From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 39332740038 for ; Fri, 8 Mar 2024 21:11:50 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=HZL8bI7g+fUvRfu5NCWTpa1240h3gsimS51Np1o2P9E=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1709932309; v=1; b=mpWNeclKvT9eO5hVz+u6ctu3FCkvOLYRwNAsLmp/Rms7HJwXG1JldbHe8s2/wqaBwq++A30Y NpfsFODpUUmkozrAYbt1bDavpFXyITPm1XzAN8x/x+bGwtNK9KIdgWvpP32FXMujDZ8mpD1fniU qhoxOBLqn8s+Wpjr/5cU1veTLgoQ1iAt6uGPnfT7/piO/1DrNDaWJdAsrJIZu64HQYjsI4561Hp 2ZVQssOPD3t8BIwHU53jmC9/W6RxSMa8ttAoN55yNms09vRtSDPymEIhlFA5EMlJF1Q8+ZkPuJX aykw9qXptXzRHQxEkZdJGmoZi1X0kpckMGOF+eYnRlQkg== X-Received: by 127.0.0.2 with SMTP id fHq3YY7687511xeEWVjbQgxS; Fri, 08 Mar 2024 13:11:49 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.17]) by mx.groups.io with SMTP id smtpd.web11.4732.1709932308992212107 for ; Fri, 08 Mar 2024 13:11:49 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,11007"; a="4536410" X-IronPort-AV: E=Sophos;i="6.07,110,1708416000"; d="scan'208";a="4536410" X-Received: from fmviesa006.fm.intel.com ([10.60.135.146]) by fmvoesa111.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Mar 2024 13:11:49 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,110,1708416000"; d="scan'208";a="10670280" X-Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by fmviesa006.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 08 Mar 2024 13:11:48 -0800 X-Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 8 Mar 2024 13:11:47 -0800 X-Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Fri, 8 Mar 2024 13:11:47 -0800 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.101) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Fri, 8 Mar 2024 13:11:47 -0800 X-Received: from CO1PR11MB4929.namprd11.prod.outlook.com (2603:10b6:303:6d::19) by PH7PR11MB6332.namprd11.prod.outlook.com (2603:10b6:510:1fc::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.24; Fri, 8 Mar 2024 21:11:45 +0000 X-Received: from CO1PR11MB4929.namprd11.prod.outlook.com ([fe80::e34e:4d18:b93e:c368]) by CO1PR11MB4929.namprd11.prod.outlook.com ([fe80::e34e:4d18:b93e:c368%5]) with mapi id 15.20.7386.005; Fri, 8 Mar 2024 21:11:45 +0000 From: "Michael D Kinney" To: "Kasbekar, Saloni" , Santhosh Kumar V , "devel@edk2.groups.io" CC: Sivaraman Nainar , Raj V Akilan , "Mathews, John" , "Clark-williams, Zachary" , "Kinney, Michael D" Subject: Re: [edk2-devel] [PATCH] NetworkPkg Update Security Patch Thread-Topic: [PATCH] NetworkPkg Update Security Patch Thread-Index: AQHaVolWIo0Mt0+mc02F8U5R/d8I8LD/hOQggC8ISEA= Date: Fri, 08 Mar 2024 13:11:49 -0800 Message-ID: References: <20240203101119.2167-1-santhoshkumarv@ami.