From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id DBCB27803CC for ; Wed, 15 May 2024 19:14:51 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=72FXzEKOTeXwF/AqadBsrSfuOq53yRN/C6O2inx9eVU=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1715800490; v=1; b=NpTMbRmXgTYMXLmaeWI3W7um35qHW6zVqaqBj/7s/KoE4s1PY0hGDZf6G8qs0Hfl/57RQCFW bsyur82F+bQJem01IU/ZKpDSLGG36dcO781gGoGMMdS/nGk88BruHsBwRD4el/uDMhlcJl8aB0Y oKAkkd4uH9hQwbgKONsJNk6QmpXg7/Ub1ZqAguQ3yNp27WZomDr1ddo/VGdrCrB+kL012RdfKa0 rkKoQE70pFlXaQ3dO0zKYGM6cQMoVvGOa0smJq1vhmS2LQE+ikrw1Zj9H6mHpxa/4n52Boz5dH4 0W3dbHn2TLpMCx/02XpeVDPyeTsFNIZADhLBZWEqObGxQ== X-Received: by 127.0.0.2 with SMTP id vCOBYY7687511xtCcb7tde7P; Wed, 15 May 2024 12:14:50 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.15]) by mx.groups.io with SMTP id smtpd.web11.2936.1715800489010563085 for ; Wed, 15 May 2024 12:14:49 -0700 X-CSE-ConnectionGUID: wizonk3vSwaAhEFan2tc1g== X-CSE-MsgGUID: UHgo82sTTn67Q82MPWYwyg== X-IronPort-AV: E=McAfee;i="6600,9927,11074"; a="12046465" X-IronPort-AV: E=Sophos;i="6.08,162,1712646000"; d="scan'208";a="12046465" X-Received: from orviesa001.jf.intel.com ([10.64.159.141]) by fmvoesa109.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 May 2024 12:14:48 -0700 X-CSE-ConnectionGUID: Sl+iIENxRfS07kqWx2+5ng== X-CSE-MsgGUID: 9RVKdONuTMenVKw0kjAgxg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,162,1712646000"; d="scan'208";a="68616794" X-Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by orviesa001.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 15 May 2024 12:14:48 -0700 X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 15 May 2024 12:14:48 -0700 X-Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39 via Frontend Transport; Wed, 15 May 2024 12:14:48 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.100) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Wed, 15 May 2024 12:14:47 -0700 X-Received: from SN7PR11MB8281.namprd11.prod.outlook.com (2603:10b6:806:26b::20) by IA1PR11MB6147.namprd11.prod.outlook.com (2603:10b6:208:3ed::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7544.55; Wed, 15 May 2024 19:14:39 +0000 X-Received: from SN7PR11MB8281.namprd11.prod.outlook.com ([fe80::e4c6:587d:ede3:2f85]) by SN7PR11MB8281.namprd11.prod.outlook.com ([fe80::e4c6:587d:ede3:2f85%5]) with mapi id 15.20.7544.052; Wed, 15 May 2024 19:14:39 +0000 From: "Saloni Kasbekar" To: Doug Flick , "devel@edk2.groups.io" CC: "Clark-williams, Zachary" Subject: Re: [edk2-devel] [PATCH v2 08/13] NetworkPkg:: SECURITY PATCH CVE-2023-45237 Thread-Topic: [PATCH v2 08/13] NetworkPkg:: SECURITY PATCH CVE-2023-45237 Thread-Index: AQHaodWzjeUZE4Tok0CNzbSsogYW5bGYtERw Date: Wed, 15 May 2024 19:14:39 +0000 Message-ID: References: <20240509055633.828642-1-doug.edk2@gmail.com> <20240509055633.828642-9-doug.edk2@gmail.com> In-Reply-To: <20240509055633.828642-9-doug.edk2@gmail.