From nobody Thu May 16 22:15:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+49463+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+49463+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1572068252; cv=none; d=zoho.com; s=zohoarc; b=Lze5DmEZdRU2w6QNj352HDclhbeEJDBWhAchrt8PZ7iTqZYcwb8K3SiDBSZQZD5sYQ+p3GgClgXOgHRYOdvQrXdQy9zqaMHRgVCZFr5YyViEvOMQ/BsdIj8kTzpxeG/1O2XRYiSvhB0Y2ACvScQjjqlcCySMPbPvgHJBrbWLSpI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1572068252; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=tzLT/UWwTtdynYU1SfpAeupRK0ie81EGvd3tpJXQRZo=; b=eBydGoNl5uD5fGOqm11FILUuf+NCk8ZB/XKO6snT2zaaOtiyYYLCKLrBLs87Tohc0uz8GofFA6z19UTfH3VqyKDg1t+DAbBm8QmEmnvHD+xgrHagCpkUuElgTK/ZTq/vpV03M2xhv0m9GjTO8qM47ZeXcNQ7EfEw26wErsEfU1o= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+49463+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1572068252197271.14223339221303; Fri, 25 Oct 2019 22:37:32 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id sJGAYY1788612xQ4Jt6dbU7i; Fri, 25 Oct 2019 22:37:31 -0700 X-Received: from us-smtp-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.81]) by mx.groups.io with SMTP id smtpd.web12.2105.1572068251202538613 for ; Fri, 25 Oct 2019 22:37:31 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-297-N4ag3oeCOHiN5QzA1iH6cg-1; Sat, 26 Oct 2019 01:37:27 -0400 X-Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B91F75E4; Sat, 26 Oct 2019 05:37:26 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-26.ams2.redhat.com [10.36.116.26]) by smtp.corp.redhat.com (Postfix) with ESMTP id 590EE5D9CA; Sat, 26 Oct 2019 05:37:24 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: David Woodhouse , Jian J Wang , Jiaxin Wu , Sivaraman Nainar , Xiaoyu Lu Subject: [edk2-devel] [PATCH v2 1/8] MdePkg/Include/Protocol/Tls.h: Add the data type of EfiTlsVerifyHost (CVE-2019-14553) Date: Sat, 26 Oct 2019 07:37:12 +0200 Message-Id: <20191026053719.10453-2-lersek@redhat.com> In-Reply-To: <20191026053719.10453-1-lersek@redhat.com> References: <20191026053719.10453-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: N4ag3oeCOHiN5QzA1iH6cg-1 X-Mimecast-Spam-Score: 0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: q7h0XidO4CXt2t7F7W1SbLCWx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1572068251; bh=3RHcHSgZILYcjNSTOrB9w1mLWFujwcHUAPEc43qljUE=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=QpENRfacKOHcSJztOsFo7rV1d+pUOCVXVjaxQZxmCr8/BiOobOkvsy3gt9kPdkIzxFR KNuKtzhaB9v2LW84aU7Q0lWDXbBr39ghlUiMUkhIGQr17nsqZM+lIp8vE6T7QKnKOjBrH 6op53luP/ivLFt1/GDFfzfyIGBI8zpGO/tw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: "Wu, Jiaxin" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D960 CVE: CVE-2019-14553 In the patch, we add the new data type named "EfiTlsVerifyHost" and the EFI_TLS_VERIFY_HOST_FLAG for the TLS protocol consumer (HTTP) to enable the host name check so as to avoid the potential Man-In-The-Middle attack. Signed-off-by: Wu Jiaxin Reviewed-by: Ye Ting Reviewed-by: Long Qin Reviewed-by: Fu Siyuan Acked-by: Laszlo Ersek Message-Id: <20190927034441.3096-2-Jiaxin.wu@intel.com> Cc: David Woodhouse Cc: Jian J Wang Cc: Jiaxin Wu Cc: Sivaraman Nainar Cc: Xiaoyu Lu Signed-off-by: Laszlo Ersek Reviewed-by: Liming Gao --- Notes: v2: - fix whitespace in subject line - drop Contributed-under line per BZ#1373 MdePkg/Include/Protocol/Tls.h | 68 ++++++++++++++++---- 1 file changed, 57 insertions(+), 11 deletions(-) diff --git a/MdePkg/Include/Protocol/Tls.h b/MdePkg/Include/Protocol/Tls.h index bf1b6727a1e9..af524ae2a60e 100644 --- a/MdePkg/Include/Protocol/Tls.h +++ b/MdePkg/Include/Protocol/Tls.h @@ -40,12 +40,8 @@ typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL; /// /// EFI_TLS_SESSION_DATA_TYPE /// typedef enum { - /// - /// Session Configuration - /// - /// /// TLS session Version. The corresponding Data is of type EFI_TLS_VERSI= ON. /// EfiTlsVersion, @@ -85,13 +81,8 @@ typedef enum { /// TLS session data session state. /// The corresponding Data is of type EFI_TLS_SESSION_STATE. /// EfiTlsSessionState, - - /// - /// Session information - /// - /// /// TLS session data client random. /// The corresponding Data is of type EFI_TLS_RANDOM. /// @@ -105,11 +96,17 @@ typedef enum { /// TLS session data key material. /// The corresponding Data is of type EFI_TLS_MASTER_SECRET. /// EfiTlsKeyMaterial, + /// + /// TLS session hostname for validation which is used to verify whether = the name + /// within the peer certificate matches a given host name. + /// This parameter is invalid when EfiTlsVerifyMethod is EFI_TLS_VERIFY_= NONE. + /// The corresponding Data is of type EFI_TLS_VERIFY_HOST. + /// + EfiTlsVerifyHost, =20 EfiTlsSessionDataTypeMaximum - } EFI_TLS_SESSION_DATA_TYPE; =20 /// /// EFI_TLS_VERSION @@ -177,17 +174,66 @@ typedef UINT32 EFI_TLS_VERIFY; /// the reason for the certificate verification failure. /// #define EFI_TLS_VERIFY_PEER 0x1 /// -/// TLS session will fail peer certificate is absent. +/// EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT is only meaningful in the server m= ode. +/// TLS session will fail if client certificate is absent. /// #define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT 0x2 /// /// TLS session only verify client once, and doesn't request certificate d= uring /// re-negotiation. /// #define EFI_TLS_VERIFY_CLIENT_ONCE 0x4 =20 +/// +/// EFI_TLS_VERIFY_HOST_FLAG +/// +typedef UINT32 EFI_TLS_VERIFY_HOST_FLAG; +/// +/// There is no additional flags set for hostname validation. +/// Wildcards are supported and they match only in the left-most label. +/// +#define EFI_TLS_VERIFY_FLAG_NONE 0x00 +/// +/// Always check the Subject Distinguished Name (DN) in the peer certifica= te even if the +/// certificate contains Subject Alternative Name (SAN). +/// +#define EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT 0x01 +/// +/// Disable the match of all wildcards. +/// +#define EFI_TLS_VERIFY_FLAG_NO_WILDCARDS 0x02 +/// +/// Disable the "*" as wildcard in labels that have a prefix or suffix (e.