From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id B2FD2941DF1 for ; Thu, 1 Feb 2024 23:04:57 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=jOZ9j1+oAB2wmFZB5F2OBLUmWJVeunqFUl5VzFJ4diA=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1706828696; v=1; b=Qoap/wO3JS0PnIKd1ao0tsNsat5Z0DoudUQwkMEVZDhDma0eDYoB7kRF2Cn3ipa9b3ReY79G zWHtEYaOpTvChVgYGTUpVfat5DGT9oBO+rHwSeS0lvFsPoLSo+WsL53s1CzFM+Y5QNmhrtez1/J m7VBSzF65vdGBJEwwHDYGeDY= X-Received: by 127.0.0.2 with SMTP id a61yYY7687511xiHol6V9vPd; Thu, 01 Feb 2024 15:04:56 -0800 X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.100]) by mx.groups.io with SMTP id smtpd.web10.12572.1706783589173972244 for ; Thu, 01 Feb 2024 02:33:09 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FRLwWmj+n01gzMpaaBh7+4QjHXfiWL1oCnasvZwpk5Uei2KchD3H5x92hfaKZx09e0ql81LeHv4wkM5d9LX0dnPAStzI5MhivNACtgRzy2kYdBXp94qbLZ2McpriWBlrdrLyT9hamiu6wTjukOtIp1Nz209IW6yj5E+V4oOHLWz3JOJjNGb7qmTyQPIbcbWETSp4ZxguUWvBJiiLzACm7R9f4xbELh+AfD2JrUXjLoycX5Q2eZiOxX4jv3qBaDSadPttoJqDWREbpqfugBF1n9P7JMmNRT0It63V/LUtUwUT3XMY6rjAclRyxnDonUFOzz6tj/RlPxtIPVPCcvQcRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OJqbC0dtlWzzeY8xIxzbVNEl+4pU5/6GzqUMhFIv7UA=; b=YuqDc6JL0NrEwdM0vS08TzrlhF/3kH0XR3ql9Z5h4gF3zR/ar4xHkUvyhAItDGJRXAQpz0k8yOsOAldggw7D/6vbIRHLJ1Twzw+fE02yh1Pf3kOsljbKIHe63bjfPqgAI63vuLu9PgyN2jmYI5d3HR9xDVpq6E61iEQ77klo2H9ej4JbrGoWENSUBPXEff+8iUeIzhIqG4l/B04cYnOXrbLORAf/0utS/55sgAlU9MFmAGUcy6aUPXHZ8h2toNL+Atzp2i/mO+lK+V0R8bdygcU/xzR3eE7fziAUnoTmSPgJfXKdk5XOKmOJoyfZQff7g2aEAEDIxaoCuYAnGOYHjQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ami.com; dmarc=pass action=none header.from=ami.com; dkim=pass header.d=ami.com; arc=none X-Received: from DS7PR10MB5375.namprd10.prod.outlook.com (2603:10b6:5:3ab::11) by BLAPR10MB5377.namprd10.prod.outlook.com (2603:10b6:208:320::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.29; Thu, 1 Feb 2024 10:33:04 +0000 X-Received: from DS7PR10MB5375.namprd10.prod.outlook.com ([fe80::90e0:4ebc:4fc8:6678]) by DS7PR10MB5375.namprd10.prod.outlook.com ([fe80::90e0:4ebc:4fc8:6678%4]) with mapi id 15.20.7249.025; Thu, 1 Feb 2024 10:33:04 +0000 From: "Santhosh Kumar V via groups.io" To: "devel@edk2.groups.io" , Santhosh Kumar V CC: Sivaraman Nainar , Raj V Akilan , "john.mathews@intel.com" Subject: [edk2-devel] [PATCH] NetworkPkg:Update Security Fix Thread-Topic: [PATCH] NetworkPkg:Update Security Fix Thread-Index: AQHaVPoJEjSLIImayESO/35xlOk8GQ== Date: Thu, 1 Feb 2024 10:33:03 +0000 Message-ID: <20240201103301.673-1-santhoshkumarv@ami.com> Accept-Language: en-US, en-IN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: DS7PR10MB5375:EE_|BLAPR10MB5377:EE_ x-ms-office365-filtering-correlation-id: 194f45d5-1cb5-4502-671b-08dc23112be2 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: xcwUmmaq/vWkkKOqscqhB+gFuWVV5n49zyol7sd/wfC2yjZ+eU2BTEG+Fda862EEoWvHAht8v5l0Ha4oKvp5rMx/f1seJN+KYirrEKkbFWmAQKEv+6yytJt7Olgtfhjc3pGEqh4BZ776H9r/ORnvushwrgiEAFiurxwKO8vhpax1rKq/ojM5ljp6lhUWyRE216rxltbr/fepjcBUyjfYUBMlw7X2glZsS5aECOx7WB+UVVFOA+8IH0meXUgocIJzq0zmqp99jBs8x3lqpWQKwkJ4xeWL5YlGWhoR2Eincg0T93pDNVdNcWmUzC26eABTzzFsa5m9+AkhCSqssUA1eiNpGX2u1v1/TD64Qfy1PtJjEhw+D3Nwq+XptaEj3lA5UKh+z+7aKcdqHBHkmGFi6JKqb/HifJtrszJGJL2Ww1G0W7NiptzuE1O+oFFWZg7ZSrncdmH8ehDJpGCumbdoQBV9H7O56jT9+Grzt/uAyVt49x1OadMl5VIvj2r1x2dTLbSFD/cat4hrsmnQoO+TDluLFkVetIGRSDyL0BqEzV9CjPC2GHJ0ivSqVo46wG3XeG/efNJeYHADMYdDhnxfCOXgF4NtFWsmuE8sD5DsEb6w7uM49E9qT9QkZYn7ye+c x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?eNULjqvhAQ5+5bIwFYUBxTq3s0APOwrG3PFCXeUqudNQSno03IxoFXZ8+H?= =?iso-8859-1?Q?q8OxM3c/22RxYxiarOZegXa5mLuOpEBrAD3YeZrmODvwz/0B9HAJbpwBnd?= =?iso-8859-1?Q?+PtT7/ctkBi13T/lgQih8Nbg41lgaB67Bmz9xy5h6OtwyIMx1P0sDpc4Rn?= =?iso-8859-1?Q?PONj33XuIjMrh06+l8vUJ7EWNjfZa/AMhj11KasLwzqOWf20B+B4GN/8gj?= =?iso-8859-1?Q?iBT85jWtUmq+6Qdh0sPP1rw3KtZu9UicUwFWLX3jkiqMN3FtJttjaDbm6e?= =?iso-8859-1?Q?uxcxDZb/GVxE8dfDO8II7BJ7SvpnI6HQAsT4NWVpBIrkjnZyNUyIyHq8Wk?= =?iso-8859-1?Q?WvygRtHwr1ZHhzm/1xDRUXAM8AJSFGW87tB5db+mZ2sj9aoGDAJQtTdAVM?= =?iso-8859-1?Q?PrvoKDd6aLAL0X9RMZ9dRyCoC7Bqyq+BC85zsUTzslf9j5bU5J5JBBkVzc?= =?iso-8859-1?Q?9DOypASZUcv/xc/K6AEjIU1YxzeJ+qjlicKxEtW0xyi/UaNs1DN9PUDd/L?= =?iso-8859-1?Q?rGI0X8djOWhVjNxbKO+ha1jxvm+pmeUj+YVTm9SjZStFFZZnZC/Mpx2VAx?= =?iso-8859-1?Q?yllE73/PmNah/3UXGwrG/OUAl+r0ChfpIRiJmcdPn3632NslxAEn223Jyr?= =?iso-8859-1?Q?KsWxGSl/CfhliCORMlVQAzU+doZTrb8t90YCZaKbCZEcIotjqOZNeDl2Sq?= =?iso-8859-1?Q?t1enwPwIO26QjgjbvWnZVk0mGJR4C7tCN1v+xojEg6HdL6Neov7iavNzl+?= =?iso-8859-1?Q?wUtd6xDXYDJflHzyBR5WNeC6Tv8sX7PQxaIP6Yn54rFzdQVwLtCrK/iavt?= =?iso-8859-1?Q?4SlNtdLSvbFENV6i+33m9oSrvhgCtJWQDSTdU4m58fTsyPt/6JYWcW9ODS?= =?iso-8859-1?Q?nQloePrLiiUg7tIGlXeIK8HWhg8Rd0DxxBic9U0PBFkEsqL/E41JDdCf+c?= =?iso-8859-1?Q?KTH222VScn9r8UHGY4I+CR6bw7PqkkGTE7ZJGVS90B08z+e5MwJHv29BAK?= =?iso-8859-1?Q?uPeVnTf8Tv8FOaKIF8PXzu4moZZnGjVZhIqH3w/5f+0p9uE7QB6t8TuO1s?= =?iso-8859-1?Q?j/+5RXILoQiHK5FbT1rXUUR20/zN9IWKhk0v2dOC2fYz+ArSjCPyGYd17K?= =?iso-8859-1?Q?9MIb6MghEngODmDt+b8yqjgaed/9qT01OjBulc/4bljoTPZbXB0CpimnNl?= =?iso-8859-1?Q?8pnL6qvrzlmvTAhjmqPmHa53CkRj4GLJFdbKmNxOf0J1DhSwJGeP+rsaFY?= =?iso-8859-1?Q?50jZTbTMjG74OyogjWwbYsZkUwBK76g13ArY3xgZPH2fO8q7HLMkmQdBw7?= =?iso-8859-1?Q?CLwEeAacb+hHozPex+PtM3JPFXPEVN2XnDMYdSLQ++3+ivAkDx8bYRXLYf?= =?iso-8859-1?Q?EPU1qgrOh6scQVepOI/qbl/caUb1+toZ9aXdZNW8+fn2sXYyKF8LtxqP+y?