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SN7PR11MB8281:EE_|IA1PR11MB6147:EE_ x-ms-office365-filtering-correlation-id: b214158c-72c8-4b10-bf6b-08dc7513447d x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: =?us-ascii?Q?0Oid+NiCNa9zkUgZcPUY5524UNMjCoSyNtGMeeYoGoH6Ue5kXXnuLIZ44GOQ?= =?us-ascii?Q?pD/ZhCfhgzerOz5paGQsMbzqGvz81VGE2f8eoVAacXGq+p2IPpfPu1+DKRD7?= =?us-ascii?Q?DAv9SVXgQK6IGSIRDry5dyefgHSUNeUr86sCdUY2xledhpvBp2mFn4I/T1fv?= =?us-ascii?Q?PKrV9E6vtyAClIJjTzaq7nwMkXGlntj4omG4EaYmnMP1GCkDcL9ZZGqQ0rqv?= =?us-ascii?Q?2KROTIE7Rj8WbCACjZgmIeQUyrMma+wBNimNrs2+39rN081VMsmOxuISMH9u?= =?us-ascii?Q?+9xMRHy2s1CMM9jDOVHs+K6p71Q/tcNgQt1r5YWCqp2A/8OAGqEgbCWphgzV?= =?us-ascii?Q?SB/DrKeJA8UFAmP0owbUr8hDWu/B43mLHk7DbcpMsF/aUrffOQ2fcKOUC7oX?= =?us-ascii?Q?zWqew83QRPGv+FUT8GvhZwkKK49Saad6UgbWZXgl6a5waFVqrh5Q5xzbWHn8?= =?us-ascii?Q?CvYKdz9INV3n2aNbdCkRtmEP2FWB27rAKPc9uc/n1h4xYnD2omqPPeg+0p4E?= =?us-ascii?Q?dvaAkzG9O1wfkXA/+AsniMQD85+4/DYaHAgNZ4jg3y2TlbMBjfW2pJSIlXoW?= =?us-ascii?Q?W5jXtmDD6f0q9C1nJV1XCp/8z62oVIAhe0gnzOp/mPpYv2gXudWPoE4G8EW2?= =?us-ascii?Q?ZoOgRkbALsL1c98M9abi/lT1TK8qaX4RI21GDiZztTFzdz/ZCZAihbdna/Uk?= =?us-ascii?Q?0vLaf1T9yZB+ix59BLhiDB05a2S8jUXD+s5A/c6AfAo4DrYdm82t6FiBMJ1Y?= =?us-ascii?Q?YcYhYJgbTYKI7WZnP0/mg1ZFGOcbwe4dVpSoRDajprND/35DSGOkgdMCqZS5?= =?us-ascii?Q?8e3mnrbDYA6dJIpq5mma0XbAoWWnSGpqOoqmKLZXE5XIQ7g4U4vGvlneKdxr?= =?us-ascii?Q?vcTU08Ugy7q5t9zUZPGx5mBp+flMkgUKdKiteDdS6GIOrF1VSnJg8zrtacus?= =?us-ascii?Q?w+z8I2mvgDplI8tezLQAEE5TrqzJzuGCeXEifcq8amD9rrRjOQ/J9+A2K8MX?= =?us-ascii?Q?BJyy9w9g5nnscPNfuIPYdAfd2AuVNq6r2ldscC929J8/ai9y+y2a5HCNMjpu?= =?us-ascii?Q?0vdruxDZDOCDdYCFX9ihD/BAP9TdVtadEikfPSp5CVKJoawSOeVi2rIM7H92?= =?us-ascii?Q?q/z1zACxcWT+veW4J8z6aCLuKmWXFn+GDIDiIvpNUPcYQoezHCcvi5rpP2Pi?= =?us-ascii?Q?Kwiyp/ITcrYrNZL+V2tf/Yb7In5WpmW8hrrt0PnMEfb+Ei6afr0pE8hCKyPx?= =?us-ascii?Q?ODU4cNF45ycjVeLiLm4peQTRFw6j7DND1NBnR+ydC8FJsTe1uj0TZs+z6JvV?= =?us-ascii?Q?0aw=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?yQE7FXZ5iH3NZFvY+7NU8MV5ThvyfsXQc7Xw3Cz7cL6jSsG9F3On6VLViJH4?= =?us-ascii?Q?dX4BvQ6NwIcuMTq2VmsUO1hEAjExu/C/LJl6jOV7oHVNYKAELJUTbzDo2rcI?= =?us-ascii?Q?wupM3VdX3lGhGTVrVXeQBDgcofzsHm6TLo7Sg+9KXu9XxelmTi/yykHJnoab?= =?us-ascii?Q?VPFeFgNmQk2nLfCEpdL2hfb9F8gkpqkMr9gmwoRGZtjqlGo3PUNzlfU+tUNb?= =?us-ascii?Q?7egcwBok0pLvsrqkVOqS2iSTlSH4szjpHMnTjdeOcCopcM/T3x+prN+gixKh?= =?us-ascii?Q?4v7vBuAOLR29C5HZVfFjhYn5lFguevFAAeqk3LrGtBx8+XoGxkRgVPQVFDjd?= =?us-ascii?Q?+SVQVFlpR0M0Byw8ks5gGDOiQpVyXV5Trq14cp1xlk1nvaHpBOusPgySuKMc?