= g. "www*" or "*www"). +/// +#define EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS 0x04 +/// +/// Allow the "*" to match more than one labels. Otherwise, only matches a= single label. +/// +#define EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS 0x08 +/// +/// Restrict to only match direct child sub-domains which start with ".". +/// For example, a name of ".example.com" would match "www.example.com" wi= th this flag, +/// but would not match "www.sub.example.com". +/// +#define EFI_TLS_VERIFY_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +/// +/// Never check the Subject Distinguished Name (DN) even there is no +/// Subject Alternative Name (SAN) in the certificate. +/// +#define EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT 0x20 + +/// +/// EFI_TLS_VERIFY_HOST +/// +#pragma pack (1) +typedef struct { + EFI_TLS_VERIFY_HOST_FLAG Flags; + CHAR8 *HostName; +} EFI_TLS_VERIFY_HOST; +#pragma pack () + /// /// EFI_TLS_RANDOM /// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1. /// Hello Messages". --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#49463): https://edk2.groups.io/g/devel/message/49463 Mute This Topic: https://groups.io/mt/37952585/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 22:15:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+49464+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+49464+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1572068256; cv=none; d=zoho.com; s=zohoarc; b=FBrNHOt3cUfbU7+nEvISXRHUMxxIpp2xCHuhev52awbX5KP1vKSQUKYAzQ7ljCBw/AMxNTuMJgNjWTTzjvXlRzakObjnldoyoci4yUFnjKi9w5DnVk+SsqlZkiDScQ4+G909BC8n02V+jr6VEl6oJF986PzULK8Z5F75YNxwE5o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1572068256; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=6O0qbe6bmOfkaq8JVCSvY8aQWc40hYRhDfijkE/fbYk=; b=azqiQlUxad7zDI4SYndjfQlAbR4nMlt4mmwUpNxg5JcVdkqtwBTKA4WdRpMiU2W1VsCxGtycNn/gVc1ly7Dye6J8y+Nt711sjpxz/1nDBpTPPx5xJDdgg3F3xu4waCmgVDw1Nn3ql7Kkpf9rskptBHuMhZNdZZ28C43JcOF9BBc= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+49464+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1572068256057314.83222176870856; Fri, 25 Oct 2019 22:37:36 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id mK8AYY1788612xy7BU5ivPMK; Fri, 25 Oct 2019 22:37:35 -0700 X-Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.120]) by mx.groups.io with SMTP id smtpd.web09.2196.1572068254972360906 for ; Fri, 25 Oct 2019 22:37:35 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-251-rOiYke_YNJOltCHRQbk5Kw-1; Sat, 26 Oct 2019 01:37:30 -0400 X-Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 366F5801E5C; Sat, 26 Oct 2019 05:37:29 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-26.ams2.redhat.com [10.36.116.26]) by smtp.corp.redhat.com (Postfix) with ESMTP id 241865D9CA; Sat, 26 Oct 2019 05:37:26 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: David Woodhouse , Jian J Wang , Jiaxin Wu , Sivaraman Nainar , Xiaoyu Lu Subject: [edk2-devel] [PATCH v2 2/8] CryptoPkg/TlsLib: Add the new API "TlsSetVerifyHost" (CVE-2019-14553) Date: Sat, 26 Oct 2019 07:37:13 +0200 Message-Id: <20191026053719.10453-3-lersek@redhat.com> In-Reply-To: <20191026053719.10453-1-lersek@redhat.com> References: <20191026053719.10453-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: rOiYke_YNJOltCHRQbk5Kw-1 X-Mimecast-Spam-Score: 0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: R4LLJpwZAZ40Ftqoru5MfP6yx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1572068255; bh=2haI4G9Sd65OYRGDTnWpWtHvthkbvlny6lgOmOi0QIc=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=ljKtm8Xn1x5I5AIVRH425VUXeYtuPzW66Js/seIv4k7WDFaqA/0icaSogs50E+/ZZmv 3g7WhRFwcjDQihPdyNh8Q3VlAX6ihlyhA2oBODV1ZmQP/7vjq6727W/Z3SvtZScvy0kxZ ncN6mg6d3d9SO+CBeyIahyqksNOjGC0dF+c= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: "Wu, Jiaxin" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D960 CVE: CVE-2019-14553 In the patch, we add the new API "TlsSetVerifyHost" for the TLS protocol to set the specified host name that need to be verified. Signed-off-by: Wu Jiaxin Reviewed-by: Ye Ting Reviewed-by: Long Qin Reviewed-by: Fu Siyuan Acked-by: Laszlo Ersek Message-Id: <20190927034441.3096-3-Jiaxin.wu@intel.com> Cc: David Woodhouse Cc: Jian J Wang Cc: Jiaxin Wu Cc: Sivaraman Nainar Cc: Xiaoyu Lu Signed-off-by: Laszlo Ersek Reviewed-by: Jian J Wang Reviewed-by: Philippe Mathieu-Daude --- Notes: v2: - fix whitespace in subject line - drop Contributed-under line per BZ#1373 CryptoPkg/Include/Library/TlsLib.h | 20 +++++++++++ CryptoPkg/Library/TlsLib/TlsConfig.c | 38 +++++++++++++++++++- 2 files changed, 57 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Include/Library/TlsLib.h b/CryptoPkg/Include/Library= /TlsLib.h index 9875cb6e746b..3af7d4bc095e 100644 --- a/CryptoPkg/Include/Library/TlsLib.h +++ b/CryptoPkg/Include/Library/TlsLib.h @@ -395,8 +395,28 @@ TlsSetVerify ( IN VOID *Tls, IN UINT32 VerifyMode ); =20 +/** + Set the specified host name to be verified. + + @param[in] Tls Pointer to the TLS object. + @param[in] Flags The setting flags during the validation. + @param[in] HostName The specified host name to be verified. + + @retval EFI_SUCCESS The HostName setting was set successfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_ABORTED Invalid HostName setting. + +**/ +EFI_STATUS +EFIAPI +TlsSetVerifyHost ( + IN VOID *Tls, + IN UINT32 Flags, + IN CHAR8 *HostName + ); + /** Sets a TLS/SSL session ID to be used during TLS/SSL connect. =20 This function sets a session ID to be used when the TLS/SSL connection is diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLi= b/TlsConfig.c index 74b577d60ee3..2bf5aee7c093 100644 --- a/CryptoPkg/Library/TlsLib/TlsConfig.c +++ b/CryptoPkg/Library/TlsLib/TlsConfig.c @@ -1,8 +1,8 @@ /** @file SSL/TLS Configuration Library Wrapper Implementation over OpenSSL. =20 -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2016 Hewlett Packard Enterprise Development LP
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -496,8 +496,44 @@ TlsSetVerify ( // SSL_set_verify (TlsConn->Ssl, VerifyMode, NULL); } =20 +/** + Set the specified host name to be verified. + + @param[in] Tls Pointer to the TLS object. + @param[in] Flags The setting flags during the validation. + @param[in] HostName The specified host name to be verified. + + @retval EFI_SUCCESS The HostName setting was set successfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_ABORTED Invalid HostName setting. + +**/ +EFI_STATUS +EFIAPI +TlsSetVerifyHost ( + IN VOID *Tls, + IN UINT32 Flags, + IN CHAR8 *HostName + ) +{ + TLS_CONNECTION *TlsConn; + + TlsConn =3D (TLS_CONNECTION *) Tls; + if (TlsConn =3D=3D NULL || TlsConn->Ssl =3D=3D NULL || HostName =3D=3D N= ULL) { + return EFI_INVALID_PARAMETER; + } + + SSL_set_hostflags(TlsConn->Ssl, Flags); + + if (SSL_set1_host(TlsConn->Ssl, HostName) =3D=3D 0) { + return EFI_ABORTED; + } + + return EFI_SUCCESS; +} + /** Sets a TLS/SSL session ID to be used during TLS/SSL connect. =20 This function sets a session ID to be used when the TLS/SSL connection is --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#49464): https://edk2.groups.io/g/devel/message/49464 Mute This Topic: https://groups.io/mt/37952586/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 