packages/edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:c1f344c4d9742cf3cf3d4cbee37d6ad3d1368f00
Branches Tags
packages:main
..
compare: packages:ca2a749250861a9aadba0df3850d9d74316a751c
Branches Tags
packages:main

No commits in common. "c1f344c4d9742cf3cf3d4cbee37d6ad3d1368f00" and "ca2a749250861a9aadba0df3850d9d74316a751c" have entirely different histories.
c1f344c4d9 ... ca2a749250

5 changed files with 1 additions and 702 deletions
Show Stats Expand all files Collapse all files

198
0086-Check-DSA-parameters-for-excessive-sizes-before-vali.patch
View File

@ -1,198 +0,0 @@
From 9b551e31226d345984bc4dd64b0f8c8f768b9d0b Mon Sep 17 00:00:00 2001
From: hy <12444214+dhjgty@user.noreply.gitee.com>
Date: Sun, 16 Mar 2025 16:30:29 +0800
Subject: [PATCH] Check DSA parameters for excessive sizes before validating
This avoids overly long computation of various validation checks.
Fixes CVE-2024-4603
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
---
.../Library/OpensslLib/openssl/CHANGES.md | 17 ++++++
.../OpensslLib/openssl/crypto/dsa/dsa_check.c | 44 ++++++++++++--
.../invalid/p10240_q256_too_big.pem | 57 +++++++++++++++++++
3 files changed, 114 insertions(+), 4 deletions(-)
create mode 100644 CryptoPkg/Library/OpensslLib/openssl/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem
diff --git a/CryptoPkg/Library/OpensslLib/openssl/CHANGES.md b/CryptoPkg/Library/OpensslLib/openssl/CHANGES.md
index 0fb1eb1f..2209e0ce 100644
--- a/CryptoPkg/Library/OpensslLib/openssl/CHANGES.md
+++ b/CryptoPkg/Library/OpensslLib/openssl/CHANGES.md
@@ -30,6 +30,23 @@ breaking changes, and mappings for the large list of deprecated functions.
### Changes between 3.0.8 and 3.0.9 [30 May 2023]
+ * Fixed an issue where checking excessively long DSA keys or parameters may
+ be very slow.
+
+ Applications that use the functions EVP_PKEY_param_check() or
+ EVP_PKEY_public_check() to check a DSA public key or DSA parameters may
+ experience long delays. Where the key or parameters that are being checked
+ have been obtained from an untrusted source this may lead to a Denial of
+ Service.
+
+ To resolve this issue DSA keys larger than OPENSSL_DSA_MAX_MODULUS_BITS
+ will now fail the check immediately with a DSA_R_MODULUS_TOO_LARGE error
+ reason.
+
+ ([CVE-2024-4603])
+
+ *Tomáš Mráz*
+
* Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.
diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/dsa/dsa_check.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/dsa/dsa_check.c
index 7ee914a4..ed01ea8f 100644
--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/dsa/dsa_check.c
+++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/dsa/dsa_check.c
@@ -19,8 +19,34 @@
#include "dsa_local.h"
#include "crypto/dsa.h"
+static int dsa_precheck_params(const DSA *dsa, int *ret)
+ {
+ if (dsa->params.p == NULL || dsa->params.q == NULL) {
+ ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS);
+ *ret = FFC_CHECK_INVALID_PQ;
+ return 0;
+ }
+
+ if (BN_num_bits(dsa->params.p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
+ ERR_raise(ERR_LIB_DSA, DSA_R_MODULUS_TOO_LARGE);
