetworkPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
HttpBootConfigStrings.uni NetworkPkg: Replace BSD License with BSD+Patent License 2019-04-09 10:58:15 -07:00
HttpBootConfigVfr.vfr NetworkPkg: Replace BSD License with BSD+Patent License 2019-04-09 10:58:15 -07:00
HttpBootDhcp4.c NetworkPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
HttpBootDhcp4.h NetworkPkg/HttpBootDxe: Add LOONGARCH64 architecture for EDK2 CI. 2022-10-14 02:16:33 +00:00
HttpBootDhcp6.c NetworkPkg: SECURITY PATCH CVE-2023-45237 2024-05-24 15:48:52 +00:00
HttpBootDhcp6.h NetworkPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
HttpBootDxe.c NetworkPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
HttpBootDxe.h NetworkPkg/HttpBootDxe: Add Support for HTTP Boot Basic Authentication 2022-07-19 17:43:07 +00:00
HttpBootDxe.inf NetworkPkg: Making the HTTP IO timeout value programmable with PCD 2021-07-28 16:19:19 +00:00
HttpBootDxe.uni NetworkPkg: Replace BSD License with BSD+Patent License 2019-04-09 10:58:15 -07:00
HttpBootDxeExtra.uni NetworkPkg: Replace BSD License with BSD+Patent License 2019-04-09 10:58:15 -07:00
HttpBootImpl.c NetworkPkg/HttpBootDxe: Add Support for HTTP Boot Basic Authentication 2022-07-19 17:43:07 +00:00
HttpBootImpl.h NetworkPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
HttpBootSupport.c NetworkPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
HttpBootSupport.h NetworkPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00