From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 1590D7803CC for ; Fri, 2 Feb 2024 19:23:43 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=4pLcw0PnfC+1TPUhmXVCRmIPJMbef2ZahS5EIhuu3gc=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1706901822; v=1; b=v+tlZZ35jPG6sKgoP7dxjhjyD2ro0odgkIdh9J+aq/EPRFrN5NyDLB38rDFHtFiPgg7freQu x3dcqeFLu6AyL6gfTwrEuGO3AdbQkWFpUr/X+G6WxB+b0TSTO/+I72Jr4DV6oTg6phDx1z6Lgqt thV2v6PPiW6xwmWxYPLSjDKM= X-Received: by 127.0.0.2 with SMTP id LgHMYY7687511xkqGWAogg9w; Fri, 02 Feb 2024 11:23:42 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.8]) by mx.groups.io with SMTP id smtpd.web11.1258.1706901821367769574 for ; Fri, 02 Feb 2024 11:23:41 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10971"; a="17750824" X-IronPort-AV: E=Sophos;i="6.05,238,1701158400"; d="scan'208";a="17750824" X-Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmvoesa102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Feb 2024 11:23:40 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10971"; a="823285456" X-IronPort-AV: E=Sophos;i="6.05,238,1701158400"; d="scan'208";a="823285456" X-Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orsmga001.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 02 Feb 2024 11:23:40 -0800 X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 2 Feb 2024 11:23:39 -0800 X-Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Fri, 2 Feb 2024 11:23:39 -0800 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.168) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Fri, 2 Feb 2024 11:23:39 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jFHghxC8O4LicJpbGunVhoxPXsc7uVDLfEgUZg4I5PKIZTn/oKN3gOaMEEfTZOY2vStCeB+pg8t8GiOU/BU58+dCMq9aHCVA0e8k35ffL/cS/2mnR6aLFf7j/ARDvNRdInv2EUyIp/O42F/CYkmixjKq7K3N4wnzrPFzoJuGEhLpwRU3HiYkjDJGwb1zApV4Q+Ghm0+yBQMhCX1IZOZVwO1WwuVxTyUkmggWmOHCBKQtxlKPuWBs0I79DpISqhHTbUujT9d+6qroWqKm/rfgeUES6mkN0V069WDToNFPf1Jxf2zPqS4JALKxGaYAAADvdC8PSKM9lHQX2JUJQNqyDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IK1i+mXdLgUCCzhgc9ycxqqsjryRsZKNrN/VOSBhlyQ=; b=lJSfBke9lgCXXAReJd6Y67YprDJAhbU7HZY9wcFke63yEAA20nd1sAdXVWwIvhi/ovQCagD3N1Vmd2kcEJOa8HXCmOnBOnTRm5TabHLS8fLhfW8lq9H7IHmRQylnoaT//HTexPLchDR53Lx+D9CMGeQhopSnW6CfhWpGpFs72AypdfV5K3lrzQC0ZtCmEGv4GolWLwm2d5q1Ksy7UK2n3e1LeSP4FREZru51eDOXvhWdhzPqul8zFswB5iP87i3uFA3G3A+Q3W0lj8OnOKpaNpNJv3KWndAGFy5srTFcK3FtIrb5rBiA0fsxfMEJcwbQkpvP5aKpOQ2MWCUs8TgOOw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from CO1PR11MB4929.namprd11.prod.outlook.com (2603:10b6:303:6d::19) by CH3PR11MB8706.namprd11.prod.outlook.com (2603:10b6:610:1d1::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.26; Fri, 2 Feb 2024 19:23:31 +0000 X-Received: from CO1PR11MB4929.namprd11.prod.outlook.com ([fe80::7e42:1633:d0a6:9c00]) by CO1PR11MB4929.namprd11.prod.outlook.com ([fe80::7e42:1633:d0a6:9c00%6]) with mapi id 15.20.7249.027; Fri, 2 Feb 2024 19:23:31 +0000 From: "Michael D Kinney" To: "devel@edk2.groups.io" , "santhoshkumarv@ami.com" CC: Sivaraman Nainar , Raj V Akilan , "Mathews, John" , "Kinney, Michael D" Subject: Re: [edk2-devel] [PATCH] NetworkPkg:Update Security Fix Thread-Topic: [PATCH] NetworkPkg:Update Security Fix Thread-Index: AQHaVPoJEjSLIImayESO/35xlOk8GbD3cIeQ Date: Fri, 2 Feb 2024 19:23:31 +0000 Message-ID: References: <20240201103301.673-1-santhoshkumarv@ami.com> In-Reply-To: <20240201103301.673-1-santhoshkumarv@ami.