22:15:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+49465+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+49465+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1572068256; cv=none; d=zoho.com; s=zohoarc; b=aycBdLGyW8zO1EX/ewUg1vzF7G/R4JS3Nkh8LBSDjlYPr83BNsNISqozeZ6g6pLru2ZgL+CkMe8QWQWrouYF1AcnD8JZrorOCudNJpwmRnqmhvhou7ikxD36WA0fh5ZuoUIGnmkl+QxM0n4zcTAv/dTL5H+Vj1Zhdw4EEoJOSpc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1572068256; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=hsxVDPje8ZhCfR/7wTo7U73/kqfxTD2EghBiJuSjceI=; b=IlKPsgG9TlwXYPqcWZx3Hus2hp/7UAUOCyRzznpK7bvxHbbgmOnL+iVGGvhKlio2tejRCaNW6FBlFfl4alpLd+xtj3aCHD7hYr4pb4EE4r6p6dACAC+sqQ1UyxHudrd+6jnI6rlfa59I9RWZtQ+OiqVJsMc0jvAG/TX5yx9wnDI= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+49465+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1572068256810160.87312240995607; Fri, 25 Oct 2019 22:37:36 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id R9i7YY1788612xJ5JVaRvY59; Fri, 25 Oct 2019 22:37:35 -0700 X-Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.120]) by mx.groups.io with SMTP id smtpd.web09.2197.1572068255253113068 for ; Fri, 25 Oct 2019 22:37:35 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-383-090onGgDOVO54dBe4EvxrQ-1; Sat, 26 Oct 2019 01:37:32 -0400 X-Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 74874107AD25; Sat, 26 Oct 2019 05:37:31 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-26.ams2.redhat.com [10.36.116.26]) by smtp.corp.redhat.com (Postfix) with ESMTP id AE0625D9CA; Sat, 26 Oct 2019 05:37:29 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: David Woodhouse , Jian J Wang , Jiaxin Wu , Sivaraman Nainar , Xiaoyu Lu Subject: [edk2-devel] [PATCH v2 3/8] CryptoPkg/Crt: turn strchr() into a function (CVE-2019-14553) Date: Sat, 26 Oct 2019 07:37:14 +0200 Message-Id: <20191026053719.10453-4-lersek@redhat.com> In-Reply-To: <20191026053719.10453-1-lersek@redhat.com> References: <20191026053719.10453-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: 090onGgDOVO54dBe4EvxrQ-1 X-Mimecast-Spam-Score: 0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: 6phTIY0I9M7YJBOIdkVTInYtx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1572068255; bh=ds9g99Tu4RJbXaKwAfY7pbxfWYMc5tIsB1MKyR0lynY=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=XQW6sA6wqsd4PZGJTfihilfdRARTBznXQYJp30DE9a5mghLknkBnSDmY6PtQqUp/ujO KzQsS6DLayxGpQaNyqIhMjgGmKYbufY/rBm6ccl2rdraoNWVz+fGWiTv0DQqguf8zU19K IE+pN3Fl/EN8LFCZ1YjxeuExvTAsb8wu+2k= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" According to the ISO C standard, strchr() is a function. We #define it as a macro. Unfortunately, our macro evaluates the first argument ("str") twice. If the expression passed for "str" has side effects, the behavior may be undefined. In a later patch in this series, we're going to resurrect "inet_pton.c" (originally from the StdLib package), which calls strchr() just like that: strchr((xdigits =3D xdigits_l), ch) strchr((xdigits =3D xdigits_u), ch) To enable this kind of function call, turn strchr() into a function. Cc: David Woodhouse Cc: Jian J Wang Cc: Jiaxin Wu Cc: Sivaraman Nainar Cc: Xiaoyu Lu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D960 CVE: CVE-2019-14553 Signed-off-by: Laszlo Ersek Reviewed-by: Jian J Wang Reviewed-by: Philippe Mathieu-Daude --- Notes: v2: - new patch CryptoPkg/Library/Include/CrtLibSupport.h | 2 +- CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/= Include/CrtLibSupport.h index 5806f50f7485..b90da20ff7e7 100644 --- a/CryptoPkg/Library/Include/CrtLibSupport.h +++ b/CryptoPkg/Library/Include/CrtLibSupport.h @@ -146,8 +146,9 @@ int isalnum (int); int isupper (int); int tolower (int); int strcmp (const char *, const char *); int strncasecmp (const char *, const char *, size_t); +char *strchr (const char *, int); char *strrchr (const char *, int); unsigned long strtoul (const char *, char **, int); long strtol (const char *, char **, int); char *strerror (int); @@ -187,9 +188,8 @@ void abort (void); #define strlen(str) (size_t)(AsciiStrnLenS(str,MAX_S= TRING_SIZE)) #define strcpy(strDest,strSource) AsciiStrCpyS(strDest,MAX_STRING_= SIZE,strSource) #define strncpy(strDest,strSource,count) AsciiStrnCpyS(strDest,MAX_STRING= _SIZE,strSource,(UINTN)count) #define strcat(strDest,strSource) AsciiStrCatS(strDest,MAX_STRING_= SIZE,strSource) -#define strchr(str,ch) ScanMem8((VOID *)(str),AsciiStrS= ize(str),(UINT8)ch) #define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,strin= g2,(UINTN)(count))) #define strcasecmp(str1,str2) (int)AsciiStriCmp(str1,str2) #define sprintf(buf,...) AsciiSPrint(buf,MAX_STRING_SIZE,= __VA_ARGS__) #define localtime(timer) NULL diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPk= g/Library/BaseCryptLib/SysCall/CrtWrapper.c index 71a2ef34ed2b..42235ab96ac3 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c @@ -114,8 +114,13 @@ QuickSortWorker ( // // -- String Manipulation Routines -- // =20 +char *strchr(const char *str, int ch) +{ + return ScanMem8 (str, AsciiStrSize (str), (UINT8)ch); +} + /* Scan a string for the last occurrence of a character */ char *strrchr (const char *str, int c) { char * save; --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#49465): https://edk2.groups.io/g/devel/message/49465 Mute This Topic: https://groups.io/mt/37952587/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 22:15:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+49466+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+49466+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1572068262; cv=none; d=zoho.com; s=zohoarc; b=LreMC4mHTj2WU+rvkEXmwWUAX5rR4V0eH/NVK9kKG/zQw/+2s4ao9vApwJkH9RaIHK5hT+qr2jsy7u9Zl3sWzXliG+j5CuWxzfVCJFz1agW8BqtIZuv5V2BHTnzfvmAbt2u60+pGLI0/30h/htDBqo82hEcwA7EFpUTK0l+axX0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1572068262; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=qZezOGI10fX2eizQfescMx4fYrvYpk4NEDEg1ljl7qk=; b=olZ2YDonop5CqiHxWtgq2CqXa9oP5AJNpr/mvfywVuDRgBoZtadLwUVfZzJ7UyVKmeNVw2JAFstZrrFUyo4e60UYWVDLJxDjsKfdEQaE4yIGB8vJrAFltgCkUG5e1xODIHWTHR9OYazlE8lDEbO+fMK/pjN8xwRdWNJkieu8Brg= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+49466+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1572068262607552.2066483211598; Fri, 25 Oct 2019 22:37:42 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id YbtkYY1788612xXlckjDXNh9; Fri, 25 Oct 2019 22:37:41 -0700 X-Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.120]) by mx.groups.io with SMTP id smtpd.web12.2108.1572068261049478158 for ; Fri, 25 Oct 2019 22:37:41 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-234-IBSi3wV6PkiSsSN_0-Ea6Q-1; Sat, 26 Oct 2019 01:37:35 -0400 X-Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EFF8C1800DCA; Sat, 