+ *ret = FFC_CHECK_INVALID_PQ;
+ return 0;
+ }
+
+ if (BN_num_bits(dsa->params.q) >= BN_num_bits(dsa->params.p)) {
+ ERR_raise(ERR_LIB_DSA, DSA_R_BAD_Q_VALUE);
+ *ret = FFC_CHECK_INVALID_PQ;
+ return 0;
+ }
+
+ return 1;
+ }
+
int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
{
+ if (!dsa_precheck_params(dsa, ret))
+ return 0;
+
if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK)
return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params,
FFC_PARAM_TYPE_DSA, ret);
@@ -39,6 +65,9 @@ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
*/
int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
{
+ if (!dsa_precheck_params(dsa, ret))
+ return 0;
+
return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret);
}
@@ -49,6 +78,9 @@ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
*/
int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret)
{
+ if (!dsa_precheck_params(dsa, ret))
+ return 0;
+
return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret);
}
@@ -56,8 +88,10 @@ int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret)
{
*ret = 0;
- return (dsa->params.q != NULL
- && ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret));
+ if (!dsa_precheck_params(dsa, ret))
+ return 0;
+
+ return ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret);
}
/*
@@ -70,8 +104,10 @@ int ossl_dsa_check_pairwise(const DSA *dsa)
BN_CTX *ctx = NULL;
BIGNUM *pub_key = NULL;
- if (dsa->params.p == NULL
- || dsa->params.g == NULL
+ if (!dsa_precheck_params(dsa, &ret))
+ return 0;
+
+ if (dsa->params.g == NULL
|| dsa->priv_key == NULL
|| dsa->pub_key == NULL)
return 0;
diff --git a/CryptoPkg/Library/OpensslLib/openssl/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem b/CryptoPkg/Library/OpensslLib/openssl/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem
new file mode 100644
index 00000000..162be8a8
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/openssl/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem
@@ -0,0 +1,57 @@
+-----BEGIN DSA PARAMETERS-----
+ MIIKLAKCBQEAym47LzPFZdbz16WvjczLKuzLtsP8yRk/exxL4bBthJhP1qOwctja
+ p1586SF7gDxCMn7yWVEYdfRbFefGoq0gj1XOE917XqlbnkmZhMgxut2KbNJo/xil
+ XNFUjGvKs3F413U9rAodC8f07cWHP1iTcWL+vPe6u2yilKWYYfnLWHQH+Z6aPrrF
+ x/R08LI6DZ6nEsIo+hxaQnEtx+iqNTJC6Q1RIjWDqxQkFVTkJ0Y7miRDXmRdneWk
+ oLrMZRpaXr5l5tSjEghh1pBgJcdyOv0lh4dlDy/alAiqE2Qlb667yHl6A9dDPlpW
+ dAntpffy4LwOxfbuEhISvKjjQoBwIvYE4TBPqL0Q6bC6HgQ4+tqd9b44pQjdIQjb
+ Xcjc6azheITSnPEex3OdKtKoQeRq01qCeLBpMXu1c+CTf4ApKArZvT3vZSg0hM1O
+ pR71bRZrEEegDj0LH2HCgI5W6H3blOS9A0kUTddCoQXr2lsVdiPtRbPKH1gcd9FQ
+ P8cGrvbakpTiC0dCczOMDaCteM1QNILlkM7ZoV6VghsKvDnFPxFsiIr5GgjasXP5
+ hhbn3g7sDoq1LiTEo+IKQY28pBWx7etSOSRuXW/spnvCkivZla7lSEGljoy9QlQ2
+ UZmsEQI9G3YyzgpxHvKZBK1CiZVTywdYKTZ4TYCxvqzhYhjv2bqbpjI12HRFLojB
+ koyEmMSp53lldCzp158PrIanqSp2rksMR8SmmCL3FwfAp2OjqFMEglG9DT8x0WaN
+ TLSkjGC6t2csMte7WyU1ekNoFDKfMjDSAz0+xIx21DEmZtYqFOg1DNPK1xYLS0pl
+ RSMRRkJVN2mk/G7/1oxlB8Wb9wgi3GKUqqCYT11SnBjzq0NdoJ3E4GMedp5Lx3AZ
+ 4mFuRPUd4iV86tE0XDSHSFE7Y3ZkrOjD7Q/26/L53L/UH5z4HW6CHP5os7QERJjg
+ c1S3x87wXWo9QXbB9b2xmf+c+aWwAAr1cviw38tru58jF3/IGyduj9H8claKQqBG