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: CO1PR11MB4929:EE_|CH3PR11MB8706:EE_ x-ms-office365-filtering-correlation-id: b76fc2fd-290e-494a-320a-08dc24247125 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: r/OOKj/bmsOZytj+wfe77aoKN/SqGNW/1kRod6SsBoif2NI+HImuqPQzPbRUe8qwNywvEaFqRiCX48f26NIU/NSoo+hyb7uQonZ4CKynwxU2peLV3VkRpYKj8AxseTT9DD+M+1yiossxO79D3WoglCIUCze0wZxtlwLkQ2FPVOr3izA8uluWUM6Zmk+ySxeGflh0aQaTqKHEBImFqlDdrcQqvky1T4ftSMaeaFWNKa78G7KWTY2+GDwAn4xmvy/nRNICzUCL2PFOW4Q69J5BvAQdBnTVvYHKhlwtRzVNShJaXjJvCwQjfz2WFK4ciK/5n0jTtphJizqQeojdBoxMMsL5eU+uXCCF1NEku9VEyoPBf+lSJGbziHxyBhgXxf6O5xfBH52aIyYVVoVeXc8JaaoXrhniNoqfFMVtq0nrs8Xl2eUrk6RavAzPpLY2DGk8Ah9xItmaYtIXbv0ntvDg3rn5HhlzBpdyWS5vYjhaFZ4R+RDm9tg1U16l125045PkNr1NNR2c4k/ZB3MtXnBBJcDrD4UrSZoFKezVivPlLdodXxybK46oJ58O45zfrrobO/7yR927LdeQZUnmBicCakVqXJmgKuCvOwD2nXoTa/OROZWlrSUaQPy4Xwc7hT/qBU+P+oRGBulvZwArOwIRag== x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?EY3DPUcptGI8/HipqPd9odnymp05oQO3CbhtmI+RgbrQkzHYiNszH0191VdV?= =?us-ascii?Q?Sp/eFjtreJbbv6/4hbTLxNaPGXwxGGlXtA3wRQgavKhLLuPJUPbWll5kC+0Q?= =?us-ascii?Q?CZTtX7i/wCy0Mde9B7/RTYyYNyeA4yw9ZAd+tXUJhR0ZbX9saWmOt88K60gd?= =?us-ascii?Q?0FvguuGuK4KB2LHaDoST+s8Yp7uxbjrdzHI9HI90Ciei3DPYFUjWfES+zc55?= =?us-ascii?Q?Tr3iBdiLJSvlU06VkvvHCATQCRGmZqUdiDezY1NJ0bGg277bSIZ5pToc6jX9?= =?us-ascii?Q?8sKWemN1TyJBJrdls4tW9O4z3RCBQEKRIDaLkYXeSWjwfNnWx1Nerie07inv?= =?us-ascii?Q?yX4nwTvBq/4XehvekIcOJOQvIufmW795TfFt0qWoAuoLedTTyXi0/j5Wf9Sl?= =?us-ascii?Q?W2FZFWOZhyufdWyHRId0DPYiz4kbylE5BOMAFdDWtkR3FW2FpboQUSbWV2u6?= =?us-ascii?Q?LHm/8aUtOIXaQrASr+ITIVABFfPirvyWR9vlSw2c5jRoEAZ4Uq0Y9CFJejfr?= =?us-ascii?Q?ROvXAk6V4UlMSp8D9Tgy3BGX5YzeiB+chbtM4nqGPXVmaNTKP9zn5+6j6VAh?= =?us-ascii?Q?Fhn51U1Nb/J5w0Vlh8tELcTCeQohg4IFBT58xtAwjln5JtDawc2B00nnHus0?= =?us-ascii?Q?pcFbh9lqCE6av2hPVAURyj5hGMIHyoVuO9LU0fen7NGM5PhJg9UbpxD9iiKL?= =?us-ascii?Q?cExfJfQypt6LNfokG534zJ6y5yG7wtNf55igudgaZqcvSKAnRMMFa49coG9u?= =?us-ascii?Q?wE2vhBNLrtAeaz7BBCNz+CxXSOGdoZpxj4GhJtt01f9zB5VilaPX2s+Pw55p?= =?us-ascii?Q?z4t28zqqtEBrp639Yoy/KwULAEBHeYkq6EoAQGklsU4YPHYStN19z5A3Nf0s?= =?us-ascii?Q?TYaOc0lD1QrC1ACr5A6P9GwBva5o6z6NqA7UxNdULa/0JeAWygQD/pO/4sEX?= =?us-ascii?Q?pnqFPrZArtPYsbQsZ5xJ47uzFg0Igm5hp933ddoILGgEUbKfccBjdBqTVuxi?= =?us-ascii?Q?gkotVJHQqiybpaNVOyGPlrMBw4CRdAPeCILB8lu4hOINzHiZ/gLZur2TB/7P?= =?us-ascii?Q?eScRUOIrEhVYVMH14tzAuv7+wviGq3ZA8ILXjSbJgcQ5WDtQeWOLDxeedY0M?= =?us-ascii?Q?hewRWxKy2JG8SZ3C2dziutBG7iMxWrBf/CiC81PA8CKEyROl21CfUhyW+aQP?= =?us-ascii?Q?X/goI86VCrS5QcQEOKsX5SSqJafHF8LaMSNNQu2XQE6kBLEVx4hiQsCUgqm1?= =?us-ascii?Q?OMavYQgQslRlVlr+BnxYdQVPew9ZHBdLA3k9zYv8UbCWep6vnEBmPwjEEiDj?= =?us-ascii?Q?1Ilpprt7zwoPQETUj3tHvu2NUjrXMGEPBFDjIyog8noX4SPjv8f5ABH+iAIy?= =?us-ascii?Q?GBlumKjFw1c9AnLFY1YgvunTFJ6Pa82kPTKiU4XgmQqZ1OroPEyLKw+8/Rvh?= =?us-ascii?Q?AyEknzI6KOuyEbW3vw+erRHkroQlrm/gTEBL4oNhj0bwnm10YkDXlKq8W5M6?