26 Oct 2019 05:37:33 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-26.ams2.redhat.com [10.36.116.26]) by smtp.corp.redhat.com (Postfix) with ESMTP id 102E85D9CA; Sat, 26 Oct 2019 05:37:31 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: David Woodhouse , Jian J Wang , Jiaxin Wu , Sivaraman Nainar , Xiaoyu Lu Subject: [edk2-devel] [PATCH v2 4/8] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-2019-14553) Date: Sat, 26 Oct 2019 07:37:15 +0200 Message-Id: <20191026053719.10453-5-lersek@redhat.com> In-Reply-To: <20191026053719.10453-1-lersek@redhat.com> References: <20191026053719.10453-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: IBSi3wV6PkiSsSN_0-Ea6Q-1 X-Mimecast-Spam-Score: 0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: RhjzRhllwvb5eqj3k0D6vbTzx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1572068261; bh=G+6L13RE9fQBwhUA4aMlBTuZnKNOtkPtMM4DCp4ern8=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=MkLyZdHCV/jio+vjrr4Vqv+5lwtYX6uO0tSD3wWoSvY87y6umRPs/t6n2L5rVOEiDt8 hKV0EboxVMX5+9RPEVNh4TOl8KJyuD8itx+i28dz9uWUVq8VPZoON1FBo9SsowTVKp2YB e9RsjFHu1CJotlUrTTWMCmGtnlqMYhnhTeo= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" In a later patch in this series, we're going to resurrect "inet_pton.c" (originally from the StdLib package). That source file has a number of standard C and BSD socket dependencies. Provide those dependencies here: - The header files below will simply #include : - arpa/inet.h - arpa/nameser.h - netinet/in.h - sys/param.h - sys/socket.h - EAFNOSUPPORT comes from "StdLib/Include/errno.h", at commit e2d3a25f1a31; which is the commit immediately preceding the removal of StdLib from edk2 (964f432b9b0a). Note that the other error macro, which we alread #define, namely EINVAL, has a value (22) that also matches "StdLib/Include/errno.h". - The AF_INET and AF_INET6 address family macros come from "StdLib/Include/sys/socket.h". - The NS_INT16SZ, NS_INADDRSZ and NS_IN6ADDRSZ macros come from "StdLib/Include/arpa/nameser.h". - The "u_int" and "u_char" types come from "StdLib/Include/sys/types.h". Cc: David Woodhouse Cc: Jian J Wang Cc: Jiaxin Wu Cc: Sivaraman Nainar Cc: Xiaoyu Lu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D960 CVE: CVE-2019-14553 Signed-off-by: Laszlo Ersek Reviewed-by: Jian J Wang --- Notes: v2: - new patch CryptoPkg/Library/Include/CrtLibSupport.h | 16 ++++++++++++++++ CryptoPkg/Library/Include/arpa/inet.h | 9 +++++++++ CryptoPkg/Library/Include/arpa/nameser.h | 9 +++++++++ CryptoPkg/Library/Include/netinet/in.h | 9 +++++++++ CryptoPkg/Library/Include/sys/param.h | 9 +++++++++ CryptoPkg/Library/Include/sys/socket.h | 9 +++++++++ 6 files changed, 61 insertions(+) diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/= Include/CrtLibSupport.h index b90da20ff7e7..e603fad763f9 100644 --- a/CryptoPkg/Library/Include/CrtLibSupport.h +++ b/CryptoPkg/Library/Include/CrtLibSupport.h @@ -73,22 +73,38 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // Definitions for global constants used by CRT library routines // #define EINVAL 22 /* Invalid argument */ +#define EAFNOSUPPORT 47 /* Address family not supported by p= rotocol family */ #define INT_MAX 0x7FFFFFFF /* Maximum (signed) int value */ #define LONG_MAX 0X7FFFFFFFL /* max value for a long */ #define LONG_MIN (-LONG_MAX-1) /* min value for a long */ #define ULONG_MAX 0xFFFFFFFF /* Maximum unsigned long value */ #define CHAR_BIT 8 /* Number of bits in a char */ =20 +// +// Address families. +// +#define AF_INET 2 /* internetwork: UDP, TCP, etc. */ +#define AF_INET6 24 /* IP version 6 */ + +// +// Define constants based on RFC0883, RFC1034, RFC 1035 +// +#define NS_INT16SZ 2 /*%< #/bytes of data in a u_int16_t */ +#define NS_INADDRSZ 4 /*%< IPv4 T_A */ +#define NS_IN6ADDRSZ 16 /*%< IPv6 T_AAAA */ + // // Basic types mapping // typedef UINTN size_t; +typedef UINTN u_int; typedef INTN ssize_t; typedef INT32 time_t; typedef UINT8 __uint8_t; typedef UINT8 sa_family_t; +typedef UINT8 u_char; typedef UINT32 uid_t; typedef UINT32 gid_t; =20 // diff --git a/CryptoPkg/Library/Include/arpa/inet.h b/CryptoPkg/Library/Incl= ude/arpa/inet.h new file mode 100644 index 000000000000..988e4e0a73e3 --- /dev/null +++ b/CryptoPkg/Library/Include/arpa/inet.h @@ -0,0 +1,9 @@ +/** @file + Include file to support building third-party standard C / BSD sockets co= de. + + Copyright (C) 2019, Red Hat, Inc. + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include diff --git a/CryptoPkg/Library/Include/arpa/nameser.h b/CryptoPkg/Library/I= nclude/arpa/nameser.h new file mode 100644 index 000000000000..988e4e0a73e3 --- /dev/null +++ b/CryptoPkg/Library/Include/arpa/nameser.h @@ -0,0 +1,9 @@ +/** @file + Include file to support building third-party standard C / BSD sockets co= de. + + Copyright (C) 2019, Red Hat, Inc. + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include diff --git a/CryptoPkg/Library/Include/netinet/in.h b/CryptoPkg/Library/Inc= lude/netinet/in.h new file mode 100644 index 000000000000..988e4e0a73e3 --- /dev/null +++ b/CryptoPkg/Library/Include/netinet/in.h @@ -0,0 +1,9 @@ +/** @file + Include file to support building third-party standard C / BSD sockets co= de. + + Copyright (C) 2019, Red Hat, Inc. + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include diff --git a/CryptoPkg/Library/Include/sys/param.h b/CryptoPkg/Library/Incl= ude/sys/param.h new file mode 100644 index 000000000000..988e4e0a73e3 --- /dev/null +++ b/CryptoPkg/Library/Include/sys/param.h @@ -0,0 +1,9 @@ +/** @file + Include file to support building third-party standard C / BSD sockets co= de. + + Copyright (C) 2019, Red Hat, Inc. + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include diff --git a/CryptoPkg/Library/Include/sys/socket.h b/CryptoPkg/Library/Inc= lude/sys/socket.h new file mode 100644 index 000000000000..988e4e0a73e3 --- /dev/null +++ b/CryptoPkg/Library/Include/sys/socket.h @@ -0,0 +1,9 @@ +/** @file + Include file to support building third-party standard C / BSD sockets co= de. + + Copyright (C) 2019, Red Hat, Inc. + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#49466): https://edk2.groups.io/g/devel/message/49466 Mute This Topic: https://groups.io/mt/37952588/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 