+ cIOUF4aNe1hK2K3ArAOApUxr4KE+tCvrltRfiTmVFip0g9Jt1CPY3Zu7Bd4Z2ZkE
+ DtSztpwa49HrWF5E9xpquvBL2U8jQ68E7Xd8Wp4orI/TIChriamBmdkgRz3H2LvN
+ Ozb6+hsnEGrz3sp2RVAToSqA9ysa6nHZdfufPNtMEbQdO/k1ehmGRb0ljBRsO6b2
+ rsG2eYuC8tg8eCrIkua0TGRI7g6a4K32AJdzaX6NsISaaIW+OYJuoDSscvD3oOg8
+ PPEhU+zM7xJskTA+jxvPlikKx8V7MNHOCQECldJlUBwzJvqp40JvwfnDsF+8VYwd
+ UaiieR3pzMzyTjpReXRmZbnRPusRcsVzxb2OhB79wmuy4UPjjQBX+7eD0rs8xxvW
+ 5a5q1Cjq4AvbwmmcA/wDrHDOjcbD/zodad2O1QtBWa/R4xyWea4zKsflgACE1zY9
+ wW2br7+YQFekcrXkkkEzgxd6zxv8KVEDpXRZjmAM1cI5LvkoN64To4GedN8Qe/G7
+ R9SZh9gnS17PTP64hK+aYqhFafMdu87q/+qLfxaSux727qE5hiW01u4nnWhACf9s
+ xuOozowKqxZxkolMIyZv6Lddwy1Zv5qjCyd0DvM/1skpXWkb9kfabYC+OhjsjVhs
+ 0Ktfs6a5B3eixiw5x94hhIcTEcS4hmvhGUL72FiTca6ZeSERTKmNBy8CIQC9/ZUN
+ uU/V5JTcnYyUGHzm7+XcZBjyGBagBj9rCmW3SQKCBQAJ/k9rb39f1cO+/3XDEMjy
+ 9bIEXSuS48g5RAc1UGd5nrrBQwuDxGWFyz0yvAY7LgyidZuJS21+MAp9EY7AOMmx
+ TDttifNaBJYt4GZ8of166PcqTKkHQwq5uBpxeSDv/ZE8YbYfaCtLTcUC8KlO+l36
+ gjJHSkdkflSsGy1yObSNDQDfVAAwQs//TjDMnuEtvlNXZllsTvFFBceXVETn10K2
+ ZMmdSIJNfLnjReUKEN6PfeGqv7F4xoyGwUybEfRE4u5RmXrqCODaIjY3SNMrOq8B
+ R3Ata/cCozsM1jIdIW2z+OybDJH+BYsYm2nkSZQjZS6javTYClLrntEKG/hAQwL8
+ F16YLOQXpHhgiAaWnTZzANtLppB2+5qCVy5ElzKongOwT8JTjTFXOaRnqe/ngm9W
+ SSbrxfDaoWUOyK9XD8Cydzpv3n4Y8nWNGayi7/yAFCU36Ri040ufgv/TZLuKacnl
+ +3ga3ZUpRlSigzx0kb1+KjTSWeQ8vE/psdWjvBukVEbzdUauMLyRLo/6znSVvvPX
+ UGhviThE5uhrsUg+wEPFINriSHfF7JDKVhDcJnLBdaXvfN52pkF/naLBF5Rt3Gvq
+ fjCxjx0Sy9Lag1hDN4dor7dzuO7wmwOS01DJW1PtNLuuH0Bbqh1kYSaQkmyXBZWX
+ qo8K3nkoDM0niOtJJubOhTNrGmSaZpNXkK3Mcy9rBbdvEs5O0Jmqaax/eOdU0Yot
+ B3lX+3ddOseT2ZEFjzObqTtkWuFBeBxuYNcRTsu3qMdIBsEb8URQdsTtjoIja2fK
+ hreVgjK36GW70KXEl8V/vq5qjQulmqkBEjmilcDuiREKqQuyeagUOnhQaBplqVco
+ 4xznh5DMBMRbpGb5lHxKv4cPNi+uNAJ5i98zWUM1JRt6aXnRCuWcll1z8fRZ+5kD
+ vK9FaZU3VRMK/eknEG49cGr8OuJ6ZRSaC+tKwV1y+amkSZpKPWnk2bUnQI3ApJv3
+ k1e1EToeECpMUkLMDgNbpKBoz4nqMEvAAlYgw9xKNbLlQlahqTVEAmaJHh4yDMDy
+ i7IZ9Wrn47IGoR7s3cvhDHUpRPeW4nsmgzj+tf5EAxemI61STZJTTWo0iaPGJxct
+ 9nhOOhw1I38Mvm4vkAbFH7YJ0B6QrjjYL2MbOTp5JiIh4vdOeWwNo9/y4ffyaN5+
+ ADpxuuIAmcbdr6GPOhkOFFixRJa0B2eP1i032HESlLs8RB9oYtdTXdXQotnIgJGd
+ Y8tSKOa1zjzeLHn3AVpRZTUW++/BxmApV3GKIeG8fsUjg/df0QRrBcdC/1uccdaG
+ KKlAOwlywVn5jUlwHkTmDiTM9w5AqVVGHZ2b+4ZgQW8jnPKN0SrKf6U555D+zp7E
+ x4uXoE8ojN9y8m8UKf0cTLnujH2XgZorjPfuMOt5VZEhQFMS2QaljSeni5CJJ8gk
+ XtztNqfBlAtWR4V5iAHeQOfIB2YaOy8GESda89tyKraKeaez41VblpTVHTeq9IIF
+ YB4cQA2PfuNaGVRGLMAgT3Dvl+mxxxeJyxnGAiUcETU/jJJt9QombiuszBlYGQ5d
+ ELOSm/eQSRARV9zNSt5jaQlMSjMBqenIEM09BzYqa7jDwqoztFxNdO8bcuQPuKwa
+ 4z3bBZ1yYm63WFdNbQqqGEwc0OYmqg1raJ0zltgHyjFyw8IGu4g/wETs+nVQcH7D
+ vKuje86bePD6kD/LH3wmkA==
+ -----END DSA PARAMETERS-----
--
2.33.0

187
0087-Harden-BN_GF2m_poly2arr-against-misuse.patch
View File

@ -1,187 +0,0 @@
From 2a0fa58af18f2ab5435ee2cefa6a02cacfb18818 Mon Sep 17 00:00:00 2001
From: hy <941973499@qq.com>
Date: Fri, 28 Mar 2025 22:48:57 +0800
Subject: [PATCH] Harden BN_GF2m_poly2arr against misuse. The
BN_GF2m_poly2arr() function converts characteristic-2 field (GF_{2^m}) Galois
polynomials from a representation as a BIGNUM bitmask, to a compact array
with just the exponents of the non-zero terms.