= =?us-ascii?Q?6WJqat9kNFPcbN9mpOb/T6mG4KAIvmRtj6VLfrnODBDMaIDc66Ha5lOqd/DS?= =?us-ascii?Q?Yp16yBS1XmJNkRb/S6ExMMy9mcJiK6R37gqpIhZuQI7HLI41R9k1Tb1ZjZW0?= =?us-ascii?Q?J5a/xijHNVKsfwWawAtP7+7/gyHjsQ2RDKECx4Mb0An9iX/pzJSJNjcsIdWf?= =?us-ascii?Q?rdHIMAN2NuUcF4qKgQILv+ZR4YqeoJDPRQ8ZrlLRc3Ef512MQjgtjClpRUT3?= =?us-ascii?Q?P00aulY6RMe10az8HMZa2RJBx7LZ1KjPax1DMJlzl3RSrQAMBQSLEQAKEk9O?= =?us-ascii?Q?UiLs0EEbWcLAbjOOZajqmJ6ozrX6pfWl+tKxzUJiFPNjLt0HaiOhvmxe3qsa?= =?us-ascii?Q?Kikg1nTk1kD0aLzJBkuFj39er1o0OPVau3o0ivPu0z3QFdR6NKZx4AVMEt/k?= =?us-ascii?Q?WHhgXEZbWPpgEGLeNOiUe5FruY8NblFNetAepD75lnCS9pcXC8C9rz+n/wWq?= =?us-ascii?Q?+UmDT8V4DZL2iZKJbOFUrYp8VFfE/CGA2iQzFY5E4TPi8D73cZLcXfNSXHuT?= =?us-ascii?Q?qB/1bUr6DfFEukZvsrz+Q4CCfhVIu8SwH/g/lUXevw2qVSHDxom3Vs/8EZzb?= =?us-ascii?Q?vmo3QUWiB3rtI7zxZsy8PT5uvOZOtozSObLv6X19n2r9wfsRLgO74qjbtgup?= =?us-ascii?Q?bZ4LhrD0t4fQ0Q15othSLIDVk5ggDXnYXs9sdgJ6WWI+o91cFLWvwzG2eWrZ?= =?us-ascii?Q?NoD0Xuj4EYYdfCwHihrMQvX1+TIDmLSSgmF8rFAPwRYTJn87QxOYyZNFZ+6m?= =?us-ascii?Q?qfXHkt9c5W18eBA0cA4EJsVWKkm7vzFi+ZgYYqGtICrU24lw3mnuL9inoeuX?= =?us-ascii?Q?4Fmm4FOfbZi5C2tG7KVQV+Y0CqPOE7ATymrlP3f0kdsXvxUev09T4h6I2XGu?= =?us-ascii?Q?BkqTJ1Iz9x5HWALtUMY0COeKiqQPjnR/rGGtEig3XsDZB4begcXrvTWA2v53?= =?us-ascii?Q?1IeGTBHaL/8l/RyUlCwCtZWgRXg42rIi7vknxbPSlbXnqNrGyFjJGOzFrfQZ?= =?us-ascii?Q?dmCyR/9bnGyi/w+NTjmlycjphmfSU9Erfolr95Q3qKLRPhez+Z1+682QclJt?= =?us-ascii?Q?rFok+2yaMTjd5izSj01fz7qwFGD+pcm3uS1TZ6wV0IZqMWLzwV/ypKyrGZ/5?= =?us-ascii?Q?ETMUUAN016fM4kjWEVtHTbdEPhY/acndSXSOg/LN?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN7PR11MB8281.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b214158c-72c8-4b10-bf6b-08dc7513447d X-MS-Exchange-CrossTenant-originalarrivaltime: 15 May 2024 19:14:39.3666 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: dkFhRe4+4224FS2M35NRG3qhPBUyFKO4YpdkYERhMV8YVNK+BrnqjAKE+yOInyMkub0O3zLVnk15RYNKJ67XFpY/IC+87FivC8/2IQPHCwo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR11MB6147 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 15 May 2024 12:14:49 -0700 Resent-From: saloni.kasbekar@intel.com Reply-To: devel@edk2.groups.io,saloni.kasbekar@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: kbWm27Zs1ScBUFkmxPUFMhEox7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=NpTMbRmX; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io Reviewed-by: Saloni Kasbekar -----Original Message----- From: Doug Flick =20 Sent: Wednesday, May 8, 2024 10:56 PM To: devel@edk2.groups.io Cc: Kasbekar, Saloni ; Clark-williams, Zachary <= zachary.clark-williams@intel.com> Subject: [PATCH v2 08/13] NetworkPkg:: SECURITY PATCH CVE-2023-45237 From: Doug Flick REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D4542 Bug Overview: PixieFail