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: CO1PR11MB4929:EE_|PH7PR11MB6332:EE_ x-ms-office365-filtering-correlation-id: 6b5c6a57-d45f-402a-e913-08dc3fb45c1d x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: aEQ6TwSUqgP/rAjIznjV/EJhxCAYIUxwuZyZ3xY9vRzcuUduv8F91XpuaCiw8IPTWcUE+tuNbdejtIGbjgUqend7KhahAhlNtaeHXMeIMVJSLYNPtgeHc87LPQkEG62Qgf1/wypEnPt84iGWYp5M3yMRJwt2WfwmCDYGzKRk4Ju67yUnrPt+4DBEF/cOxiUmCG4IcJkk1umx9j6+bPVtFrSzUECpo6gPJBgmbSEKbM9e2nz7EvdCHm0rz6iySc9MKjnMl6R+3y2l+/XRBrGY90mORX1eO++JzmQ0oR96pTjt+Emz/ON9vzO2tYPfNOEpde6c0OERrsMhiTYGjiDfmtmvZkj/ScWxirIVzeMW+oN75yJPD66ux7flb9MFo4VGoaxJKP5znBQpC/PpWdeneMCiqZAm+0MW4MRyVQaPhywxBtzRbls/GKDrhqzJp06LSNCfRqdjk5GHga9q2afwYSt7I4aQiz+qwlEamyk2c5wkT86eS8jAy2IaP1tfRaI8kSaEfjDy4zOlS2eJpWvyxYqQpa8cJ4lLINfgU6dnCGC/8a14BemBB+/I9kVw78WQF7oGLEuR72QMAfF3ge1bkXQ/uI+DN7w9eqjnsp6eQN8btEgpaGShk6xWDpA3Kll9O7VkQ0AhIFZawQdBXs5Few0RRhsUFOnTTdGIhxRv+AKH4n+7B+a4qAuaDX9/+Q+MLdIa4zNxQhojjPSzsLe/K9vz9zBD2hTGTMUJl4rcaVM= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?uvfJ7LOaEBQmtGgMQdp00f1fF/79dKY78bN1O4f/9KtYFxkotV6nA8x5Vl9M?= =?us-ascii?Q?LiWYGToIE2jPe/SW3LBtBc5jb00ASeSroIMbMyNqWsbngWRFqkhDxUqKbUsM?= =?us-ascii?Q?gWobe0Wb2e8stfQ8doKUg+DelOXyypaUIGCgp7vjywIk3z7jX76E9aH2KWNW?= =?us-ascii?Q?YQLNfu5gW5xCUx/he0SCzxPaevqpueGtsA9x8CDdp24nHUciNcMG1Kg4CrGy?= =?us-ascii?Q?wP/8jr3BtvRZSJvnf4x2qSspJMVv1nB0BgC+gc6ZHCMpJKGN8YoUXPSsRU/f?= =?us-ascii?Q?P7WuMCzFRTJEluij74PbTegxF+ZcHFquWI1PjMrqpNME5R9edca8Cgg3MFP8?= =?us-ascii?Q?Ok2b+SEXezrtTAZd5LEte9fhTxXcSnUnK3fBjCt1fb6ZcWFVzLhLeWzDv0ux?= =?us-ascii?Q?gk4rNWyLz10BocCJjmZFLhzBZfxY5CYlWodrYv/FSH5gcuoW63Pl73m89NEL?= =?us-ascii?Q?VO2ZH1T9oMrh+75Gf1c6L6+XSG34MLeJHPUpUx0gyYILKMfSpg/cDQCok4w/?= =?us-ascii?Q?fJZ6PS4q+oWPECqFQTFfYAmsdI17XVSS93Pp6FPFkeQmJndFDJ6CBSQ/HCsC?= =?us-ascii?Q?gvuGb67qtuC074dmAjbzzir5LudxoH8oe/KHZiGSb0NjgZigloA6RqmZ52xG?= =?us-ascii?Q?SX0TescKL7wpVxben7NskgJQ8AEE/jooVwWLoejyTYf310B3wR1HlBmQBZCx?= =?us-ascii?Q?n+Dk84Qk1QC8wA5wY13kxoElYHYRC7aLs9K94G3Xjkv7JTfZsZYhmisaoL2/?= =?us-ascii?Q?m33dVqf58tqtr9WLLD1MSpf6O6yCPs8Td7kO8JE2bjvxm2KZdT3adgeO2FTU?= =?us-ascii?Q?iggYogdld10ju9wfya5jylPofVXQMZtnqqgAid2rzNq+mFOXgXqp7an3KjnP?= =?us-ascii?Q?MswhopEFQ6knpH2nhfORe9HrS4EYbHbqWAI5l81WRZwo0TvT35xKH0N6bX4x?= =?us-ascii?Q?8CCvUdmSA0Wbtr975iChg6iJ1tfumBjdg1DqV9KPPoCA60kkGGlWgjf+Yibz?= =?us-ascii?Q?bMO08ebt+h7UhB9n4T86ww5JBZY1zyF0ozxAbsu6DWbKUKnbz3VTP17tHvWt?= =?us-ascii?Q?H8SMlNTOISRqM+go3XYGRh2OnuO+fP0vu1sBvbvL8e61uU3aAej/pKVGlN8N?= =?us-ascii?Q?0skwTqPXYiXiUaZLI/D5hYOCmBSp2jar0qYl23Ilss3DVlxo+IFGMXxvm67c?= =?us-ascii?Q?MoSnEZqR/k1GvMptDn8WUshlwvQuZ7UBD8npWXhFQ6VP4YFnzVP7tL06g5ir?= =?us-ascii?Q?W/du2A0DzI3xiJpFnC0tlVDh4evTLZieV3PJc+TDJseWuZE5WeRng4FQ9IKP?= =?us-ascii?Q?90IwQtpjZJuUg0Mazh7VCPo7IsEVNVIcZ3Xq6/B7CKWsJ+l21rcQUSpLCfXw?= =?us-ascii?Q?3JaEt8oLfoRDfkW4Uwx1dphNivVdLXoWwTwPQo15xWcucKEJQkT+91Bt5VAp?= =?us-ascii?Q?vuAdwF485y7winDCfnQUw4ee6lR/aA+6KNcFH2K/CHrBODzoN8n8kWoeRrga?= =?us-ascii?Q?APfuuh5Yfp/zRQUTS+KpS4l2j/trQfwSFTyiB995cy9tFhxE/dA4nlQHv1/I?= =?us-ascii?Q?slGEvkKAuCldcTaJa9hBXsrq3AS3sbvLdv5udWxEwgbYsw/Af1q3hiI/0K3y?= =?us-ascii?Q?Mw=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4929.