These polynomials are then used in BN_GF2m_mod_arr() to perform modular
reduction. A precondition of calling BN_GF2m_mod_arr() is that the
polynomial must have a non-zero constant term (i.e. the array has `0` as
its final element).
Internally, callers of BN_GF2m_poly2arr() did not verify that
precondition, and binary EC curve parameters with an invalid polynomial
could lead to out of bounds memory reads and writes in BN_GF2m_mod_arr().
The precondition is always true for polynomials that arise from the
standard form of EC parameters for characteristic-two fields (X9.62).
See the "Finite Field Identification" section of:
https://www.itu.int/ITU-T/formal-language/itu-t/x/x894/2018-cor1/ANSI-X9-62.html
The OpenSSL GF(2^m) code supports only the trinomial and pentanomial
basis X9.62 forms.
This commit updates BN_GF2m_poly2arr() to return `0` (failure) when
the constant term is zero (i.e. the input bitmask BIGNUM is not odd).
Additionally, the return value is made unambiguous when there is not
enough space to also pad the array with a final `-1` sentinel value.
The return value is now always the number of elements (including the
final `-1`) that would be filled when the output array is sufficiently
large. Previously the same count was returned both when the array has
just enough room for the final `-1` and when it had only enough space
for non-sentinel values.
Finally, BN_GF2m_poly2arr() is updated to reject polynomials whose
degree exceeds `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against
CPU exhausition attacks via excessively large inputs.
The above issues do not arise in processing X.509 certificates. These
generally have EC keys from "named curves", and RFC5840 (Section 2.1.1)
disallows explicit EC parameters. The TLS code in OpenSSL enforces this
constraint only after the certificate is decoded, but, even if explicit
parameters are specified, they are in X9.62 form, which cannot represent
problem values as noted above.
Initially reported as oss-fuzz issue 71623.
---
.../OpensslLib/openssl/crypto/bn/bn_gf2m.c | 28 +++++++---
.../openssl/test/ec_internal_test.c | 51 +++++++++++++++++++
2 files changed, 71 insertions(+), 8 deletions(-)
diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_gf2m.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_gf2m.c
index 304c2ea0..65e9958c 100644
--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_gf2m.c
+++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_gf2m.c
@@ -15,6 +15,7 @@
#include "bn_local.h"
#ifndef OPENSSL_NO_EC2M
+# include <openssl/ec.h>
/*
* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should
@@ -1134,16 +1135,26 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
/*
* Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i *
* x^i) into an array of integers corresponding to the bits with non-zero
- * coefficient. Array is terminated with -1. Up to max elements of the array
- * will be filled. Return value is total number of array elements that would
- * be filled if array was large enough.
+ * coefficient. The array is intended to be suitable for use with
+ * `BN_GF2m_mod_arr()`, and so the constant term of the polynomial must not be
+ * zero. This translates to a requirement that the input BIGNUM `a` is odd.
+ *
+ * Given sufficient room, the array is terminated with -1. Up to max elements
+ * of the array will be filled.
+ *
+ * The return value is total number of array elements that would be filled if
+ * array was large enough, including the terminating `-1`. It is `0` when `a`
+ * is not odd or the constant term is zero contrary to requirement.
