[CHERRY-PICK] [RELEASE/202311] Pulling PixieFail changes from EDK2 for …

…CVE-2023-45237 and CVE-2023-45236 (microsoft#897) ## Description This pulls in the changes from EDK2 that were made during the upstreaming of CVE-2023-45237 and CVE-2023-45236 The notable changes are: - Updates to the Unit Tests to get them to pass due to the underlying code being altered to use Hash2 Protocol and RngProtocol - Addition of the following algorithms to be more inclusive to ARM platforms - &gEfiRngAlgorithmArmRndr, // unspecified SP800-90A DRBG via ARM RNDR register - &gEfiRngAlgorithmRaw, // Raw data from NRBG (or TRNG) - [X] Impacts functionality? - gEfiRngAlgorithmArmRndr and gEfiRngAlgorithmRaw allow the platform to be more inclusive of ARM and if they provide these guids they no longer need to depend on DEFAULT - [X] Impacts security? - As mentioned before - allows for the ARM platforms to be more specific than before - [ ] Breaking change? - [X] Includes tests? - Updates the Unit tests to pass due to the new dependencies - [ ] Includes documentation? - File containing what CVEs were patched ## How This Was Tested Local unit test ## Integration Instructions If the platform was setting PcdEnforceSecureRngAlgorithms before they may not be required to do so now that the new algorithms are included --------- Signed-off-by: Doug Flick [MSFT] <[email protected]>
antklein · Jun 8, 2024 · 1475a86 · 1475a86
1 parent 3a55a40
commit 1475a86
Show file tree

Hide file tree

Showing 36 changed files with 223 additions and 90 deletions.
diff --git a/MdePkg/Test/MdePkgHostTest.dsc b/MdePkg/Test/MdePkgHostTest.dsc
@@ -46,6 +46,7 @@
   MdePkg/Library/BaseLib/UnitTestHostBaseLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockUefiLib/MockUefiLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
+  MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockPeiServicesLib/MockPeiServicesLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockHobLib/MockHobLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf

diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
@@ -84,4 +84,4 @@ struct MockUefiBootServicesTableLib {
     );
 };
 
-#endif
+#endif // MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
@@ -5,8 +5,8 @@
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 
-#ifndef MOCK_HASH2_H
-#define MOCK_HASH2_H
+#ifndef MOCK_HASH2_H_
+#define MOCK_HASH2_H_
 
 #include <Library/GoogleTestLib.h>
 #include <Library/FunctionMockLib.h>
@@ -64,4 +64,4 @@ extern "C" {
   extern EFI_HASH2_PROTOCOL  *gHash2Protocol;
 }
 
-#endif // MOCK_HASH2_H
+#endif // MOCK_HASH2_H_
diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
@@ -5,8 +5,8 @@
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 
-#ifndef MOCK_RNG_H
-#define MOCK_RNG_H
+#ifndef MOCK_RNG_H_
+#define MOCK_RNG_H_
 
 #include <Library/GoogleTestLib.h>
 #include <Library/FunctionMockLib.h>
@@ -45,4 +45,4 @@ extern "C" {
   extern EFI_RNG_PROTOCOL  *gRngProtocol;
 }
 
-#endif // MOCK_RNG_H
+#endif // MOCK_RNG_H_
diff --git a/...est/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf b/...est/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
@@ -1,8 +1,9 @@
 ## @file
-# Google Test mocks for UefiBootServicesTableLib
+#  Mock implementation of the UEFI Boot Services Table Library.
+#
+#  Copyright (c) Microsoft Corporation.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
-# Copyright (c) Microsoft Corporation.
-# SPDX-License-Identifier: BSD-2-Clause-Patent
 ##
 
 [Defines]
@@ -11,23 +12,21 @@
   FILE_GUID                      = 0BAFDBA6-411A-4094-931B-C29B98483043
   MODULE_TYPE                    = HOST_APPLICATION
   VERSION_STRING                 = 1.0
-  LIBRARY_CLASS                  = UefiBootServicesTableLib
+  LIBRARY_CLASS                  = UefiBootServicesTableLib|HOST_APPLICATION
 
 #
-# The following information is for reference only and not required by the build tools.
-#
-#  VALID_ARCHITECTURES           = IA32 X64
+#  VALID_ARCHITECTURES           = IA32 X64 EBC
 #
 
 [Sources]
   MockUefiBootServicesTableLib.cpp
 
+[LibraryClasses]
+  GoogleTestLib
+
 [Packages]
   MdePkg/MdePkg.dec
   UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
 
-[LibraryClasses]
-  GoogleTestLib
-
 [BuildOptions]
   MSFT:*_*_*_CC_FLAGS = /EHsc
diff --git a/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c b/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
@@ -1,6 +1,7 @@
 /** @file
 
 Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/

diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
@@ -3,7 +3,7 @@
   implementation for Dhcp6 Driver.
 
   Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
+  Copyright (c) Microsoft Corporation
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/

diff --git a/NetworkPkg/DnsDxe/DnsDhcp.c b/NetworkPkg/DnsDxe/DnsDhcp.c
@@ -2,6 +2,7 @@
 Functions implementation related with DHCPv4/v6 for DNS driver.
 
 Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/

diff --git a/NetworkPkg/DnsDxe/DnsImpl.c b/NetworkPkg/DnsDxe/DnsImpl.c
@@ -2,6 +2,7 @@
 DnsDxe support functions implementation.
 
 Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/

diff --git a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
@@ -2,6 +2,7 @@
   Functions implementation related with DHCPv6 for HTTP boot driver.
 
 Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/

diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c
@@ -3,6 +3,7 @@
   Configuration.
 
 Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/

diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c
@@ -2,6 +2,7 @@
   Miscellaneous routines for iSCSI driver.
 
 Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/

diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h
@@ -2,6 +2,7 @@
   Miscellaneous definitions for iSCSI driver.
 
 Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/

diff --git a/NetworkPkg/Include/Library/NetLib.h b/NetworkPkg/Include/Library/NetLib.h
@@ -3,6 +3,7 @@
   It provides basic functions for the UEFI network stack.
 
 Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -577,31 +578,37 @@ NetPutUint32 (
   IN     UINT32  Data
   );
 
-/*
-Generate a Random output data given a length.
+/**
+  Generate a Random output data given a length.
+
+  @param[out] Output - The buffer to store the generated random data.
+  @param[in] OutputLength - The length of the output buffer.
 
-@param[out] Output - The buffer to store the generated random data.
-@param[in] OutputLength - The length of the output buffer.
+  @retval EFI_SUCCESS           On Success
+  @retval EFI_INVALID_PARAMETER Pointer is null or size is zero
+  @retval EFI_NOT_FOUND         RNG protocol not found
+  @retval Others                Error from RngProtocol->GetRNG()
 
-@retval EFI_SUCCESS           On Success
-@retval EFI_INVALID_PARAMETER Pointer is null or size is zero
-@retval EFI_NOT_FOUND         RNG protocol not found
-@Retval Others                Error from RngProtocol->GetRNG()
-*/
+  @return Status code
+**/
 EFI_STATUS
 EFIAPI
 PseudoRandom (
   OUT  VOID   *Output,
   IN   UINTN  OutputLength
   );
 
-/*
-Generate a 32-bit pseudo-random number.
+/**
+  Generate a 32-bit pseudo-random number.
+
+  @param[out] Output - The buffer to store the generated random number.
 
-@param[out] Output - The buffer to store the generated random number.
+  @retval EFI_SUCCESS           On Success
+  @retval EFI_NOT_FOUND         RNG protocol not found
+  @retval Others                Error from RngProtocol->GetRNG()
 
-@return EFI_SUCCESS on success, error code on failure.
-*/
+  @return Status code
+**/
 EFI_STATUS
 EFIAPI
 PseudoRandomU32 (

diff --git a/NetworkPkg/Ip4Dxe/Ip4Driver.c b/NetworkPkg/Ip4Dxe/Ip4Driver.c
@@ -2,6 +2,7 @@
   The driver binding and service binding protocol for IP4 driver.
 
 Copyright (c) 2005 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
 (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
 
 SPDX-License-Identifier: BSD-2-Clause-Patent

diff --git a/NetworkPkg/Ip6Dxe/Ip6Driver.c b/NetworkPkg/Ip6Dxe/Ip6Driver.c
@@ -3,7 +3,7 @@
 
   Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
   (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
-
+  Copyright (c) Microsoft Corporation
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/

diff --git a/NetworkPkg/Ip6Dxe/Ip6If.c b/NetworkPkg/Ip6Dxe/Ip6If.c
@@ -2,7 +2,7 @@
   Implement IP6 pseudo interface.
 
   Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
+  Copyright (c) Microsoft Corporation
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/

diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.c b/NetworkPkg/Ip6Dxe/Ip6Nd.c
@@ -2,7 +2,7 @@
   Implementation of Neighbor Discovery support routines.
 
   Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
+  Copyright (c) Microsoft Corporation
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/

diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.h b/NetworkPkg/Ip6Dxe/Ip6Nd.h
@@ -2,7 +2,7 @@
   Definition of Neighbor Discovery support routines.
 
   Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
-
+  Copyright (c) Microsoft Corporation
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/

diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
@@ -3,6 +3,7 @@
 
 Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
 (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+Copyright (c) Microsoft Corporation
 SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 
@@ -129,22 +130,23 @@ GLOBAL_REMOVE_IF_UNREFERENCED VLAN_DEVICE_PATH  mNetVlanDevicePathTemplate = {
 };
 