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6b5c6a57-d45f-402a-e913-08dc3fb45c1d X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Mar 2024 21:11:45.1286 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: /ouJBtUbPGQ15e+J9ksRt/4bPxqeGgblaqJPffDUDK6v/q/31J9ZywWsuxaBh05Rg3+e7jwrW88oFHOxN6UIMYXGq6iOEE9a2D03wadVRco= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB6332 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: GWnbWyzrIIkqNls11DILjDzQx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=mpWNeclK; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Acked-by: Michael D Kinney > -----Original Message----- > From: Kasbekar, Saloni > Sent: Wednesday, February 7, 2024 2:58 PM > To: Santhosh Kumar V ; devel@edk2.groups.io > Cc: Sivaraman Nainar ; Raj V Akilan > ; Kinney, Michael D ; > Mathews, John ; Clark-williams, Zachary > > Subject: RE: [PATCH] NetworkPkg Update Security Patch >=20 > Reviewed-by: Saloni Kasbekar >=20 > -----Original Message----- > From: Santhosh Kumar V > Sent: Saturday, February 3, 2024 2:11 AM > To: devel@edk2.groups.io; Santhosh Kumar V > Cc: Sivaraman Nainar ; Raj V Akilan > ; Kinney, Michael D ; > Kasbekar, Saloni ; Mathews, John > ; Clark-williams, Zachary williams@intel.com> > Subject: [PATCH] NetworkPkg Update Security Patch >=20 > Update Security patch for Bug 4541 (Predictable TCP ISNs) >=20 > Cc: Saloni Kasbekar > Cc: Zachary Clark-williams >=20 > Signed-off-by: SanthoshKumar > --- > NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 21 ++++++++++++++------- > NetworkPkg/Library/DxeNetLib/DxeNetLib.inf | 2 +- > NetworkPkg/TcpDxe/TcpDxe.inf | 1 + > NetworkPkg/TcpDxe/TcpMain.h | 1 + > NetworkPkg/TcpDxe/TcpMisc.c | 7 ++++++- > NetworkPkg/TcpDxe/TcpTimer.c | 8 +++++--- > 6 files changed, 28 insertions(+), 12 deletions(-) >=20 > diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c > b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c > index fd4a9e15a8..d3cc8a59d4 100644 > --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c > +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c > @@ -31,6 +31,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include >=20 > #include >=20 > #include >=20 > +#include >=20 >=20 >=20 > #define NIC_ITEM_CONFIG_SIZE (sizeof (NIC_IP4_CONFIG_INFO) + sizeof > (EFI_IP4_ROUTE_TABLE) * MAX_IP4_CONFIG_IN_VARIABLE) >=20 > #define DEFAULT_ZERO_START ((UINTN) ~0) >=20 > @@ -902,14 +903,20 @@ NetRandomInitSeed ( > EFI_TIME Time; >=20 > UINT32 Seed; >=20 > UINT64 MonotonicCount; >=20 > + UINT32 RandomVal; >=20 > + >=20 > + if ( TRUE =3D=3D GetRandomNumber32(&RandomVal)) >=20 > + Seed =3D RandomVal; >=20 > + else >=20 > + { >=20 > + gRT->GetTime (&Time, NULL); >=20 > + Seed =3D (Time.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | > + Time.Second); >=20 > + Seed ^=3D Time.Nanosecond; >=20 > + Seed ^=3D Time.Year << 7; >=20 >=20 >=20 > - gRT->GetTime (&Time, NULL); >=20 > - Seed =3D (Time.