+ *
+ * The return value is also `0` when the leading exponent exceeds
+ * `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against CPU exhaustion attacks,
*/
int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
{
int i, j, k = 0;
BN_ULONG mask;
- if (BN_is_zero(a))
+ if (!BN_is_odd(a))
return 0;
for (i = a->top - 1; i >= 0; i--) {
@@ -1161,12 +1172,13 @@ int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
}
}
- if (k < max) {
+ if (k > 0 && p[0] > OPENSSL_ECC_MAX_FIELD_BITS)
+ return 0;
+
+ if (k < max)
p[k] = -1;
- k++;
- }
- return k;
+ return k + 1;
}
/*
diff --git a/CryptoPkg/Library/OpensslLib/openssl/test/ec_internal_test.c b/CryptoPkg/Library/OpensslLib/openssl/test/ec_internal_test.c
index 8c2cd056..484cbb2a 100644
--- a/CryptoPkg/Library/OpensslLib/openssl/test/ec_internal_test.c
+++ b/CryptoPkg/Library/OpensslLib/openssl/test/ec_internal_test.c
@@ -155,6 +155,56 @@ static int field_tests_ecp_mont(void)
}
#ifndef OPENSSL_NO_EC2M
+/* Test that decoding of invalid GF2m field parameters fails. */
+ static int ec2m_field_sanity(void)
+ {
+ int ret = 0;
+ BN_CTX *ctx = BN_CTX_new();
+ BIGNUM *p, *a, *b;
+ EC_GROUP *group1 = NULL, *group2 = NULL, *group3 = NULL;
+
+ TEST_info("Testing GF2m hardening\n");
+
+ BN_CTX_start(ctx);
+ p = BN_CTX_get(ctx);
+ a = BN_CTX_get(ctx);
+ if (!TEST_ptr(b = BN_CTX_get(ctx))
+ || !TEST_true(BN_one(a))
+ || !TEST_true(BN_one(b)))
+ goto out;
+
+ /* Even pentanomial value should be rejected */
+ if (!TEST_true(BN_set_word(p, 0xf2)))
+ goto out;
+ if (!TEST_ptr_null(group1 = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
+ TEST_error("Zero constant term accepted in GF2m polynomial");
+
+ /* Odd hexanomial should also be rejected */
+ if (!TEST_true(BN_set_word(p, 0xf3)))
+ goto out;
+ if (!TEST_ptr_null(group2 = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
+ TEST_error("Hexanomial accepted as GF2m polynomial");
+
+ /* Excessive polynomial degree should also be rejected */
+ if (!TEST_true(BN_set_word(p, 0x71))
+ || !TEST_true(BN_set_bit(p, OPENSSL_ECC_MAX_FIELD_BITS + 1)))
+ goto out;
+ if (!TEST_ptr_null(group3 = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
+ TEST_error("GF2m polynomial degree > %d accepted",
+ OPENSSL_ECC_MAX_FIELD_BITS);
+
+ ret = group1 == NULL && group2 == NULL && group3 == NULL;
+
+ out:
+ EC_GROUP_free(group1);
+ EC_GROUP_free(group2);
+ EC_GROUP_free(group3);
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+
+ return ret;
+ }
+
/* test EC_GF2m_simple_method directly */
static int field_tests_ec2_simple(void)
{
@@ -443,6 +493,7 @@ int setup_tests(void)
ADD_TEST(field_tests_ecp_simple);
ADD_TEST(field_tests_ecp_mont);
#ifndef OPENSSL_NO_EC2M
+ ADD_TEST(ec2m_field_sanity);
ADD_TEST(field_tests_ec2_simple);
#endif
ADD_ALL_TESTS(field_tests_default, crv_len);
--
2.33.0

185
0088-SecurityPkg-Out-of-bound-read-in-HashPeImageByType.patch
View File

@ -1,185 +0,0 @@
From 6460d06c6f028154088ea7db4a44821ffabfe9e6 Mon Sep 17 00:00:00 2001
From: hy <941973499@qq.com>
Date: Sat, 26 Apr 2025 23:38:23 +0800
Subject: [PATCH] SecurityPkg: Out of bound read in HashPeImageByType() In
HashPeImageByType(), the hash of PE/COFF image is calculated. This function
may get untrusted input.
Inside this function, the following code verifies the loaded image has
the correct format, by reading the second byte of the buffer.
```c
if ((*(AuthData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) {
...
}
```
The input image is not trusted and that may not have the second byte to
read. So this poses an out of bound read error.
With below fix we are assuring that we don't do out of bound read. i.e,
we make sure that AuthDataSize is greater than 1.
```c
if (AuthDataSize > 1
&& (*(AuthData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE){
...
}
```
AuthDataSize size is verified before reading the second byte.
So if AuthDataSize is less than 2, the second byte will not be read, and
the out of bound read situation won't occur.
Tested the patch on real platform with and without TPM connected and
verified image is booting fine.
Authored-by: Raj AlwinX Selvaraj <Alw...@intel.com>
Signed-off-by: Doug Flick <DougFlick@microsoft.com>
---
.../DxeImageVerificationLib.c | 37 ++++++++++---------
SecurityPkg/SecurityFixes.yaml | 15 ++++++++
.../SecureBootConfigImpl.c | 37 +++++++++++--------
3 files changed, 55 insertions(+), 34 deletions(-)
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 5d8dbd54..157318b1 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -618,6 +618,7 @@ Done:
@param[in] AuthDataSize Size of the Authenticode Signature in bytes.
@retval EFI_UNSUPPORTED Hash algorithm is not supported.
+ @retval EFI_BAD_BUFFER_SIZE AuthData provided is invalid size.
@retval EFI_SUCCESS Hash successfully.