22:15:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+49467+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+49467+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1572068263; cv=none; d=zoho.com; s=zohoarc; b=BDGmgUPsnydcsZxBUc3k+z6NrcOnuxVpdBMtLTHY+6+6gPBRQY9huqaBdZhmAng+p0/pEFi4ECCjVJXF2bS5NqWbOAmkkXX0gf6+E40RgM1qySSYpDWU18DJsW7ofl3K2odzJY3xiHCg2ogZVD0zvZ+R/uldQYhnc+gILSybtgU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1572068263; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=7/Ks7G5dyiPdDDakQyJWMPmxImQNuOcu63VRvulLCmQ=; b=D8tpmmTOM05pOUC51FTjjYORcpJokWTJ/yUyYNuFdrFjmLrnlBZ1Sohdhp9soJ34rNVxAGFDJEZPInOE7eKzDidlRJgBKHQQYazoxcv9Jsd+QwIa0fNEoD9PM5Va8DjE6HxkvadDFnraN48TU/x2ljLjH89te0NJrDsRok8tSks= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+49467+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1572068263653140.65654822169301; Fri, 25 Oct 2019 22:37:43 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id etR7YY1788612xEZKriNKNSq; Fri, 25 Oct 2019 22:37:42 -0700 X-Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.120]) by mx.groups.io with SMTP id smtpd.web09.2199.1572068262087856223 for ; Fri, 25 Oct 2019 22:37:42 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-52-HoxUMb5NM9mVWI5UAgA4Vw-1; Sat, 26 Oct 2019 01:37:37 -0400 X-Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4FAA6800D4C; Sat, 26 Oct 2019 05:37:36 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-26.ams2.redhat.com [10.36.116.26]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7F1B95D9CA; Sat, 26 Oct 2019 05:37:34 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: David Woodhouse , Jian J Wang , Jiaxin Wu , Sivaraman Nainar , Xiaoyu Lu Subject: [edk2-devel] [PATCH v2 5/8] CryptoPkg/Crt: import "inet_pton.c" (CVE-2019-14553) Date: Sat, 26 Oct 2019 07:37:16 +0200 Message-Id: <20191026053719.10453-6-lersek@redhat.com> In-Reply-To: <20191026053719.10453-1-lersek@redhat.com> References: <20191026053719.10453-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: HoxUMb5NM9mVWI5UAgA4Vw-1 X-Mimecast-Spam-Score: 0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: B64Ct2pl27a5tV8gBUGinTXSx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1572068262; bh=MEbo8HrHSFxTnpTBqMYo4Y9ew3dAy8gtKd1+NvYzWCw=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=gjybF3lMTET133YfOdTfUXWZDD0O1R4GjAuk6O1CiGsaIyv1AhwQxQtLCrBrWKHGhSw r/hIb5OquxWop/otxeShqLtitKMQRK4dyndW7kjIEplIveTxwkOpe9ItIvr6YfBQ8LLoK Jx4bax789Y48CjhNHh2Kwps3vXBV1+VKmp8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" For TianoCore BZ#1734, StdLib has been moved from the edk2 project to the edk2-libc project, in commit 964f432b9b0a ("edk2: Remove AppPkg, StdLib, StdLibPrivateInternalFiles", 2019-04-29). We'd like to use the inet_pton() function in CryptoPkg. Resurrect the "inet_pton.c" file from just before the StdLib removal, as follows: $ git show \ 964f432b9b0a^:StdLib/BsdSocketLib/inet_pton.c \ > CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c The inet_pton() function is only intended for the DXE phase at this time, therefore only the "BaseCryptLib" instance INF file receives the new file. Cc: David Woodhouse Cc: Jian J Wang Cc: Jiaxin Wu Cc: Sivaraman Nainar Cc: Xiaoyu Lu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D960 CVE: CVE-2019-14553 Signed-off-by: Laszlo Ersek Reviewed-by: Jian J Wang --- Notes: v2: - new patch CryptoPkg/Library/Include/CrtLibSupport.h | 1 + CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c | 257 +++++++++++++++++= +++ 3 files changed, 259 insertions(+) diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/= Include/CrtLibSupport.h index e603fad763f9..5a20ba636fff 100644 --- a/CryptoPkg/Library/Include/CrtLibSupport.h +++ b/CryptoPkg/Library/Include/CrtLibSupport.h @@ -191,8 +191,9 @@ char *secure_getenv (const char *); void abort (void) __attribute__((__noreturn__)); #else void abort (void); #endif +int inet_pton (int, const char *, void *); =20 // // Macros that directly map functions to BaseLib, BaseMemoryLib, and Debug= Lib functions // diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index a98be2cd9590..dc9e6e5d45f9 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -57,8 +57,9 @@ [Sources] =20 SysCall/CrtWrapper.c SysCall/TimerWrapper.c SysCall/BaseMemAllocation.c + SysCall/inet_pton.c =20 [Sources.Ia32] Rand/CryptRandTsc.c =20 diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c b/CryptoPkg= /Library/BaseCryptLib/SysCall/inet_pton.c new file mode 100644 index 000000000000..32e1ab8690e6 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c @@ -0,0 +1,257 @@ +/* Copyright (c) 1996 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCL= AIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRA= NTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF = THIS + * SOFTWARE. + */ + +/* + * Portions copyright (c) 1999, 2000 + * Intel Corporation. + * All rights reserved. + *=20 + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + *=20 + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + *=20 + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + *=20 + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + *=20 + * This product includes software developed by Intel Corporation and + * its contributors. + *=20 + * 4. Neither the name of Intel Corporation or its contributors may be + * used to endorse or promote products derived from this software + * without specific prior written permission. + *=20 + * THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION AND CONTRIBUTORS ``AS IS= '' + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, T= HE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURP= OSE + * ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + *=20 + */ + +#if defined(LIBC_SCCS) && !defined(lint) +static char rcsid[] =3D "$Id: inet_pton.c,v 1.1.1.1 2003/11/19 01:51:30 ky= u3 Exp $"; +#endif /* LIBC_SCCS and not lint */ + +#include +#include +#include +#include +#include +#include +#include +#include + +/* + * WARNING: Don't even consider trying to compile this on a system where + * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. + */ + +static int inet_pton4 (const char *src, u_char *dst); +static int inet_pton6 (const char *src, u_char *dst); + +/* int + * inet_pton(af, src, dst) + * convert from presentation format (which usually means ASCII printable) + * to network format (which is usually some kind of binary format). + * return: + * 1 if the address was valid for the specified address family + * 0 if the address wasn't valid (`dst' is untouched in this case) + * -1 if some other error occurred (`dst' is untouched in this case, too) + * author: + * Paul Vixie, 1996. + */ +int +inet_pton( + int af, + const char *src, + void *dst + ) +{ + switch (af) { + case AF_INET: + return (inet_pton4(src, dst)); + case AF_INET6: + return (inet_pton6(src, dst)); + default: + errno =3D EAFNOSUPPORT; + return (-1); + } + /* NOTREACHED */ +} + +/* int + * inet_pton4(src, dst) + * like inet_aton() but without all the hexadecimal and shorthand. + * return: + * 1 if `src' is a valid dotted quad, else 0. + * notice: + * does not touch `dst' unless it's returning 1. + * author: + * Paul Vixie, 1996. + */ +static int +inet_pton4( + const char *src, + u_char *dst + ) +{ + static const char digits[] =3D "0123456789"; + int saw_digit, octets, ch; + u_char tmp[NS_INADDRSZ], *tp; + + saw_digit =3D 0; + octets =3D 0; + *(tp =3D tmp) =3D 0; + while ((ch =3D *src++) !