= =?us-ascii?Q?cveiPcYQVyZhZmRjLbjv4IKUze6lx6KQ1f2h2mb/lfABE17UY4c3vUkYQna2?= =?us-ascii?Q?xlktSNKW4ss4es0OLTvj7fyhu9UCmcT9SrdVm47e?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4929.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b76fc2fd-290e-494a-320a-08dc24247125 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Feb 2024 19:23:31.5033 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: uCcmz/fthOxfcTaQopgODJC2GBPA4m+4FlaujkNWKwHjEOV+rq94davinz2PEnYzc3w2Xh6uYsBNjbMxqMi3rq6lKQuqoGNughF0BKKgwr0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB8706 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 6ddjrO8coU6WDzdTX7hviqyqx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=v+tlZZ35; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Please add Cc: lines to commit message with NetworkPkg=20 Maintainers/reviewers. Thanks, Mike > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Santhosh > Kumar V via groups.io > Sent: Thursday, February 1, 2024 2:33 AM > To: devel@edk2.groups.io; Santhosh Kumar V > Cc: Sivaraman Nainar ; Raj V Akilan > ; Mathews, John > Subject: [edk2-devel] [PATCH] NetworkPkg:Update Security Fix >=20 > Update Security patch for Bug 4541 (Predictable TCP ISNs) >=20 >=20 > Signed-off-by: SanthoshKumar > --- > NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 21 ++++++++++++++------- > NetworkPkg/Library/DxeNetLib/DxeNetLib.inf | 2 +- > NetworkPkg/TcpDxe/TcpDxe.inf | 1 + > NetworkPkg/TcpDxe/TcpMain.h | 1 + > NetworkPkg/TcpDxe/TcpMisc.c | 7 ++++++- > NetworkPkg/TcpDxe/TcpTimer.c | 8 +++++--- > 6 files changed, 28 insertions(+), 12 deletions(-) >=20 > diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c > b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c > index fd4a9e15a8..d3cc8a59d4 100644 > --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c > +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c > @@ -31,6 +31,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include >=20 > #include >=20 > #include >=20 > +#include >=20 >=20 >=20 > #define NIC_ITEM_CONFIG_SIZE (sizeof (NIC_IP4_CONFIG_INFO) + sizeof > (EFI_IP4_ROUTE_TABLE) * MAX_IP4_CONFIG_IN_VARIABLE) >=20 > #define DEFAULT_ZERO_START ((UINTN) ~0) >=20 > @@ -902,14 +903,20 @@ NetRandomInitSeed ( > EFI_TIME Time; >=20 > UINT32 Seed; >=20 > UINT64 MonotonicCount; >=20 > + UINT32 RandomVal; >=20 > + >=20 > + if ( TRUE =3D=3D GetRandomNumber32(&RandomVal)) >=20 > + Seed =3D RandomVal; >=20 > + else >=20 > + { >=20 > + gRT->GetTime (&Time, NULL); >=20 > + Seed =3D (Time.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | > Time.Second); >=20 > + Seed ^=3D Time.Nanosecond; >=20 > + Seed ^=3D Time.Year << 7; >=20 >=20 >=20 > - gRT->GetTime (&Time, NULL); >=20 > - Seed =3D (Time.