**/
@@ -629,28 +630,28 @@ HashPeImageByType (
{
UINT8 Index;
- for (Index = 0; Index < HASHALG_MAX; Index++) {
+ //
+ // Check the Hash algorithm in PE/COFF Authenticode.
+ // According to PKCS#7 Definition:
+ // SignedData ::= SEQUENCE {
+ // version Version,
+ // digestAlgorithms DigestAlgorithmIdentifiers,
+ // contentInfo ContentInfo,
+ // .... }
+ // The DigestAlgorithmIdentifiers can be used to determine the hash algorithm in PE/COFF hashing
+ // This field has the fixed offset (+32) in final Authenticode ASN.1 data.
+ // Fixed offset (+32) is calculated based on two bytes of length encoding.
+ //
+ if ((AuthDataSize > 1) && ((*(AuthData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE)) {
//
- // Check the Hash algorithm in PE/COFF Authenticode.
- // According to PKCS#7 Definition:
- // SignedData ::= SEQUENCE {
- // version Version,
- // digestAlgorithms DigestAlgorithmIdentifiers,
- // contentInfo ContentInfo,
- // .... }
- // The DigestAlgorithmIdentifiers can be used to determine the hash algorithm in PE/COFF hashing
- // This field has the fixed offset (+32) in final Authenticode ASN.1 data.
- // Fixed offset (+32) is calculated based on two bytes of length encoding.
+ // Only support two bytes of Long Form of Length Encoding.
//
- if ((*(AuthData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) {
- //
- // Only support two bytes of Long Form of Length Encoding.
- //
- continue;
- }
+ return EFI_BAD_BUFFER_SIZE;
+ }
+ for (Index = 0; Index < HASHALG_MAX; Index++) {
if (AuthDataSize < 32 + mHash[Index].OidLength) {
- return EFI_UNSUPPORTED;
+ continue;
}
if (CompareMem (AuthData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) {
diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml
index ceaaa256..0b24844d 100644
--- a/SecurityPkg/SecurityFixes.yaml
+++ b/SecurityPkg/SecurityFixes.yaml
@@ -34,3 +34,18 @@ CVE_2022_36764:
- Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
links:
- https://bugzilla.tianocore.org/show_bug.cgi?id=4118
+CVE_2024_38797:
+ commit-titles:
+ - "SecurityPkg: Out of bound read in HashPeImageByType()"
+ - "SecurityPkg: Improving HashPeImageByType () logic"
+ - "SecurityPkg: Improving SecureBootConfigImpl:HashPeImageByType () logic"
+ cve: CVE-2024-38797
+ date_reported: 2024-06-04 12:00 UTC
+ description: Out of bound read in HashPeImageByType()
+ note:
+ files_impacted:
+ - SecurityPkg\Library\DxeImageVerificationLib\DxeImageVerificationLib.c
+ - SecurityPkg\VariableAuthenticated\SecureBootConfigDxe\SecureBootConfigImpl.c
+ links:
+ - https://bugzilla.tianocore.org/show_bug.cgi?id=2214
+ - https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
index 0e31502b..02aa142b 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
@@ -2079,30 +2079,35 @@ HashPeImageByType (
{
UINT8 Index;
WIN_CERTIFICATE_EFI_PKCS *PkcsCertData;
+ UINT32 PkcsCertSize;
PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *)(mImageBase + mSecDataDir->Offset);
+ PkcsCertSize = mSecDataDir->SizeOfCert;
- for (Index = 0; Index < HASHALG_MAX; Index++) {
+ //
+ // Check the Hash algorithm in PE/COFF Authenticode.
+ // According to PKCS#7 Definition:
+ // SignedData ::= SEQUENCE {
+ // version Version,
+ // digestAlgorithms DigestAlgorithmIdentifiers,
+ // contentInfo ContentInfo,
+ // .... }
+ // The DigestAlgorithmIdentifiers can be used to determine the hash algorithm in PE/COFF hashing
+ // This field has the fixed offset (+32) in final Authenticode ASN.1 data.
+ // Fixed offset (+32) is calculated based on two bytes of length encoding.
+ //
+ if ((PkcsCertSize > 1) && ((*(PkcsCertData->CertData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE)) {
//
- // Check the Hash algorithm in PE/COFF Authenticode.
- // According to PKCS#7 Definition:
- // SignedData ::= SEQUENCE {
- // version Version,
- // digestAlgorithms DigestAlgorithmIdentifiers,
- // contentInfo ContentInfo,
- // .... }
- // The DigestAlgorithmIdentifiers can be used to determine the hash algorithm in PE/COFF hashing
- // This field has the fixed offset (+32) in final Authenticode ASN.1 data.
- // Fixed offset (+32) is calculated based on two bytes of length encoding.
+ // Only support two bytes of Long Form of Length Encoding.