= =?iso-8859-1?Q?dxZbtHCY7prz8EVxO0CQLkpgJ8tYCR3Gc8bn/DsVZxfIXcbrqEZKqZqsYQ?= =?iso-8859-1?Q?jn5GRSEgYrhblXb/OrjpCo6/32/HIDB6x/qoVFQigkD8Miuc8PcHW7j8cl?= =?iso-8859-1?Q?As1QYeCDoFbxOwhLzqd9vkxPUrCUKSpNi7JTPvVvLAM/wqPm4G3zbg6dvj?= =?iso-8859-1?Q?o/JtI4kyNoVB1JipRpfTQVx6X6jLZVsyibt4OVjf8HPj6FDoe/F+2g7g?= =?iso-8859-1?Q?=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: ami.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DS7PR10MB5375.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 194f45d5-1cb5-4502-671b-08dc23112be2 X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Feb 2024 10:33:03.6927 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 27e97857-e15f-486c-b58e-86c2b3040f93 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: OKIt+5du2tiqM/Zn5SflfeQWyIC7iWkMmkmpW5TL8JUfwZYB+Su3xizjP7kzwmibiV/VGWOJRirCCq7ZhPRI0Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLAPR10MB5377 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,santhoshkumarv@ami.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: M97Xxr37K9r2xZ3ARByu5F51x7686176AA= Content-Language: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b="Qoap/wO3"; dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Update Security patch for Bug 4541 (Predictable TCP ISNs) Signed-off-by: SanthoshKumar --- NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 21 ++++++++++++++------- NetworkPkg/Library/DxeNetLib/DxeNetLib.inf | 2 +- NetworkPkg/TcpDxe/TcpDxe.inf | 1 + NetworkPkg/TcpDxe/TcpMain.h | 1 + NetworkPkg/TcpDxe/TcpMisc.c | 7 ++++++- NetworkPkg/TcpDxe/TcpTimer.c | 8 +++++--- 6 files changed, 28 insertions(+), 12 deletions(-) diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/= DxeNetLib/DxeNetLib.c index fd4a9e15a8..d3cc8a59d4 100644 --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c @@ -31,6 +31,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #define NIC_ITEM_CONFIG_SIZE (sizeof (NIC_IP4_CONFIG_INFO) + sizeof (EFI_= IP4_ROUTE_TABLE) * MAX_IP4_CONFIG_IN_VARIABLE) #define DEFAULT_ZERO_START ((UINTN) ~0) @@ -902,14 +903,20 @@ NetRandomInitSeed ( EFI_TIME Time; UINT32 Seed; UINT64 MonotonicCount; + UINT32 RandomVal; + + if ( TRUE =3D=3D GetRandomNumber32(&RandomVal)) + Seed =3D RandomVal; + else + { + gRT->GetTime (&Time, NULL); + Seed =3D (Time.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | Time.= Second); + Seed ^=3D Time.Nanosecond; + Seed ^=3D Time.Year << 7; - gRT->GetTime (&Time, NULL); - Seed =3D (Time.