From the two CVE patches there should be no functional differences to a platform assuming the platform provides them with a RNG implementation and HASH2 implementation. 

The "NetworkPkg:: SECURITY PATCH CVE-2023-45237" change simply get's it's random numbers from outside of the NetworkPkg and makes it a platform decision.
The "NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236" changes how the TCP Isn number is generated and puts the platform in compliance with the relevant specification. 

There is a functional change with  "SecurityPkg: RngDxe: Remove incorrect limitation on GetRng" as this will now allow a caller to call less than 32 bytes. 

The other changes are unit tests and platform integration changes.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118768): https://edk2.groups.io/g/devel/message/118768
Mute This Topic: https://groups.io/mt/105998004/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-