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | > Time.Second); >=20 > - Seed ^=3D Time.Nanosecond; >=20 > - Seed ^=3D Time.Year << 7; >=20 > - >=20 > - gBS->GetNextMonotonicCount (&MonotonicCount); >=20 > - Seed +=3D (UINT32)MonotonicCount; >=20 > + gBS->GetNextMonotonicCount (&MonotonicCount); >=20 > + Seed +=3D (UINT32)MonotonicCount; >=20 > + } >=20 >=20 >=20 > return Seed; >=20 > } >=20 > diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf > b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf > index 8145d256ec..2c800b7c00 100644 > --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf > +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf > @@ -43,7 +43,7 @@ > MemoryAllocationLib >=20 > DevicePathLib >=20 > PrintLib >=20 > - >=20 > + RngLib >=20 >=20 >=20 > [Guids] >=20 > gEfiSmbiosTableGuid ## SOMETIMES_CONSUMES > ## SystemTable >=20 > diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf > b/NetworkPkg/TcpDxe/TcpDxe.inf > index c0acbdca57..99c093600f 100644 > --- a/NetworkPkg/TcpDxe/TcpDxe.inf > +++ b/NetworkPkg/TcpDxe/TcpDxe.inf > @@ -67,6 +67,7 @@ > DpcLib >=20 > NetLib >=20 > IpIoLib >=20 > + RngLib >=20 >=20 >=20 >=20 >=20 > [Protocols] >=20 > diff --git a/NetworkPkg/TcpDxe/TcpMain.h b/NetworkPkg/TcpDxe/TcpMain.h > index c0c9b7f46e..f94598b6ba 100644 > --- a/NetworkPkg/TcpDxe/TcpMain.h > +++ b/NetworkPkg/TcpDxe/TcpMain.h > @@ -16,6 +16,7 @@ > #include >=20 > #include >=20 > #include >=20 > +#include >=20 >=20 >=20 > #include "Socket.h" >=20 > #include "TcpProto.h" >=20 > diff --git a/NetworkPkg/TcpDxe/TcpMisc.c b/NetworkPkg/TcpDxe/TcpMisc.c > index c93212d47d..4d33dd6ad6 100644 > --- a/NetworkPkg/TcpDxe/TcpMisc.c > +++ b/NetworkPkg/TcpDxe/TcpMisc.c > @@ -516,7 +516,12 @@ TcpGetIss ( > VOID >=20 > ) >=20 > { >=20 > - mTcpGlobalIss +=3D TCP_ISS_INCREMENT_1; >=20 > + UINT32 RandomVal; >=20 > + if ( TRUE =3D=3D GetRandomNumber32(&RandomVal)) >=20 > + mTcpGlobalIss +=3D RandomVal; >=20 > + else >=20 > + mTcpGlobalIss +=3D TCP_ISS_INCREMENT_1; >=20 > + >=20 > return mTcpGlobalIss; >=20 > } >=20 >=20 >=20 > diff --git a/NetworkPkg/TcpDxe/TcpTimer.c > b/NetworkPkg/TcpDxe/TcpTimer.c > index 5d2e124977..3370e6b264 100644 > --- a/NetworkPkg/TcpDxe/TcpTimer.c > +++ b/NetworkPkg/TcpDxe/TcpTimer.c > @@ -481,10 +481,12 @@ TcpTickingDpc ( > LIST_ENTRY *Next; >=20 > TCP_CB *Tcb; >=20 > INT16 Index; >=20 > - >=20 > + UINT32 RandomVal; >=20 > mTcpTick++; >=20 > - mTcpGlobalIss +=3D TCP_ISS_INCREMENT_2; >=20 > - >=20 > + if ( TRUE =3D=3D GetRandomNumber32(&RandomVal)) >=20 > + mTcpGlobalIss +=3D RandomVal >=20 > + else >=20 > + mTcpGlobalIss +=3D TCP_ISS_INCREMENT_2; >=20 > // >=20 > // Don't use LIST_FOR_EACH, which isn't delete safe. >=20 > // >=20 > -- > 2.42.0.windows.2 > -The information contained in this message may be confidential and > proprietary to American Megatrends (AMI). This communication is > intended to be read only by the individual or entity to whom it is > addressed or by their designee. If the reader of this message is not > the intended recipient, you are on notice that any distribution of this > message, in any form, is strictly prohibited. Please promptly notify > the sender by reply e-mail or by telephone at 770-246-8600, and then > delete or destroy all copies of the transmission. >=20 >=20 >=20 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115068): https://edk2.groups.io/g/devel/message/115068 Mute This Topic: https://groups.io/mt/104108873/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-