=3D '\0') { + const char *pch; + + if ((pch =3D strchr(digits, ch)) !=3D NULL) { + u_int new =3D *tp * 10 + (u_int)(pch - digits); + + if (new > 255) + return (0); + *tp =3D (u_char)new; + if (! saw_digit) { + if (++octets > 4) + return (0); + saw_digit =3D 1; + } + } else if (ch =3D=3D '.' && saw_digit) { + if (octets =3D=3D 4) + return (0); + *++tp =3D 0; + saw_digit =3D 0; + } else + return (0); + } + if (octets < 4) + return (0); + + memcpy(dst, tmp, NS_INADDRSZ); + return (1); +} + +/* int + * inet_pton6(src, dst) + * convert presentation level address to network order binary form. + * return: + * 1 if `src' is a valid [RFC1884 2.2] address, else 0. + * notice: + * (1) does not touch `dst' unless it's returning 1. + * (2) :: in a full address is silently ignored. + * credit: + * inspired by Mark Andrews. + * author: + * Paul Vixie, 1996. + */ +static int +inet_pton6( + const char *src, + u_char *dst + ) +{ + static const char xdigits_l[] =3D "0123456789abcdef", + xdigits_u[] =3D "0123456789ABCDEF"; + u_char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp; + const char *xdigits, *curtok; + int ch, saw_xdigit; + u_int val; + + memset((tp =3D tmp), '\0', NS_IN6ADDRSZ); + endp =3D tp + NS_IN6ADDRSZ; + colonp =3D NULL; + /* Leading :: requires some special handling. */ + if (*src =3D=3D ':') + if (*++src !=3D ':') + return (0); + curtok =3D src; + saw_xdigit =3D 0; + val =3D 0; + while ((ch =3D *src++) !=3D '\0') { + const char *pch; + + if ((pch =3D strchr((xdigits =3D xdigits_l), ch)) =3D=3D NULL) + pch =3D strchr((xdigits =3D xdigits_u), ch); + if (pch !=3D NULL) { + val <<=3D 4; + val |=3D (pch - xdigits); + if (val > 0xffff) + return (0); + saw_xdigit =3D 1; + continue; + } + if (ch =3D=3D ':') { + curtok =3D src; + if (!saw_xdigit) { + if (colonp) + return (0); + colonp =3D tp; + continue; + } + if (tp + NS_INT16SZ > endp) + return (0); + *tp++ =3D (u_char) (val >> 8) & 0xff; + *tp++ =3D (u_char) val & 0xff; + saw_xdigit =3D 0; + val =3D 0; + continue; + } + if (ch =3D=3D '.' && ((tp + NS_INADDRSZ) <=3D endp) && + inet_pton4(curtok, tp) > 0) { + tp +=3D NS_INADDRSZ; + saw_xdigit =3D 0; + break; /* '\0' was seen by inet_pton4(). */ + } + return (0); + } + if (saw_xdigit) { + if (tp + NS_INT16SZ > endp) + return (0); + *tp++ =3D (u_char) (val >> 8) & 0xff; + *tp++ =3D (u_char) val & 0xff; + } + if (colonp !=3D NULL) { + /* + * Since some memmove()'s erroneously fail to handle + * overlapping regions, we'll do the shift by hand. + */ + const int n =3D (int)(tp - colonp); + int i; + + for (i =3D 1; i <=3D n; i++) { + endp[- i] =3D colonp[n - i]; + colonp[n - i] =3D 0; + } + tp =3D endp; + } + if (tp !=3D endp) + return (0); + memcpy(dst, tmp, NS_IN6ADDRSZ); + return (1); +} --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#49467): https://edk2.groups.io/g/devel/message/49467 Mute This Topic: https://groups.io/mt/37952589/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 22:15:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+49468+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+49468+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1572068269; cv=none; d=zoho.com; s=zohoarc; b=Je3R6Omt0XRsSS71pd3rLA72QrlcMZqzfTLTpCvEcJKIK2CwiyX1GtyrvQRYKbeHs+WAp4actz/468mt8OM/oW3w9DvE/Ow1qIgnJhwDb0qDZg3MgljpTK6Pn/MQ+nCImG6A7hohK79waEF9o4jhnnqNJGadA2wUk0hKA7lfFKc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1572068269; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=KkmrAzEv1a9IuZBoBQN9vHXnldo0fKISbx1+IY7Vmd8=; b=KN1+6Fl1j8Dg3+8H8Hn0vVaSPcihw+NH0erLcJh4Bdm73wC90HMxh4M0j1K4qr3yODP5MmMKsS4Mq6/RR1BU84qa900PfymDGoIwNOfy/nonUa+9ROACOAgKk/VJwrWCP6JD93grGss9yjgDPz5cApOc8YimjtnE8m/s1SBrlsg= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+49468+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 157206826906747.34311438830571; Fri, 25 Oct 2019 22:37:49 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id edr7YY1788612xnemKHBJ96w; Fri, 25 Oct 2019 22:37:48 -0700 X-Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.120]) by mx.groups.io with SMTP id smtpd.web09.2200.1572068267629720709 for ; Fri, 25 Oct 2019 22:37:47 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-103-2gXl77ulOC22nX5cfMB3jg-1; Sat, 26 Oct 2019 01:37:40 -0400 X-Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BCA5E100550E; Sat, 26 Oct 2019 05:37:39 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-26.ams2.redhat.com [10.36.116.26]) by smtp.corp.redhat.com (Postfix) with ESMTP id D5EDC5D9CA; Sat, 26 Oct 2019 05:37:36 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: David Woodhouse , Jian J Wang , Jiaxin Wu , Sivaraman Nainar , Xiaoyu Lu Subject: [edk2-devel] [PATCH v2 6/8] CryptoPkg/TlsLib: TlsSetVerifyHost: parse IP address literals as such (CVE-2019-14553) Date: Sat, 26 Oct 2019 07:37:17 +0200 Message-Id: <20191026053719.10453-7-lersek@redhat.com> In-Reply-To: <20191026053719.10453-1-lersek@redhat.com> References: <20191026053719.10453-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: 2gXl77ulOC22nX5cfMB3jg-1 X-Mimecast-Spam-Score: 0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: WWLNsEY5ldF1fjsqUjVlLukox1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1572068268; bh=c0UyUOq6WX4u2qrtK0k38nBcDa+dzi7HEWXl3s25V7Q=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=kmaU0GbMaZqiQwcVtB5g4KVb4IQKn89k1+rT/8waxVmb0lZSBLJDxWprM7KFPHqc47E 9Fh/RXiUKmKCmN3YbKXlr9PokW6X11QRk7bgY9wvyFfhy8TqYQ2sbWRy8ofI+uLZG7CuJ wCbgenuqQvdZ60LuAXnOrhnio6JQewGp21k= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Using the inet_pton() function that we imported in the previous patches, recognize if "HostName" is an IP address literal, and then parse it into binary representation. Passing the latter to OpenSSL for server certificate validation is important, per RFC-2818 : > In some cases, the URI is specified as an IP address rather than a > hostname. In this case, the iPAddress subjectAltName must be present in > the certificate and must exactly match the IP in the URI. Note: we cannot use X509_VERIFY_PARAM_set1_ip_asc() because in the OpenSSL version that is currently consumed by edk2, said function depends on sscanf() for parsing IPv4 literals. In "CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c", we only provide an empty -- always