Bug #9 CVE-2023-45237 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Use of a Weak PseudoRandom Number Generator Change Overview: Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either > > EFI_STATUS > EFIAPI > PseudoRandomU32 ( > OUT UINT32 *Output > ); > or (depending on the use case) > > EFI_STATUS > EFIAPI > PseudoRandom ( > OUT VOID *Output, > IN UINTN OutputLength > ); > This is because the use of Example: The following code snippet PseudoRandomU32 () function is used: > > UINT32 Random; > > Status =3D PseudoRandomU32 (&Random); > if (EFI_ERROR (Status)) { > DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > return Status; > } > This also introduces a new PCD to enable/disable the use of the secure impl= ementation of algorithms for PseudoRandom () and instead depend on the defa= ult implementation. This may be required for some platforms where the UEFI = Spec defined algorithms are not available. > > PcdEnforceSecureRngAlgorithms > If the platform does not have any one of the UEFI defined secure RNG algori= thms then the driver will assert. Cc: Saloni Kasbekar Cc: Zachary Clark-williams Signed-off-by: Doug Flick [MSFT] --- NetworkPkg/NetworkPkg.dec | 7 ++ NetworkPkg/Library/DxeNetLib/DxeNetLib.inf | 13 +- NetworkPkg/TcpDxe/TcpDxe.inf | 3 + NetworkPkg/IScsiDxe/IScsiMisc.h | 6 +- NetworkPkg/Include/Library/NetLib.h | 40 ++++-- NetworkPkg/Ip6Dxe/Ip6Nd.h | 8 +- NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c | 10 +- NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c | 11 +- NetworkPkg/DnsDxe/DnsDhcp.c | 10 +- NetworkPkg/DnsDxe/DnsImpl.c | 11 +- NetworkPkg/HttpBootDxe/HttpBootDhcp6.c | 10 +- NetworkPkg/IScsiDxe/IScsiCHAP.c | 19 ++- NetworkPkg/IScsiDxe/IScsiMisc.c | 14 +-- NetworkPkg/Ip4Dxe/Ip4Driver.c | 10 +- NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c | 9 +- NetworkPkg/Ip6Dxe/Ip6Driver.c | 17 ++- NetworkPkg/Ip6Dxe/Ip6If.c | 12 +- NetworkPkg/Ip6Dxe/Ip6Mld.c | 12 +- NetworkPkg/Ip6Dxe/Ip6Nd.c | 33 ++++- NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 129 +++++++++++++++++--- NetworkPkg/TcpDxe/TcpDriver.c | 15 ++- NetworkPkg/Udp4Dxe/Udp4Driver.c | 10 +- NetworkPkg/Udp6Dxe/Udp6Driver.c | 11 +- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c | 9 +- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 11 +- NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c | 12 +- NetworkPkg/SecurityFixes.yaml | 39 ++++++ 27 files changed, 408 insertions(+), 83 deletions(-) diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec index e0= 6f35e7747c..7c4289b77b21 100644 --- a/NetworkPkg/NetworkPkg.dec +++ b/NetworkPkg/NetworkPkg.dec @@ -5,6 +5,7 @@ # # Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.