//
- if ((*(PkcsCertData->CertData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) {
- //
- // Only support two bytes of Long Form of Length Encoding.
- //
+ return EFI_BAD_BUFFER_SIZE;
+ }
+
+ for (Index = 0; Index < HASHALG_MAX; Index++) {
+ if (PkcsCertSize < 32 + mHash[Index].OidLength) {
continue;
}
- //
if (CompareMem (PkcsCertData->CertData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) {
break;
}
--
2.33.0

89
0089-OvmfPkg-AmdSev-Integrate-grub2-x86_64-efi-modules-fr.patch
View File

@ -1,89 +0,0 @@
From ac649358f044a4fa25327cf2ed6db6d35b8bd8be Mon Sep 17 00:00:00 2001
From: hanliyang <hanliyang@hygon.cn>
Date: Fri, 2 Aug 2024 02:06:58 +0800
Subject: [PATCH] OvmfPkg/AmdSev: Integrate grub2 x86_64-efi modules from the
system path to grub.efi which is used to support Full Disk Encryption
The pull request at https://gitee.com/src-openeuler/grub2/pulls/468
added efisecret.mod to the grub2-efi-x64-modules package. Based on this
package, we can build OVMF.fd using AmdSevX64.dsc to support booting a
VM with full disk encryption.
* How to build the OVMF.fd manually:
When we build the OVMF.fd which support full-disk encryption, we
should delete stale grub.efi in the source tree:
$ rm OvmfPkg/AmdSev/Grub/grub.efi
And specify the dsc file:
$ OvmfPkg/build.sh ... -a X64 -p OvmfPkg/AmdSev/AmdSevX64.dsc ...
Signed-off-by: hanliyang <hanliyang@hygon.cn>
---
OvmfPkg/AmdSev/Grub/grub.cfg | 22 +++++++++++++++-------
OvmfPkg/AmdSev/Grub/grub.sh | 3 +--
2 files changed, 16 insertions(+), 9 deletions(-)
diff --git a/OvmfPkg/AmdSev/Grub/grub.cfg b/OvmfPkg/AmdSev/Grub/grub.cfg
index 17be9427..93eea0b4 100644
--- a/OvmfPkg/AmdSev/Grub/grub.cfg
+++ b/OvmfPkg/AmdSev/Grub/grub.cfg
@@ -10,16 +10,12 @@
##
echo "Entering grub config"
-sevsecret
+cryptomount -s efisecret
if [ $? -ne 0 ]; then
echo "Failed to locate anything in the SEV secret area, prompting for password"
+ echo "OR"
+ echo "Failed to mount root securely, retrying with password prompt"
cryptomount -a
-else
- cryptomount -s
- if [ $? -ne 0 ]; then
- echo "Failed to mount root securely, retrying with password prompt"
- cryptomount -a
- fi
fi
set root=
for f in (crypto*); do
@@ -27,6 +23,18 @@ for f in (crypto*); do
set root=$f
set prefix=($root)/boot/grub
break;
+ elif [ -e $f/boot/grub2/grub.cfg ]; then
+ set root=$f
+ set prefix=($root)/boot/grub
+ break;
+ elif [ -e $f/grub/grub.cfg ]; then
+ set root=$f
+ set prefix=($root)/grub
+ break;
+ elif [ -e $f/grub2/grub.cfg ]; then
+ set root=$f
+ set prefix=($root)/grub2
+ break;
fi
done
if [ x$root = x ]; then
diff --git a/OvmfPkg/AmdSev/Grub/grub.sh b/OvmfPkg/AmdSev/Grub/grub.sh
index 99807d72..760a03b8 100644
--- a/OvmfPkg/AmdSev/Grub/grub.sh
+++ b/OvmfPkg/AmdSev/Grub/grub.sh
@@ -42,9 +42,8 @@ GRUB_MODULES="
test
regexp
linux
- linuxefi
reboot
- sevsecret
+ efisecret
"
basedir=$(dirname -- "$0")
--
2.43.0

44
edk2.spec
View File

@ -7,7 +7,7 @@
Name: edk2 Name: edk2
Version: %{stable_date} Version: %{stable_date}
Release: 25 Release: 20
Summary: EFI Development Kit II Summary: EFI Development Kit II
License: BSD-2-Clause-Patent and OpenSSL and MIT License: BSD-2-Clause-Patent and OpenSSL and MIT
URL: https://github.com/tianocore/edk2 URL: https://github.com/tianocore/edk2
@ -137,29 +137,8 @@ patch83: 0083-OvmfPkg-Disable-PcdFirstTimeWakeUpAPsBySipi.patch
patch84: 0084-OvmfPkg-AmdSev-Disable-PcdFirstTimeWakeUpAPsBySipi.patch patch84: 0084-OvmfPkg-AmdSev-Disable-PcdFirstTimeWakeUpAPsBySipi.patch
patch85: 0085-OvmfPkg-AmdSev-fix-BdsPlatform.c-assertion-failure-d.patch patch85: 0085-OvmfPkg-AmdSev-fix-BdsPlatform.c-assertion-failure-d.patch
