sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
4c4ceb2ceb80c42fd5545b2a4bd80321f07f4345
system76-edk2/NetworkPkg/TcpDxe/TcpDxe.inf
Doug Flick 4c4ceb2ceb NetworkPkg: SECURITY PATCH CVE-2023-45237 
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542

Bug Overview:
PixieFail Bug #9
CVE-2023-45237
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Use of a Weak PseudoRandom Number Generator

Change Overview:

Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either

>
> EFI_STATUS
> EFIAPI
> PseudoRandomU32 (
>  OUT UINT32  *Output
>  );
>

or (depending on the use case)

>
> EFI_STATUS
> EFIAPI
> PseudoRandom (
>  OUT  VOID   *Output,
>  IN   UINTN  OutputLength
>  );
>

This is because the use of

Example:

The following code snippet PseudoRandomU32 () function is used:

>
> UINT32         Random;
>
> Status = PseudoRandomU32 (&Random);
> if (EFI_ERROR (Status)) {
>   DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n",
__func__, Status));
>   return Status;
> }
>

This also introduces a new PCD to enable/disable the use of the
secure implementation of algorithms for PseudoRandom () and
instead depend on the default implementation. This may be required for
some platforms where the UEFI Spec defined algorithms are not available.

>
> PcdEnforceSecureRngAlgorithms
>

If the platform does not have any one of the UEFI defined
secure RNG algorithms then the driver will assert.

Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-05-24 15:48:52 +00:00

90 lines
2.3 KiB
INI
Raw Blame History

## @file
# TCPv4 I/O and TCPv6 I/O services.
#
# This module provides EFI TCPv4 Protocol and EFI TCPv6 Protocol to send and receive data stream.
# It might provide TCPv4 Protocol or TCPv6 Protocol or both of them that depends on which network
# stack has been loaded in system. This driver supports both IPv4 and IPv6 network stack.
#
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = TcpDxe
FILE_GUID = 1A7E4468-2F55-4a56-903C-01265EB7622B
MODULE_TYPE = UEFI_DRIVER
VERSION_STRING = 1.0
ENTRY_POINT = TcpDriverEntryPoint
UNLOAD_IMAGE = NetLibDefaultUnload
MODULE_UNI_FILE = TcpDxe.uni
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 EBC
#
[Sources]
TcpDriver.c
SockImpl.c
SockInterface.c
TcpDispatcher.c
TcpOutput.c
TcpMain.c
SockImpl.h
TcpMisc.c
TcpProto.h
TcpOption.c
TcpInput.c
TcpFunc.h
TcpOption.h
TcpTimer.c
TcpMain.h
Socket.h
ComponentName.c
TcpIo.c
TcpDriver.h
[Packages]
MdePkg/MdePkg.dec
NetworkPkg/NetworkPkg.dec
[LibraryClasses]
BaseLib
BaseMemoryLib
DevicePathLib
DebugLib
MemoryAllocationLib
UefiLib
UefiBootServicesTableLib
UefiDriverEntryPoint
UefiRuntimeServicesTableLib
DpcLib
NetLib
IpIoLib
[Protocols]
## SOMETIMES_CONSUMES
## SOMETIMES_PRODUCES
gEfiDevicePathProtocolGuid
gEfiIp4ProtocolGuid ## TO_START
gEfiIp4ServiceBindingProtocolGuid ## TO_START
gEfiTcp4ProtocolGuid ## BY_START
gEfiTcp4ServiceBindingProtocolGuid ## BY_START
gEfiIp6ProtocolGuid ## TO_START
gEfiIp6ServiceBindingProtocolGuid ## TO_START
gEfiTcp6ProtocolGuid ## BY_START
gEfiTcp6ServiceBindingProtocolGuid ## BY_START
[Depex]
gEfiHash2ServiceBindingProtocolGuid
[UserExtensions.TianoCore."ExtraFiles"]
TcpDxeExtra.uni
Reference in New Issue View Git Blame Copy Permalink