= # (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP
+# = Copyright (c) Microsoft Corporation # # SPDX-License-Identifier: BSD-2-Clau= se-Patent #@@ -130,6 +131,12 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] # @Prompt Indicates whether SnpDxe creates event for ExitBootServices() = call. gEfiNetworkPkgTokenSpaceGuid.PcdSnpCreateExitBootServicesEvent|TRUE= |BOOLEAN|0x1000000C + ## Enforces the use of Secure UEFI spec defined RNG = algorithms for all network connections.+ # TRUE - Enforce the use of Secu= re UEFI spec defined RNG algorithms.+ # FALSE - Do not enforce and depend = on the default implementation of RNG algorithm from the provider.+ # @Prom= pt Enforce the use of Secure UEFI spec defined RNG algorithms.+ gEfiNetwor= kPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|0x1000000D+ [= PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] ## I= Pv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 63= 55). # 01 =3D DUID Based on Link-layer Address Plus Time [DUID-LLT]diff -= -git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf b/NetworkPkg/Library/DxeN= etLib/DxeNetLib.inf index 8145d256ec10..236ccd362efe 100644 --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf @@ -3,6 +3,7 @@ # # Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. # (C) Copyright 2015 Hewlett Packard Enterprise Development LP
+# Co= pyright (c) Microsoft Corporation # SPDX-License-Identifier: BSD-2-Clause-= Patent # ##@@ -49,7 +50,10 @@ [Guids] gEfiSmbiosTableGuid ## SOMETIMES_CONSUMES ## = SystemTable gEfiSmbios3TableGuid ## SOMETIMES_CO= NSUMES ## SystemTable gEfiAdapterInfoMediaStateGuid ## S= OMETIMES_CONSUMES-+ gEfiRngAlgorithmRaw ## CONSU= MES+ gEfiRngAlgorithmSp80090Ctr256Guid ## CONSUMES+ gEfiRngAl= gorithmSp80090Hmac256Guid ## CONSUMES+ gEfiRngAlgorithmSp80090H= ash256Guid ## CONSUMES [Protocols] gEfiSimpleNetworkProtocolG= uid ## SOMETIMES_CONSUMES@@ -59,3 +63,10 @@ [Protocols] gEfiComponentNameProtocolGuid ## SOMETIMES_CONSUMES gE= fiComponentName2ProtocolGuid ## SOMETIMES_CONSUMES gEfiAda= pterInformationProtocolGuid ## SOMETIMES_CONSUMES+ gEfiRngProto= colGuid ## CONSUMES++[FixedPcd]+ gEfiNetworkPkgT= okenSpaceGuid.PcdEnforceSecureRngAlgorithms ## CONSUMES++[Depex]+ gEfiRngP= rotocolGuiddiff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/Tc= pDxe.inf index c0acbdca5700..cf5423f4c537 100644 --- a/NetworkPkg/TcpDxe/TcpDxe.inf +++ b/NetworkPkg/TcpDxe/TcpDxe.inf @@ -82,5 +82,8 @@ [Protocols] gEfiTcp6ProtocolGuid ## BY_START gEfiTcp6Serv= iceBindingProtocolGuid ## BY_START +[Depex]+ gEfiHash2ServiceBi= ndingProtocolGuid+ [UserExtensions.TianoCore."ExtraFiles"] TcpDxeExtra.un= idiff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMi= sc.h index a951eee70ec9..91b2cd22613d 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.h +++ b/NetworkPkg/IScsiDxe/IScsiMisc.h @@ -2,6 +2,7 @@ Miscellaneous definitions for iSCSI driver. Copyright (c) 2004 - 2018, = Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corpora= tion SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ -202,8 +203,11 @@ = IScsiNetNtoi ( @param[in, out] Rand The buffer to contain random numbers. @par= am[in] RandLength The length of the Rand buffer. + @retval EFI_SUCCE= SS on success+ @retval others on error+ **/-VOID+EFI_STATUS IScsiGenR= andom ( IN OUT UINT8 *Rand, IN UINTN RandLengthdiff --git a/Netwo= rkPkg/Include/Library/NetLib.h b/NetworkPkg/Include/Library/NetLib.h index 8c0e62b3889c..e8108b79db8f 100644 --- a/NetworkPkg/Include/Library/NetLib.h +++ b/NetworkPkg/Include/Library/NetLib.h @@ -3,6 +3,7 @@ It provides basic functions for the UEFI network stack. Copyright (c) 2= 005 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) Micro= soft Corporation SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ -539,8= +540,6 @@ extern EFI_IPv4_ADDRESS mZeroIp4Addr; #define TICKS_PER_MS 10000U #define TICKS_PER_SECOND 10000000U -#def= ine NET_RANDOM(Seed) ((UINT32) ((UINT32) (Seed) * 1103515245UL + 12345) % = 4294967295UL)- /** Extract a UINT32 from a byte stream. @@ -580,19 +579,4= 0 @@ NetPutUint32 ( ); /**- Initialize a random seed using current time and monotonic coun= t.