# Fix CVE-2024-4603
patch86: 0086-Check-DSA-parameters-for-excessive-sizes-before-vali.patch
# Fix CVE-2024-9143
patch87: 0087-Harden-BN_GF2m_poly2arr-against-misuse.patch
# Fix CVE-2024-38797
patch88: 0088-SecurityPkg-Out-of-bound-read-in-HashPeImageByType.patch
# Get grub2 x64 module from CI system path when building OVMF.fd using
# AmdSevX64.dsc, this will enable the OVMF.amdsev.fd to support Full Disk
# Encryption right out of the box.
patch89: 0089-OvmfPkg-AmdSev-Integrate-grub2-x86_64-efi-modules-fr.patch
BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python3-unversioned-command isl BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python3-unversioned-command isl
%ifarch x86_64
# For build OVMF.fd using AmdSevX64.dsc, we need
# mtools mkfs.msdos grub2-mkimage grub2-efi-x64-modules packages
# if we don't touch dummy grub.efi.
BuildRequires: mtools dosfstools grub2-tools grub2-efi-x64-modules
%endif
%description %description
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.
@ -286,9 +265,6 @@ build $BUILD_OPTION
for ovmf_bin in $(ls Build/OvmfX64/*/FV/OVMF*.fd.secure_boot); do for ovmf_bin in $(ls Build/OvmfX64/*/FV/OVMF*.fd.secure_boot); do
mv ${ovmf_bin} $(echo ${ovmf_bin} | sed 's/\.secure_boot//') mv ${ovmf_bin} $(echo ${ovmf_bin} | sed 's/\.secure_boot//')
done done
BUILD_OPTION=$(echo $BUILD_OPTION | sed 's/ -p OvmfPkg\/OvmfPkgX64.dsc/ -p OvmfPkg\/AmdSev\/AmdSevX64.dsc/g')
build $BUILD_OPTION
%endif %endif
%install %install
@ -337,8 +313,6 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
%endif %endif
%ifarch x86_64 %ifarch x86_64
mkdir -p %{buildroot}/usr/share/%{name}/ovmf.amdsev
mv Build/AmdSev/*/FV/OVMF*.fd %{buildroot}/usr/share/%{name}/ovmf.amdsev
mkdir -p %{buildroot}/usr/share/%{name}/ovmf.nosb mkdir -p %{buildroot}/usr/share/%{name}/ovmf.nosb
mv Build/OvmfX64/*/FV/OVMF*.nosb.fd %{buildroot}/usr/share/%{name}/ovmf.nosb mv Build/OvmfX64/*/FV/OVMF*.nosb.fd %{buildroot}/usr/share/%{name}/ovmf.nosb
mkdir -p %{buildroot}/usr/share/%{name}/ovmf mkdir -p %{buildroot}/usr/share/%{name}/ovmf
@ -425,7 +399,6 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
%dir %{_datadir}/%{name} %dir %{_datadir}/%{name}
%{_datadir}/%{name}/ovmf %{_datadir}/%{name}/ovmf
%{_datadir}/%{name}/ovmf.nosb %{_datadir}/%{name}/ovmf.nosb
%{_datadir}/%{name}/ovmf.amdsev
%{_datadir}/qemu/firmware/10-edk2-ovmf-x64-nosb.json %{_datadir}/qemu/firmware/10-edk2-ovmf-x64-nosb.json
%endif %endif
@ -454,21 +427,6 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
%endif %endif
%changelog %changelog
* Mon Apr 28 2025 hanliyang<hanliyang@hygon.cn> - 202308-25
- Build OVMF.fd using AmdSevX64.dsc to support Full Disk Encryption
* Sun Apr 27 2025 huyu<huyu70@h-partners.com> - 202308-24
- fix CVE-2024-38797
* Fri Mar 28 2025 huyu<huyu70@h-partners.com> - 202308-23
- fix CVE-2024-9143
* Tue Mar 18 2025 hanliyang<hanliyang@hygon.cn> - 202308-22
- Add build process that uses OvmfPkg/AmdSev/AmdSevX64.dsc
* Mon Mar 17 2025 huyu<huyu70@h-partners.com> - 202308-21
- fix CVE-2024-4603
* Thu Mar 13 2025 hanliyang<hanliyang@hygon.cn> - 202308-20 * Thu Mar 13 2025 hanliyang<hanliyang@hygon.cn> - 202308-20
- Fix boot failure on OvmfPkg/AmdSev - Fix boot failure on OvmfPkg/AmdSev