From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+115092+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id B9E5F7803CD
	for <rebecca@openfw.io>; Mon,  5 Feb 2024 00:54:53 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=xTTRLGHPRsC1EssCaGTBEILZE3y/7T3uJGHxJFnt0kQ=;
 c=relaxed/simple; d=groups.io;
 h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20140610; t=1707094492; v=1;
 b=p0H/jVm8gfgmjcCthtBtGnQhkNlIO2NdywztqN+VJMgxPcAxPeYG9MftLJjik+xk3QCzr0rO
 A5XY1gNcd7f2JxJEp1tjAFelvUkL+sBXuvqyfLmYBIuCDfp8gYhtQRdc31x4Rxn79M/zt+G+LPa
 TFjJCQuTEqDFHb7BoRf4mxw8=
X-Received: by 127.0.0.2 with SMTP id Coq1YY7687511x03QXFqkIkr; Sun, 04 Feb 2024 16:54:52 -0800
X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.100])
 by mx.groups.io with SMTP id smtpd.web10.14491.1706955084611775262
 for <devel@edk2.groups.io>;
 Sat, 03 Feb 2024 02:11:25 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=bpnNdu503h2CVgVSQVefVCUbPqFWR12uDK1JFTv5i4ELseAxdqcVXuiHUg6shh5qsBCBS9l/jrd8TIJ+w6B/z3tmQ4MtuE22aqjZyJ9dQgpTtggqMZnQFepxPGo9Ng5kj6tKhJwxXhJByRRMEXx1FqX2uce1UkN+x4EmgEHv+64Aobe7flpI675F8EPR8DnTwyCnSwtpQAP7RxQzAdyopPP6FUPSOz18gQOAObOz8ckWLCnGIae+BcSKBkAFZL3uu3PzkdR+7vtcbjn8simxCvlYIMfOkW5naiUmOB/JEP5VV4xIalvCEFKn2B2BxSlqoWVJYwZlSmIeXavUBaQ3ww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=uiq0beuvWuOVizf8q5/689dYpLmy9thWhcufCqSrDLM=;
 b=Ex5Hy0ZvRBfHnzonG8O9ZVgXn4J31rA5qIGc5T4sZ/y9iahj9x36E/Cg7r4LgwDkbYI7AZvQEu9cSWngk+YZ5JGZwVHzWMO6A99x6/0CNpYc/KxdAwZ0+nTKHFHSt4jfwGijFjM/ZVxyng+W2rxI/5bz7mj3JDzh25P1ZTOCr3WBsmLaVsAl/G1K26TQ8yuL5L0VGUIPLv48iuVCuQggxhDCoYfaCEaSWxFYLgkuyklkbN71bQIe8sZsqfHaXAT+DUE6ZpbDDv0UW0Ik3Df44Xi/s09AUQ22AjtlnMznRehzhRhc7WWxPmetdFZSYOWg1fZLtAGE/M4pwCVhvrFy3w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=ami.com; dmarc=pass action=none header.from=ami.com; dkim=pass
 header.d=ami.com; arc=none
X-Received: from DS7PR10MB5375.namprd10.prod.outlook.com (2603:10b6:5:3ab::11)
 by CH3PR10MB6762.namprd10.prod.outlook.com (2603:10b6:610:149::21) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.30; Sat, 3 Feb
 2024 10:11:22 +0000
X-Received: from DS7PR10MB5375.namprd10.prod.outlook.com
 ([fe80::90e0:4ebc:4fc8:6678]) by DS7PR10MB5375.namprd10.prod.outlook.com
 ([fe80::90e0:4ebc:4fc8:6678%4]) with mapi id 15.20.7249.027; Sat, 3 Feb 2024
 10:11:22 +0000
From: "Santhosh Kumar V via groups.io" <santhoshkumarv=ami.com@groups.io>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, Santhosh Kumar V
	<santhoshkumarv@ami.com>
CC: Sivaraman Nainar <sivaramann@ami.com>, Raj V Akilan <rajva@ami.com>,
	"michael.d.kinney@intel.com" <michael.d.kinney@intel.com>,
	"saloni.kasbekar@intel.com" <saloni.kasbekar@intel.com>,
	"john.mathews@intel.com" <john.mathews@intel.com>, Zachary Clark-williams
	<zachary.clark-williams@intel.com>
Subject: [edk2-devel] [PATCH] NetworkPkg Update Security Patch
Thread-Topic: [PATCH] NetworkPkg Update Security Patch
Thread-Index: AQHaVolWIo0Mt0+mc02F8U5R/d8I8A==
Date: Sat, 3 Feb 2024 10:11:22 +0000
Message-ID: <20240203101119.2167-1-santhoshkumarv@ami.com>
Accept-Language: en-US, en-IN
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DS7PR10MB5375:EE_|CH3PR10MB6762:EE_
x-ms-office365-filtering-correlation-id: aa6a2f31-517e-42aa-fb5f-08dc24a078e4
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam-message-info: 