+ Generate a Random output data given a length. - Get current time and = monotonic count first. Then initialize a random seed- based on some basic = mathematics operation on the hour, day, minute, second,- nanosecond and ye= ar of the current time and the monotonic count value.+ @param[out] Output = - The buffer to store the generated random data.+ @param[in] OutputLength = - The length of the output buffer. - @return The random seed initialized w= ith current time.+ @retval EFI_SUCCESS On Success+ @retval EFI_= INVALID_PARAMETER Pointer is null or size is zero+ @retval EFI_NOT_FOUND = RNG protocol not found+ @retval Others Error from Rn= gProtocol->GetRNG() + @return Status code **/-UINT32+EFI_STATUS EFIAPI-Net= RandomInitSeed (- VOID+PseudoRandom (+ OUT VOID *Output,+ IN UINTN = OutputLength+ );++/**+ Generate a 32-bit pseudo-random number.++ @param= [out] Output - The buffer to store the generated random number.++ @retval = EFI_SUCCESS On Success+ @retval EFI_NOT_FOUND RNG protoc= ol not found+ @retval Others Error from RngProtocol->GetRNG= ()++ @return Status code+**/+EFI_STATUS+EFIAPI+PseudoRandomU32 (+ OUT UI= NT32 *Output ); #define NET_LIST_USER_STRUCT(Entry, Type, Field) = \diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.h b/NetworkPkg/Ip6Dxe/Ip6Nd.h index bf64e9114e13..5795e23c7d71 100644 --- a/NetworkPkg/Ip6Dxe/Ip6Nd.h +++ b/NetworkPkg/Ip6Dxe/Ip6Nd.h @@ -2,7 +2,7 @@ Definition of Neighbor Discovery support routines. Copyright (c) 2009= - 2012, Intel Corporation. All rights reserved.
-+ Copyright (c) Micro= soft Corporation SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ -780= ,10 +780,10 @@ Ip6OnArpResolved ( /** Update the ReachableTime in IP6 service binding instance data, in mi= lliseconds. - @param[in, out] IpSb Points to the IP6_SERVICE.-+ @retv= al EFI_SUCCESS ReachableTime Updated+ @retval others = Failed to update ReachableTime **/-VOID+EFI_STATUS Ip6UpdateReachableTi= me ( IN OUT IP6_SERVICE *IpSb );diff --git a/NetworkPkg/Dhcp4Dxe/Dhcp4= Driver.c b/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c index 8c37e93be3a8..892caee36846 100644 --- a/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c +++ b/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c @@ -1,6 +1,7 @@ /** @file Copyright (c) 2006 - 2018, Intel Corporation. All rights reserv= ed.
+Copyright (c) Microsoft Corporation SPDX-License-Identifier: BSD-2-= Clause-Patent **/@@ -189,6 +190,13 @@ Dhcp4CreateService ( { DHCP_SERVICE *DhcpSb; EFI_STATUS Status;+ UINT32 Random;= ++ Status =3D PseudoRandomU32 (&Random);+ if (EFI_ERROR (Status)) {+ D= EBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, = Status));+ return Status;+ } *Service =3D NULL; DhcpSb =3D Alloc= ateZeroPool (sizeof (DHCP_SERVICE));@@ -203,7 +211,7 @@ Dhcp4CreateService = ( DhcpSb->Image =3D ImageHandle; InitializeListHead (&DhcpSb->Chi= ldren); DhcpSb->DhcpState =3D Dhcp4Stopped;- DhcpSb->Xid =3D NET_R= ANDOM (NetRandomInitSeed ());+ DhcpSb->Xid =3D Random; CopyMem ( = &DhcpSb->ServiceBinding, &mDhcp4ServiceBindingTemplate,diff --git a/= NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c index b591a4605bc9..e7f2787a98ba 100644 --- a/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c +++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c @@ -3,7 +3,7 @@ implementation for Dhcp6 Driver. Copyright (c) 2009 - 2018, Intel Cor= poration. All rights reserved.