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | Time.Se= cond); - Seed ^=3D Time.Nanosecond; - Seed ^=3D Time.Year << 7; - - gBS->GetNextMonotonicCount (&MonotonicCount); - Seed +=3D (UINT32)MonotonicCount; + gBS->GetNextMonotonicCount (&MonotonicCount); + Seed +=3D (UINT32)MonotonicCount; + } return Seed; } diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf b/NetworkPkg/Librar= y/DxeNetLib/DxeNetLib.inf index 8145d256ec..2c800b7c00 100644 --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf @@ -43,7 +43,7 @@ MemoryAllocationLib DevicePathLib PrintLib - + RngLib [Guids] gEfiSmbiosTableGuid ## SOMETIMES_CONSUMES ## = SystemTable diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf index c0acbdca57..99c093600f 100644 --- a/NetworkPkg/TcpDxe/TcpDxe.inf +++ b/NetworkPkg/TcpDxe/TcpDxe.inf @@ -67,6 +67,7 @@ DpcLib NetLib IpIoLib + RngLib [Protocols] diff --git a/NetworkPkg/TcpDxe/TcpMain.h b/NetworkPkg/TcpDxe/TcpMain.h index c0c9b7f46e..f94598b6ba 100644 --- a/NetworkPkg/TcpDxe/TcpMain.h +++ b/NetworkPkg/TcpDxe/TcpMain.h @@ -16,6 +16,7 @@ #include #include #include +#include #include "Socket.h" #include "TcpProto.h" diff --git a/NetworkPkg/TcpDxe/TcpMisc.c b/NetworkPkg/TcpDxe/TcpMisc.c index c93212d47d..4d33dd6ad6 100644 --- a/NetworkPkg/TcpDxe/TcpMisc.c +++ b/NetworkPkg/TcpDxe/TcpMisc.c @@ -516,7 +516,12 @@ TcpGetIss ( VOID ) { - mTcpGlobalIss +=3D TCP_ISS_INCREMENT_1; + UINT32 RandomVal; + if ( TRUE =3D=3D GetRandomNumber32(&RandomVal)) + mTcpGlobalIss +=3D RandomVal; + else + mTcpGlobalIss +=3D TCP_ISS_INCREMENT_1; + return mTcpGlobalIss; } diff --git a/NetworkPkg/TcpDxe/TcpTimer.c b/NetworkPkg/TcpDxe/TcpTimer.c index 5d2e124977..3370e6b264 100644 --- a/NetworkPkg/TcpDxe/TcpTimer.c +++ b/NetworkPkg/TcpDxe/TcpTimer.c @@ -481,10 +481,12 @@ TcpTickingDpc ( LIST_ENTRY *Next; TCP_CB *Tcb; INT16 Index; - + UINT32 RandomVal; mTcpTick++; - mTcpGlobalIss +=3D TCP_ISS_INCREMENT_2; - + if ( TRUE =3D=3D GetRandomNumber32(&RandomVal)) + mTcpGlobalIss +=3D RandomVal + else + mTcpGlobalIss +=3D TCP_ISS_INCREMENT_2; // // Don't use LIST_FOR_EACH, which isn't delete safe. // -- 2.42.0.windows.2 -The information contained in this message may be confidential and propriet= ary to American Megatrends (AMI). This communication is intended to be read= only by the individual or entity to whom it is addressed or by their desig= nee. If the reader of this message is not the intended recipient, you are o= n notice that any distribution of this message, in any form, is strictly pr= ohibited. Please promptly notify the sender by reply e-mail or by telephone= at 770-246-8600, and then delete or destroy all copies of the transmission= . -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114980): https://edk2.groups.io/g/devel/message/114980 Mute This Topic: https://groups.io/mt/104108873/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-