 //
-// These represent UEFI SPEC & NIST SP-800-90 approved algorithms that should be supported by the RNG protocol
-// and are generally considered secure. This list enforces a minimum set of secure algorithms that must
-// be supported by the RNG protocol.
+// These represent UEFI SPEC defined algorithms that should be supported by
+// the RNG protocol and are generally considered secure.
 //
-// The order of the algorithms in this array is important. The first algorithm that is supported by the RNG
-// protocol will be used to generate the seed for the random number generator.
-// If your platform needs to use a specific algorithm to generate the seed for the random number generator,
+// The order of the algorithms in this array is important. This order is the order
+// in which the algorithms will be tried by the RNG protocol.
+// If your platform needs to use a specific algorithm for the random number generator,
 // then you should place that algorithm first in the array.
 //
 GLOBAL_REMOVE_IF_UNREFERENCED EFI_GUID  *mSecureHashAlgorithms[] = {
   &gEfiRngAlgorithmSp80090Ctr256Guid,  // SP800-90A DRBG CTR using AES-256
   &gEfiRngAlgorithmSp80090Hmac256Guid, // SP800-90A DRBG HMAC using SHA-256
-  &gEfiRngAlgorithmSp80090Hash256Guid  // SP800-90A DRBG Hash using SHA-256
+  &gEfiRngAlgorithmSp80090Hash256Guid, // SP800-90A DRBG Hash using SHA-256
+  &gEfiRngAlgorithmArmRndr,            // unspecified SP800-90A DRBG via ARM RNDR register
+  &gEfiRngAlgorithmRaw,                // Raw data from NRBG (or TRNG)
 };
 
-#define mSecureHashAlgorithmsSize  (sizeof (mSecureHashAlgorithms) / sizeof (EFI_GUID *))
+#define SECURE_HASH_ALGORITHMS_SIZE  (sizeof (mSecureHashAlgorithms) / sizeof (EFI_GUID *))
 
 /**
   Locate the handles that support SNP, then open one of them
@@ -902,17 +904,19 @@ Ip6Swap128 (
   return Ip6;
 }
 
-/*
-Generate a Random output data given a length.
+/**
+  Generate a Random output data given a length.
+
+  @param[out] Output - The buffer to store the generated random data.
+  @param[in] OutputLength - The length of the output buffer.
 
-@param[out] Output - The buffer to store the generated random data.
-@param[in] OutputLength - The length of the output buffer.
+  @retval EFI_SUCCESS           On Success
+  @retval EFI_INVALID_PARAMETER Pointer is null or size is zero
+  @retval EFI_NOT_FOUND         RNG protocol not found
+  @retval Others                Error from RngProtocol->GetRNG()
 
-@retval EFI_SUCCESS           On Success
-@retval EFI_INVALID_PARAMETER Pointer is null or size is zero
-@retval EFI_NOT_FOUND         RNG protocol not found
-@Retval Others                Error from RngProtocol->GetRNG()
-*/
+  @return Status code
+**/
 EFI_STATUS
 EFIAPI
 PseudoRandom (
@@ -922,6 +926,7 @@ PseudoRandom (
 {
   EFI_RNG_PROTOCOL  *RngProtocol;
   EFI_STATUS        Status;
+  UINTN             AlgorithmIndex;
 
   if ((Output == NULL) || (OutputLength == 0)) {
     return EFI_INVALID_PARAMETER;
@@ -935,8 +940,8 @@ PseudoRandom (
   }
 
   if (PcdGetBool (PcdEnforceSecureRngAlgorithms)) {
-    for (UINTN i = 0; i < mSecureHashAlgorithmsSize; i++) {
-      Status = RngProtocol->GetRNG (RngProtocol, mSecureHashAlgorithms[i], OutputLength, (UINT8 *)Output);
+    for (AlgorithmIndex = 0; AlgorithmIndex < SECURE_HASH_ALGORITHMS_SIZE; AlgorithmIndex++) {
+      Status = RngProtocol->GetRNG (RngProtocol, mSecureHashAlgorithms[AlgorithmIndex], OutputLength, (UINT8 *)Output);
       if (!EFI_ERROR (Status)) {
         //
         // Secure Algorithm was supported on this platform
@@ -946,7 +951,7 @@ PseudoRandom (
         //
         // Secure Algorithm was not supported on this platform
         //
-        DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", i, Status));
+        DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
 
         //
         // Try the next secure algorithm
@@ -956,7 +961,7 @@ PseudoRandom (
         //
         // Some other error occurred
         //
-        DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", i, Status));
+        DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
         ASSERT_EFI_ERROR (Status);
         return Status;
       }
@@ -983,16 +988,17 @@ PseudoRandom (
   return EFI_SUCCESS;
 }
 
-/*
-Generate a 32-bit pseudo-random number.
+/**
+  Generate a 32-bit pseudo-random number.
+
+  @param[out] Output - The buffer to store the generated random number.
 
-@param[out] Output - The buffer to store the generated random number.
+  @retval EFI_SUCCESS           On Success
+  @retval EFI_NOT_FOUND         RNG protocol not found
+  @retval Others                Error from RngProtocol->GetRNG()
 
-@retval EFI_SUCCESS           On Success
-@retval EFI_INVALID_PARAMETER Pointer is null or size is zero
-@retval EFI_NOT_FOUND         RNG protocol not found
-@Retval Others                Error from RngProtocol->GetRNG()
-*/
+  @return Status code
+**/
 EFI_STATUS
 EFIAPI
 PseudoRandomU32 (