-+ Copyright (c) Microsoft Corporation = SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ -123,6 +123,13 @@ Dhcp= 6CreateService ( { DHCP6_SERVICE *Dhcp6Srv; EFI_STATUS Status;+ UINT32 Ra= ndom;++ Status =3D PseudoRandomU32 (&Random);+ if (EFI_ERROR (Status)) {+= DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __fun= c__, Status));+ return Status;+ } *Service =3D NULL; Dhcp6Srv =3D = AllocateZeroPool (sizeof (DHCP6_SERVICE));@@ -147,7 +154,7 @@ Dhcp6CreateSe= rvice ( Dhcp6Srv->Signature =3D DHCP6_SERVICE_SIGNATURE; Dhcp6Srv->Controller= =3D Controller; Dhcp6Srv->Image =3D ImageHandle;- Dhcp6Srv->Xid = =3D (0xffffff & NET_RANDOM (NetRandomInitSeed ()));+ Dhcp6Srv->Xid = =3D (0xffffff & Random); CopyMem ( &Dhcp6Srv->ServiceBinding,di= ff --git a/NetworkPkg/DnsDxe/DnsDhcp.c b/NetworkPkg/DnsDxe/DnsDhcp.c index 933565a32df1..9eb3c1d2d81d 100644 --- a/NetworkPkg/DnsDxe/DnsDhcp.c +++ b/NetworkPkg/DnsDxe/DnsDhcp.c @@ -2,6 +2,7 @@ Functions implementation related with DHCPv4/v6 for DNS driver. Copyright= (c) 2015 - 2018, Intel Corporation. All rights reserved.
+Copyright (c)= Microsoft Corporation SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ = -277,6 +278,7 @@ GetDns4ServerFromDhcp4 ( EFI_DHCP4_TRANSMIT_RECEIVE_TOKEN Token; BOOLEAN = IsDone; UINTN Index;+ UINT32 = Random; Image =3D Instance->Service->ImageHandle; = Controller =3D Instance->Service->ControllerHandle;@@ -292,6 +294,12 @@ G= etDns4ServerFromDhcp4 ( Data =3D NULL; InterfaceInfo =3D NULL; + Status =3D PseudoRa= ndomU32 (&Random);+ if (EFI_ERROR (Status)) {+ DEBUG ((DEBUG_ERROR, "%a= failed to generate random number: %r\n", __func__, Status));+ return St= atus;+ }+ ZeroMem ((UINT8 *)ParaList, sizeof (ParaList)); ZeroMem (&M= npConfigData, sizeof (EFI_MANAGED_NETWORK_CONFIG_DATA));@@ -467,7 +475,7 @@= GetDns4ServerFromDhcp4 ( Status =3D Dhcp4->Build (Dhcp4, &SeedPacket, 0, NULL, 2, ParaList, &Tok= en.Packet); - Token.Packet->Dhcp4.Header.Xid =3D HTONL (NET_RANDOM (NetRan= domInitSeed ()));+ Token.Packet->Dhcp4.Header.Xid =3D Random; Token.Pac= ket->Dhcp4.Header.Reserved =3D HTONS ((UINT16)0x8000); diff --git a/Network= Pkg/DnsDxe/DnsImpl.c b/NetworkPkg/DnsDxe/DnsImpl.c index d311812800fd..c2629bb8df1f 100644 --- a/NetworkPkg/DnsDxe/DnsImpl.c +++ b/NetworkPkg/DnsDxe/DnsImpl.c @@ -2,6 +2,7 @@ DnsDxe support functions implementation. Copyright (c) 2016 - 2018, Intel= Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation = SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ -1963,6 +1964,14 @@ Con= structDNSQuery ( NET_FRAGMENT Frag; DNS_HEADER *DnsHeader; DNS_QUERY_SE= CTION *DnsQuery;+ EFI_STATUS Status;+ UINT32 Random;= ++ Status =3D PseudoRandomU32 (&Random);+ if (EFI_ERROR (Status)) {+ D= EBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, = Status));+ return Status;+ } // // Messages carried by UDP are res= tricted to 512 bytes (not counting the IP@@ -1977,7 +1986,7 @@ ConstructDNS= Query ( // Fill header // DnsHeader =3D (DNS_HEADER *)Fra= g.Bulk;- DnsHeader->Identification =3D (UINT16)NET_RANDOM (NetRandomIni= tSeed ());+ DnsHeader->Identification =3D (UINT16)Random; DnsHeader->= Flags.Uint16 =3D 0x0000; DnsHeader->Flags.Bits.RD =3D 1; DnsHe= ader->Flags.Bits.OpCode =3D DNS_FLAGS_OPCODE_STANDARD;diff --git a/NetworkP= kg/HttpBootDxe/HttpBootDhcp6.c b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c index b22cef4ff587..f964515b0fa6 100644 --- a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c +++ b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c @@ -2,6 +2,7 @@ Functions implementation related with DHCPv6 for HTTP boot driver. Copy= right (c) 2015 - 2018, Intel Corporation. All rights reserved.