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | > Time.Second); >=20 > - Seed ^=3D Time.Nanosecond; >=20 > - Seed ^=3D Time.Year << 7; >=20 > - >=20 > - gBS->GetNextMonotonicCount (&MonotonicCount); >=20 > - Seed +=3D (UINT32)MonotonicCount; >=20 > + gBS->GetNextMonotonicCount (&MonotonicCount); >=20 > + Seed +=3D (UINT32)MonotonicCount; >=20 > + } >=20 >=20 >=20 > return Seed; >=20 > } >=20 > diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf > b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf > index 8145d256ec..2c800b7c00 100644 > --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf > +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf > @@ -43,7 +43,7 @@ > MemoryAllocationLib >=20 > DevicePathLib >=20 > PrintLib >=20 > - >=20 > + RngLib >=20 >=20 >=20 > [Guids] >=20 > gEfiSmbiosTableGuid ## SOMETIMES_CONSUMES > ## SystemTable >=20 > diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf > b/NetworkPkg/TcpDxe/TcpDxe.inf index c0acbdca57..99c093600f 100644 > --- a/NetworkPkg/TcpDxe/TcpDxe.inf > +++ b/NetworkPkg/TcpDxe/TcpDxe.inf > @@ -67,6 +67,7 @@ > DpcLib >=20 > NetLib >=20 > IpIoLib >=20 > + RngLib >=20 >=20 >=20 >=20 >=20 > [Protocols] >=20 > diff --git a/NetworkPkg/TcpDxe/TcpMain.h b/NetworkPkg/TcpDxe/TcpMain.h > index c0c9b7f46e..f94598b6ba 100644 > --- a/NetworkPkg/TcpDxe/TcpMain.h > +++ b/NetworkPkg/TcpDxe/TcpMain.h > @@ -16,6 +16,7 @@ > #include >=20 > #include >=20 > #include >=20 > +#include >=20 >=20 >=20 > #include "Socket.h" >=20 > #include "TcpProto.h" >=20 > diff --git a/NetworkPkg/TcpDxe/TcpMisc.c b/NetworkPkg/TcpDxe/TcpMisc.c > index c93212d47d..4d33dd6ad6 100644 > --- a/NetworkPkg/TcpDxe/TcpMisc.c > +++ b/NetworkPkg/TcpDxe/TcpMisc.c > @@ -516,7 +516,12 @@ TcpGetIss ( > VOID >=20 > ) >=20 > { >=20 > - mTcpGlobalIss +=3D TCP_ISS_INCREMENT_1; >=20 > + UINT32 RandomVal; >=20 > + if ( TRUE =3D=3D GetRandomNumber32(&RandomVal)) >=20 > + mTcpGlobalIss +=3D RandomVal; >=20 > + else >=20 > + mTcpGlobalIss +=3D TCP_ISS_INCREMENT_1; >=20 > + >=20 > return mTcpGlobalIss; >=20 > } >=20 >=20 >=20 > diff --git a/NetworkPkg/TcpDxe/TcpTimer.c > b/NetworkPkg/TcpDxe/TcpTimer.c index 5d2e124977..3370e6b264 100644 > --- a/NetworkPkg/TcpDxe/TcpTimer.c > +++ b/NetworkPkg/TcpDxe/TcpTimer.c > @@ -481,10 +481,12 @@ TcpTickingDpc ( > LIST_ENTRY *Next; >=20 > TCP_CB *Tcb; >=20 > INT16 Index; >=20 > - >=20 > + UINT32 RandomVal; >=20 > mTcpTick++; >=20 > - mTcpGlobalIss +=3D TCP_ISS_INCREMENT_2; >=20 > - >=20 > + if ( TRUE =3D=3D GetRandomNumber32(&RandomVal)) >=20 > + mTcpGlobalIss +=3D RandomVal >=20 > + else >=20 > + mTcpGlobalIss +=3D TCP_ISS_INCREMENT_2; >=20 > // >=20 > // Don't use LIST_FOR_EACH, which isn't delete safe. >=20 > // >=20 > -- > 2.42.0.windows.2 > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is > intended to be read only by the individual or entity to whom it is > addressed or by their designee. If the reader of this message is not > the intended recipient, you are on notice that any distribution of this > message, in any form, is strictly prohibited. Please promptly notify > the sender by reply e-mail or by telephone at 770-246-8600, and then > delete or destroy all copies of the transmission. -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116552): https://edk2.groups.io/g/devel/message/116552 Mute This Topic: https://groups.io/mt/104167647/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-