 GSXkFVgc/zRUJYnbRUM417qtorqXtPrwgmj4YZ+XQc5GeHGqiykFx/FPrqGxrjajx1RKeiG2HagpaxHsnJKojQpfBtjqKZD+eDakohTP2yAi0oxbx6nOpnv1fcOn5hjC+8sf95vAQaawHY71FKmRbmGR3S+m+kKh4YTgdbwQmoyN2lX8Z5tXN0cYOq+7v7ReNYZfQ4xGGTx3zibdh0eX1xY7zGWXvTYzKgdTtEzauvPQLxxEvM4OhhUJbwPwrxW/Zl0+9rG7WxEE+4pWjy63rAhgCNCTQ3ad26qM2yLqJmWL+i7hxo21qLoGZOC76nHLFZwxjG6jUGQrWyr28YmVm/+zM+oI7vzE5obnJsBRIM6EZA6otJK52JqDINn3VbhXLJQPJeI++o+o40qPeqNKDoYzyl9n0RPQohbBgGKQ+f/EGE4PkDNANzgnP47Xkg1Kpq2bI5IZ2iUZgYwrOHmFFmd5Dd14LY4js/E1zF12uvnmY19Xo3EKAppu9HcXA4OixJDXCcmXiIlGnkLNKmUrAOy4H//kpTLHKptZwqOKeYuiyGXoCflPs9Pn5rKK9Cjgy93G6Tf3QYqXWnFMf9SIirJNQgbdtr98GR7gHtUehANg7k6R1jW1z50br68Ha+G2
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 
 =?iso-8859-1?Q?sfqg7CJIuIofP4UUC6wDol0uT84o1BOHyo01Q2eoeBenXzAFBtWW1DVuy2?=
 =?iso-8859-1?Q?fZtBuUIakLQipbVO+wJglYjM413jRf0AWi+Gq8Sh8bOPyv2ASPAuHkKsXn?=
 =?iso-8859-1?Q?hlxOP3JoeJ400uo4C/jK0O/p6VTMZ3j1rjgoEt7oZ37DQV9BYSKGt9us6t?=
 =?iso-8859-1?Q?NrNHD//lnqwPhYxAzi2sKYDn600U6n20aeLUyyQgCXcpFC/7tIun77//iu?=
 =?iso-8859-1?Q?BQ/fQgNFm/oDg5nzvYho4plIDHBcyQiyIu8V3XDZWuGbH2dUc1NMWu7g/N?=
 =?iso-8859-1?Q?wv1OeA4r2gC+rHsZpR+cj2WhXl9nkyJN/W0XwoUMx6IfGPDkpWd5ykFuSm?=
 =?iso-8859-1?Q?o3D/T0VlGsAZ6JVk+xQsHDidK7vbhUvnXP/g9Oh15GXJyXdjofLKJ4Tdv0?=
 =?iso-8859-1?Q?NkwzaOX+E+KU0yKajnfpj39zHm9963S0Eo0ge9txVhlPdKRuul+SGROEnq?=
 =?iso-8859-1?Q?B/lXxNku6ell5dZp1AQCMobYkXFqAE0tI477qbb8TKoW+PrJe34qHvCko4?=
 =?iso-8859-1?Q?D/Ced8grMuGKcIKmIqFwPkcc75UsVSa46oWZDCnkRE764uaXfUYcN/YGDw?=
 =?iso-8859-1?Q?+LYJtD6/bNcsqH3wfa5+xQjOVX8N1P7jfT8yRsiTwaTxXaoDCCtZEsM+a6?=
 =?iso-8859-1?Q?dcFTH4Gl5q4ZTyaJpWDnqCK/tRHcbh03qOMX1l/J1DAkiGqvKz6z+tgyPs?=
 =?iso-8859-1?Q?8/gf9KBc5E0l2dlYG/nTX0wUbgqkr8EzQBnCDFMEyhVPaj1dXgXnboPmqC?=
 =?iso-8859-1?Q?1ymTCzu/OlbA/QHaA7+t6SJRpQBdSN4w3L303x6v/XeNf1kwWLdz3zCDmN?=
 =?iso-8859-1?Q?xO7rfsqYGNbN33KNqTqDwDlTq5dXxVALUILE1mYCzSyCRWVW6irIWBHr5w?=
 =?iso-8859-1?Q?Zhk1XKnjrwBcKT9Z5GunnjIvR1tXlSpqqQ0FOjrHbbgM6HyiAERS3Pfbcz?=
 =?iso-8859-1?Q?EvvCWLOKqHzguILHdf3R6hzqmcnM2ThPI29nWiqy5MeYPm/4DBdTm+W9wZ?=
 =?iso-8859-1?Q?0M4KbkBTY3yRKpg+zYTAlfjuuUEQlYopdlvkQQOovyzVU/mhS6af72dbHP?=
 =?iso-8859-1?Q?T9NoPNvv+6ve16Sv4pZxKvV4lhs3JWsAl+wUbj0gaW0hK3pP+3c8I3K8rQ?=
 =?iso-8859-1?Q?s/gr9p3khgHQ0oAMMqyqrzVYyyNs0TwXpYkZEGCMd3ycJMX7nBAHZlviuh?=
 =?iso-8859-1?Q?A2ZNZ3o34GRIcTnvjlNkkBTn4PDxW5ZAaMzm7dsWxPjMC3d6Lva2D3LuKm?=
 =?iso-8859-1?Q?QvXl6GMuVKMvPYP18FIvwOGtwOUcPGqNz5AUik7JxQ6TCgzZaPNzYQW7Oh?=
 =?iso-8859-1?Q?K2eD3v3oUACArK6vp7o2EVMzeVPeuig2Vkdv024MLrlwC1deNZbwGYT016?=
 =?iso-8859-1?Q?viULoQXtkV+ltJdSZqOPN1hde/O+w78HOXc3BUxv+QsjPtPHA1MuNkc7GN?=
 =?iso-8859-1?Q?d7enaR3sr3GvNJgKI7xsxREoqyLlDgP4kAVa6oBUdbsI1CXPzdO2PLWseQ?=
 =?iso-8859-1?Q?K4i4hskKIQx41s+d9d6ZCB07udk0UWnY/idGQyL3R/RqLYMvAid8hooyGs?=
 =?iso-8859-1?Q?XXdwMMQC1PdkrRYu5PgUwgTIQHNDTB0WFYCu+vvqw5FFCAbvnYUZ41lw9a?=
 =?iso-8859-1?Q?RpqqUO/Tp4NbSMrKPPHKHpPDRcgbWwK1YycPL7PUdnK3xHISEVdkMuCA?=
 =?iso-8859-1?Q?=3D=3D?=
MIME-Version: 1.0
X-OriginatorOrg: ami.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DS7PR10MB5375.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: aa6a2f31-517e-42aa-fb5f-08dc24a078e4
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Feb 2024 10:11:22.0844
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 27e97857-e15f-486c-b58e-86c2b3040f93
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: N1z5Jg3ny2OT0DM5fxZuB8mMT0n7ikuC+RJlX9V27IpsBRocojilIp9dGps7OE6lDLKMKqScHAze2LXu9XyS0Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR10MB6762
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,santhoshkumarv@ami.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: makxWyRHq2Qba2DKn1sd1DX0x7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b="p0H/jVm8";
	arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}");
	dmarc=none;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