failing -- stub for sscanf(), however. Cc: David Woodhouse Cc: Jian J Wang Cc: Jiaxin Wu Cc: Sivaraman Nainar Cc: Xiaoyu Lu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D960 CVE: CVE-2019-14553 Suggested-by: David Woodhouse Signed-off-by: Laszlo Ersek Acked-by: Jian J Wang --- Notes: v2: - new patch CryptoPkg/Library/TlsLib/TlsConfig.c | 28 +++++++++++++++++--- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLi= b/TlsConfig.c index 2bf5aee7c093..307eb57896dc 100644 --- a/CryptoPkg/Library/TlsLib/TlsConfig.c +++ b/CryptoPkg/Library/TlsLib/TlsConfig.c @@ -516,22 +516,42 @@ TlsSetVerifyHost ( IN UINT32 Flags, IN CHAR8 *HostName ) { - TLS_CONNECTION *TlsConn; + TLS_CONNECTION *TlsConn; + X509_VERIFY_PARAM *VerifyParam; + UINTN BinaryAddressSize; + UINT8 BinaryAddress[MAX (NS_INADDRSZ, NS_IN6ADDRSZ)]; + INTN ParamStatus; =20 TlsConn =3D (TLS_CONNECTION *) Tls; if (TlsConn =3D=3D NULL || TlsConn->Ssl =3D=3D NULL || HostName =3D=3D N= ULL) { return EFI_INVALID_PARAMETER; } =20 SSL_set_hostflags(TlsConn->Ssl, Flags); =20 - if (SSL_set1_host(TlsConn->Ssl, HostName) =3D=3D 0) { - return EFI_ABORTED; + VerifyParam =3D SSL_get0_param (TlsConn->Ssl); + ASSERT (VerifyParam !=3D NULL); + + BinaryAddressSize =3D 0; + if (inet_pton (AF_INET6, HostName, BinaryAddress) =3D=3D 1) { + BinaryAddressSize =3D NS_IN6ADDRSZ; + } else if (inet_pton (AF_INET, HostName, BinaryAddress) =3D=3D 1) { + BinaryAddressSize =3D NS_INADDRSZ; + } + + if (BinaryAddressSize > 0) { + DEBUG ((DEBUG_VERBOSE, "%a:%a: parsed \"%a\" as an IPv%c address " + "literal\n", gEfiCallerBaseName, __FUNCTION__, HostName, + (UINTN)((BinaryAddressSize =3D=3D NS_IN6ADDRSZ) ? '6' : '4'))); + ParamStatus =3D X509_VERIFY_PARAM_set1_ip (VerifyParam, BinaryAddress, + BinaryAddressSize); + } else { + ParamStatus =3D X509_VERIFY_PARAM_set1_host (VerifyParam, HostName, 0); } =20 - return EFI_SUCCESS; + return (ParamStatus =3D=3D 1) ? EFI_SUCCESS : EFI_ABORTED; } =20 /** Sets a TLS/SSL session ID to be used during TLS/SSL connect. --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#49468): https://edk2.groups.io/g/devel/message/49468 Mute This Topic: https://groups.io/mt/37952590/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 22:15:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+49469+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+49469+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1572068269; cv=none; d=zoho.com; s=zohoarc; b=LeeDWOryMca3es0/VxTDpuWoF+ZckgMvL82qK5D/SYjrLWI5YLXH9rEylIxpyFzW5rq3NAHGDRAy4sVq6krhvCA6Q7w5vjeAIz9715n8DIswljny3NWRfusgtdxWG9hvDiX1iv/9mFuhAREkOVyS1d6pTjw8nRRwvMxn1tVMnn8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1572068269; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=KlDDVYkqYw3kdv1Dhg4wW/8L2JDpAkLgOIrgbomy74I=; b=cmrAWz3RszCH72nUjJQhxC/S0pwtzHfIXhm5ripCY8b7C+YggEeCPYQW64is+/UUTnR4txtZvQ8NLYriUJ75wkk5p2tgq1MfldgkGbaUfyPOYhBZ0E95hoJgbkLt0s6U5YMuFVpVAJz+8vkbVWOpKLnQ1ujKU1mLfc+tv9FG+lo= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+49469+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1572068269635207.3906421085528; Fri, 25 Oct 2019 22:37:49 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id jHugYY1788612x9pDxkGQuDV; Fri, 25 Oct 2019 22:37:48 -0700 X-Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.120]) by mx.groups.io with SMTP id smtpd.web09.2201.1572068268182942566 for ; Fri, 25 Oct 2019 22:37:48 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-5-8rnWr0O-Nhya9zR-OE4jLQ-1; Sat, 26 Oct 2019 01:37:43 -0400 X-Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 20484800A02; Sat, 26 Oct 2019 05:37:42 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-26.ams2.redhat.com [10.36.116.26]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3F2DF5D9CA; Sat, 26 Oct 2019 05:37:39 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: David Woodhouse , Jian J Wang , Jiaxin Wu , Sivaraman Nainar , Xiaoyu Lu Subject: [edk2-devel] [PATCH v2 7/8] NetworkPkg/TlsDxe: Add the support of host validation to TlsDxe driver (CVE-2019-14553) Date: Sat, 26 Oct 2019 07:37:18 +0200 Message-Id: <20191026053719.10453-8-lersek@redhat.com> In-Reply-To: <20191026053719.10453-1-lersek@redhat.com> References: <20191026053719.10453-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: 8rnWr0O-Nhya9zR-OE4jLQ-1 X-Mimecast-Spam-Score: 0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: u0a11hc73RZBKrvTCrezTuUnx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1572068268; bh=Q1hM6VtatoiJS4DuEPD9I6E3Ku0rsJfRGa4MhdMuHS0=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=og6bn/w2LwUSUWmumPLodNV4w59fnfWelqFobNjVIkqMdqrudKtoDVj8adprb14FYUu A3owy2VmgUZ8dKJj1WGzfyT31B0+OrOulNf65DFQVutkZW3bXqsN5CuCMPIElOc87NnHZ h+Wwz7F5IolxvYNvgotgAfvlHBqaeypwbNY= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: "Wu, Jiaxin" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D960 CVE: CVE-2019-14553 The new data type named "EfiTlsVerifyHost" and the EFI_TLS_VERIFY_HOST_FLAG are supported in TLS protocol. Signed-off-by: Wu Jiaxin Reviewed-by: Ye Ting Reviewed-by: Long Qin Reviewed-by: Fu Siyuan Acked-by: Laszlo Ersek Message-Id: <20190927034441.3096-4-Jiaxin.wu@intel.com> Cc: David Woodhouse Cc: Jian J Wang Cc: Jiaxin Wu Cc: Sivaraman Nainar Cc: Xiaoyu Lu Signed-off-by: Laszlo Ersek --- Notes: v2: - fix whitespace in subject line - drop Contributed-under line per BZ#1373 NetworkPkg/TlsDxe/TlsProtocol.c | 44 ++++++++++++++++++-- 1 file changed, 41 insertions(+), 3 deletions(-) diff --git a/NetworkPkg/TlsDxe/TlsProtocol.c b/NetworkPkg/TlsDxe/TlsProtoco= l.c index a7a993fc6fc5..001e5400d00f 100644 --- a/NetworkPkg/TlsDxe/TlsProtocol.c +++ b/NetworkPkg/TlsDxe/TlsProtocol.c @@ -1,8 +1,8 @@ /** @file Implementation of EFI TLS Protocol Interfaces. =20 - Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+ Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