Update Security patch for Bug 4541 (Predictable TCP ISNs)

Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>

Signed-off-by: SanthoshKumar <santhoshkumarv@ami.com>
---
 NetworkPkg/Library/DxeNetLib/DxeNetLib.c   | 21 ++++++++++++++-------
 NetworkPkg/Library/DxeNetLib/DxeNetLib.inf |  2 +-
 NetworkPkg/TcpDxe/TcpDxe.inf               |  1 +
 NetworkPkg/TcpDxe/TcpMain.h                |  1 +
 NetworkPkg/TcpDxe/TcpMisc.c                |  7 ++++++-
 NetworkPkg/TcpDxe/TcpTimer.c               |  8 +++++---
 6 files changed, 28 insertions(+), 12 deletions(-)

diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/=
DxeNetLib/DxeNetLib.c
index fd4a9e15a8..d3cc8a59d4 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
@@ -31,6 +31,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/DevicePathLib.h>

 #include <Library/PrintLib.h>

 #include <Library/UefiLib.h>

+#include <Library/RngLib.h>



 #define NIC_ITEM_CONFIG_SIZE  (sizeof (NIC_IP4_CONFIG_INFO) + sizeof (EFI_=
IP4_ROUTE_TABLE) * MAX_IP4_CONFIG_IN_VARIABLE)

 #define DEFAULT_ZERO_START    ((UINTN) ~0)

@@ -902,14 +903,20 @@ NetRandomInitSeed (
   EFI_TIME  Time;

   UINT32    Seed;

   UINT64    MonotonicCount;