=20 SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -55,14 +55,18 @@ TlsSetSessionData ( TLS_INSTANCE *Instance; UINT16 *CipherId; CONST EFI_TLS_CIPHER *TlsCipherList; UINTN CipherCount; + CONST EFI_TLS_VERIFY_HOST *TlsVerifyHost; + EFI_TLS_VERIFY VerifyMethod; + UINTN VerifyMethodSize; UINTN Index; =20 EFI_TPL OldTpl; =20 - Status =3D EFI_SUCCESS; - CipherId =3D NULL; + Status =3D EFI_SUCCESS; + CipherId =3D NULL; + VerifyMethodSize =3D sizeof (EFI_TLS_VERIFY); =20 if (This =3D=3D NULL || Data =3D=3D NULL || DataSize =3D=3D 0) { return EFI_INVALID_PARAMETER; } @@ -147,8 +151,42 @@ TlsSetSessionData ( goto ON_EXIT; } =20 TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data)); + break; + case EfiTlsVerifyHost: + if (DataSize !=3D sizeof (EFI_TLS_VERIFY_HOST)) { + Status =3D EFI_INVALID_PARAMETER; + goto ON_EXIT; + } + + TlsVerifyHost =3D (CONST EFI_TLS_VERIFY_HOST *) Data; + + if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT) = !=3D 0 && + (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT) != =3D 0) { + Status =3D EFI_INVALID_PARAMETER; + goto ON_EXIT; + } + + if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_WILDCARDS) !=3D 0 && + ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS)= !=3D 0 || + (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS= ) !=3D 0)) { + Status =3D EFI_INVALID_PARAMETER; + goto ON_EXIT; + } + + Status =3D This->GetSessionData (This, EfiTlsVerifyMethod, &VerifyMeth= od, &VerifyMethodSize); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + + if ((VerifyMethod & EFI_TLS_VERIFY_PEER) =3D=3D 0) { + Status =3D EFI_INVALID_PARAMETER; + goto ON_EXIT; + } + + Status =3D TlsSetVerifyHost (Instance->TlsConn, TlsVerifyHost->Flags, = TlsVerifyHost->HostName); + break; case EfiTlsSessionID: if (DataSize !=3D sizeof (EFI_TLS_SESSION_ID)) { Status =3D EFI_INVALID_PARAMETER; --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#49469): https://edk2.groups.io/g/devel/message/49469 Mute This Topic: https://groups.io/mt/37952591/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 22:15:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+49470+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+49470+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1572068270; cv=none; d=zoho.com; s=zohoarc; b=jXy3q68CNOMRbXIbSqvZlw1veZ4R2cennhqFEC0D4aBMj7daZhSgWMkStEEgXQaxxHz7bzQa7yCZ+6BUP2RxRBv6tnRRavt9JG8wPaY2FEgr9QJh6TZ9Z27Zfjn453d9+LQEDQGQ30xrBMv0K6ksTDRIt5OCwOnA7QT+PAEVaaU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1572068270; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=k+VfYodpYHb4MrcvrZXCCICj+ju/RW4+WSoom3qPSz0=; b=HDf8O51uAxspi6jyrkONfETtkSwNbkYZya6X7HVZEglai60R2uT5ysB8s87alzWhPt+4XbAxE3xS5ogOTCPQtSWASjjpL5d/GqPsKYrreV/CUUUP4D5/HLW80Wg5WP95RtgRy2TUPdfaZGegvxyC/oUSkYUMVF413niWaevprRA= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+49470+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1572068270148505.9929433010303; Fri, 25 Oct 2019 22:37:50 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id gSo4YY1788612x2gjBibY6bR; Fri, 25 Oct 2019 22:37:49 -0700 X-Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.120]) by mx.groups.io with SMTP id smtpd.web12.2109.1572068268956202917 for ; Fri, 25 Oct 2019 22:37:49 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-171-8KM3Sy7uPcuryBOalap9gg-1; Sat, 26 Oct 2019 01:37:46 -0400 X-Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A017C800D4C; Sat, 26 Oct 2019 05:37:44 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-26.ams2.redhat.com [10.36.116.26]) by smtp.corp.redhat.com (Postfix) with ESMTP id AE78C5D9CA; Sat, 26 Oct 2019 05:37:42 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: David Woodhouse , Jian J Wang , Jiaxin Wu , Sivaraman Nainar , Xiaoyu Lu Subject: [edk2-devel] [PATCH v2 8/8] NetworkPkg/HttpDxe: Set the HostName for the verification (CVE-2019-14553) Date: Sat, 26 Oct 2019 07:37:19 +0200 Message-Id: <20191026053719.10453-9-lersek@redhat.com> In-Reply-To: <20191026053719.10453-1-lersek@redhat.com> References: <20191026053719.10453-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: 8KM3Sy7uPcuryBOalap9gg-1 X-Mimecast-Spam-Score: 0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: KM8Q48KxXXjQVppGSHC8D3KMx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1572068269; bh=jFeMrR8TT80MTl2mGcwLdSNXun9Vdb1PhgC5+viRjSY=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=xRqD+cD0ujFuzD3vo9KLmjlvwOlhgJ9d2iAkCuTzlWsRCNeENLMRpFZ+0I2UnvZpt2U AAz7IxeEeNwvje6FUueWvldgcu8KPQ8hlFN7PDbcXIeF3I50PEWGj+ruOdVMELTKW2a8m 6FqJYfW0zUtD5tQGY/RgqO+mX2Bix5P4hJM= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: "Wu, Jiaxin" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D960 CVE: CVE-2019-14553 Set the HostName by consuming TLS protocol to enable the host name check so as to avoid the potential Man-In-The-Middle attack. Signed-off-by: Wu Jiaxin Reviewed-by: Ye Ting Reviewed-by: Long Qin Reviewed-by: Fu Siyuan Acked-by: Laszlo Ersek Message-Id: <20190927034441.3096-5-Jiaxin.wu@intel.com> Cc: David Woodhouse Cc: Jian J Wang Cc: Jiaxin Wu Cc: Sivaraman Nainar Cc: Xiaoyu Lu Signed-off-by: Laszlo Ersek --- Notes: v2: - fix whitespace in subject line - drop Contributed-under line per BZ#1373 NetworkPkg/HttpDxe/HttpProto.h | 1 + NetworkPkg/HttpDxe/HttpsSupport.c | 21 ++++++++++++++++---- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/NetworkPkg/HttpDxe/HttpProto.h b/NetworkPkg/HttpDxe/HttpProto.h index 6e1f51748a73..34308e016d3e 100644 --- a/NetworkPkg/HttpDxe/HttpProto.h +++ b/NetworkPkg/HttpDxe/HttpProto.h @@ -81,8 +81,9 @@ typedef struct { typedef struct { EFI_TLS_VERSION Version; EFI_TLS_CONNECTION_END ConnectionEnd; EFI_TLS_VERIFY VerifyMethod; + EFI_TLS_VERIFY_HOST VerifyHost; EFI_TLS_SESSION_STATE SessionState; } TLS_CONFIG_DATA; =20 // diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSu= pport.c index 988bbcbce7d8..5dfb13bd6021 100644 --- a/NetworkPkg/HttpDxe/HttpsSupport.c +++ b/NetworkPkg/HttpDxe/HttpsSupport.c @@ -622,15 +622,18 @@ TlsConfigureSession ( =20 // // TlsConfigData initialization // - HttpInstance->TlsConfigData.ConnectionEnd =3D EfiTlsClient; - HttpInstance->TlsConfigData.VerifyMethod =3D EFI_TLS_VERIFY_PEER; - HttpInstance->TlsConfigData.SessionState =3D EfiTlsSessionNotStarted; + HttpInstance->TlsConfigData.ConnectionEnd =3D EfiTlsClient; + HttpInstance->TlsConfigData.VerifyMethod =3D EFI_TLS_VERIFY_PEER; + HttpInstance->TlsConfigData.VerifyHost.Flags =3D EFI_TLS_VERIFY_FLAG_= NO_WILDCARDS; + HttpInstance->TlsConfigData.VerifyHost.HostName =3D HttpInstance->Remote= Host; + HttpInstance->TlsConfigData.SessionState =3D EfiTlsSessionNotStar= ted; =20 // // EfiTlsConnectionEnd, - // EfiTlsVerifyMethod + // EfiTlsVerifyMethod, + // EfiTlsVerifyHost, // EfiTlsSessionState // Status =3D HttpInstance->Tls->SetSessionData ( HttpInstance->Tls, @@ -651,8 +654,18 @@ TlsConfigureSession ( if (EFI_ERROR (Status)) { return Status; } =20 + Status =3D HttpInstance->Tls->SetSessionData ( + HttpInstance->Tls, + EfiTlsVerifyHost, + &HttpInstance->TlsConfigData.VerifyHost, + sizeof (EFI_TLS_VERIFY_HOST) + ); + if (EFI_ERROR (Status)) { + return Status; + } + Status =3D HttpInstance->Tls->SetSessionData ( HttpInstance->Tls, EfiTlsSessionState, &(HttpInstance->TlsConfigData.SessionState= ), --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#49470): https://edk2.groups.io/g/devel/message/49470 Mute This Topic: https://groups.io/mt/37952592/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-