+  UINT32    RandomVal;

+

+  if ( TRUE =3D=3D GetRandomNumber32(&RandomVal))

+    Seed =3D RandomVal;

+  else

+  {

+    gRT->GetTime (&Time, NULL);

+    Seed  =3D (Time.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | Time.=
Second);

+    Seed ^=3D Time.Nanosecond;

+    Seed ^=3D Time.Year << 7;



-  gRT->GetTime (&Time, NULL);

-  Seed  =3D (Time.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | Time.Se=
cond);

-  Seed ^=3D Time.Nanosecond;

-  Seed ^=3D Time.Year << 7;

-

-  gBS->GetNextMonotonicCount (&MonotonicCount);

-  Seed +=3D (UINT32)MonotonicCount;

+    gBS->GetNextMonotonicCount (&MonotonicCount);

+    Seed +=3D (UINT32)MonotonicCount;

+  }



   return Seed;

 }

diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf b/NetworkPkg/Librar=
y/DxeNetLib/DxeNetLib.inf
index 8145d256ec..2c800b7c00 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
@@ -43,7 +43,7 @@
   MemoryAllocationLib

   DevicePathLib

   PrintLib

-

+  RngLib



 [Guids]

   gEfiSmbiosTableGuid                           ## SOMETIMES_CONSUMES  ## =
SystemTable

diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
index c0acbdca57..99c093600f 100644
--- a/NetworkPkg/TcpDxe/TcpDxe.inf
+++ b/NetworkPkg/TcpDxe/TcpDxe.inf
@@ -67,6 +67,7 @@
   DpcLib

   NetLib

   IpIoLib

+  RngLib





 [Protocols]

diff --git a/NetworkPkg/TcpDxe/TcpMain.h b/NetworkPkg/TcpDxe/TcpMain.h
index c0c9b7f46e..f94598b6ba 100644
--- a/NetworkPkg/TcpDxe/TcpMain.h
+++ b/NetworkPkg/TcpDxe/TcpMain.h
@@ -16,6 +16,7 @@
 #include <Library/IpIoLib.h>

 #include <Library/DevicePathLib.h>

 #include <Library/PrintLib.h>

+#include <Library/RngLib.h>



 #include "Socket.h"

 #include "TcpProto.h"

diff --git a/NetworkPkg/TcpDxe/TcpMisc.c b/NetworkPkg/TcpDxe/TcpMisc.c
index c93212d47d..4d33dd6ad6 100644
--- a/NetworkPkg/TcpDxe/TcpMisc.c
+++ b/NetworkPkg/TcpDxe/TcpMisc.c
@@ -516,7 +516,12 @@ TcpGetIss (
   VOID

   )

 {

-  mTcpGlobalIss +=3D TCP_ISS_INCREMENT_1;

+  UINT32        RandomVal;

+  if ( TRUE =3D=3D GetRandomNumber32(&RandomVal))

+    mTcpGlobalIss +=3D RandomVal;

+  else

+    mTcpGlobalIss +=3D TCP_ISS_INCREMENT_1;

+

   return mTcpGlobalIss;

 }



diff --git a/NetworkPkg/TcpDxe/TcpTimer.c b/NetworkPkg/TcpDxe/TcpTimer.c
index 5d2e124977..3370e6b264 100644
--- a/NetworkPkg/TcpDxe/TcpTimer.c
+++ b/NetworkPkg/TcpDxe/TcpTimer.c
@@ -481,10 +481,12 @@ TcpTickingDpc (
   LIST_ENTRY  *Next;

   TCP_CB      *Tcb;

   INT16       Index;

-

+  UINT32        RandomVal;

   mTcpTick++;

-  mTcpGlobalIss +=3D TCP_ISS_INCREMENT_2;

-

+  if ( TRUE =3D=3D GetRandomNumber32(&RandomVal))

+    mTcpGlobalIss +=3D RandomVal

+  else

+    mTcpGlobalIss +=3D TCP_ISS_INCREMENT_2;

   //

   // Don't use LIST_FOR_EACH, which isn't delete safe.

   //

--
2.42.0.windows.2
-The information contained in this message may be confidential and propriet=
ary to American Megatrends (AMI). This communication is intended to be read=
 only by the individual or entity to whom it is addressed or by their desig=
nee. If the reader of this message is not the intended recipient, you are o=
n notice that any distribution of this message, in any form, is strictly pr=
ohibited. Please promptly notify the sender by reply e-mail or by telephone=
 at 770-246-8600, and then delete or destroy all copies of the transmission=
.


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115092): https://edk2.groups.io/g/devel/message/115092
Mute This Topic: https://groups.io/mt/104167647/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-