+Copyrigh= t (c) Microsoft Corporation SPDX-License-Identifier: BSD-2-Clause-Patent *= */@@ -951,6 +952,7 @@ HttpBootDhcp6Sarr ( UINT32 OptCount; UINT8 Buffer[H= TTP_BOOT_DHCP6_OPTION_MAX_SIZE]; EFI_STATUS Status;+ UINT= 32 Random; Dhcp6 =3D Private->Dhcp6; ASSERT (Dhcp6 = !=3D NULL);@@ -961,6 +963,12 @@ HttpBootDhcp6Sarr ( OptCount =3D HttpBootBuildDhcp6Options (Private, OptList, Buffer); ASS= ERT (OptCount > 0); + Status =3D PseudoRandomU32 (&Random);+ if (EFI_ERRO= R (Status)) {+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number= : %r\n", __func__, Status));+ return Status;+ }+ Retransmit =3D Alloc= ateZeroPool (sizeof (EFI_DHCP6_RETRANSMISSION)); if (Retransmit =3D=3D NU= LL) { return EFI_OUT_OF_RESOURCES;@@ -976,7 +984,7 @@ HttpBootDhcp6Sarr= ( Config.IaInfoEvent =3D NULL; Config.RapidCommit = =3D FALSE; Config.ReconfigureAccept =3D FALSE;- Config.IaDescriptor.= IaId =3D NET_RANDOM (NetRandomInitSeed ());+ Config.IaDescriptor.IaId = =3D Random; Config.IaDescriptor.Type =3D EFI_DHCP6_IA_TYPE_NA; = Config.SolicitRetransmission =3D Retransmit; Retransmit->Irt = =3D 4;diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/I= ScsiCHAP.c index b507f11cd45e..bebb1ac29b9c 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c @@ -3,6 +3,7 @@ Configuration. Copyright (c) 2004 - 2018, Intel Corporation. All rights= reserved.
+Copyright (c) Microsoft Corporation SPDX-License-Identifier:= BSD-2-Clause-Patent **/@@ -576,16 +577,24 @@ IScsiCHAPToSendReq ( // // CHAP_I=3D //- IScsiGenRandom ((UIN= T8 *)&AuthData->OutIdentifier, 1);+ Status =3D IScsiGenRandom ((UINT= 8 *)&AuthData->OutIdentifier, 1);+ if (EFI_ERROR (Status)) {+ = break;+ }+ AsciiSPrint (ValueStr, sizeof (ValueStr), "%d"= , AuthData->OutIdentifier); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CH= AP_IDENTIFIER, ValueStr); // // CHAP_C=3D //- = IScsiGenRandom (- (UINT8 *)AuthData->OutChallenge,- = AuthData->Hash->DigestSize- );+ Status =3D IScsiGenRandom (= + (UINT8 *)AuthData->OutChallenge,+ Aut= hData->Hash->DigestSize+ );+ if (EFI_ERROR (Status= )) {+ break;+ }+ BinToHexStatus =3D IScsiBinToHex (= (UINT8 *)AuthData->OutChallenge, = AuthData->Hash->DigestSize,diff --git a/NetworkPkg/IScsiDxe/IS= csiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c index 78dc5c73d35a..2159b8494963 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.c +++ b/NetworkPkg/IScsiDxe/IScsiMisc.c @@ -2,6 +2,7 @@ Miscellaneous routines for iSCSI driver. Copyright (c) 2004 - 2018, Int= el Corporation. All rights reserved.
+Copyright (c) Microsoft Corporatio= n SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ -474,20 +475,17 @@ IS= csiNetNtoi ( @param[in, out] Rand The buffer to contain random numbers. @par= am[in] RandLength The length of the Rand buffer. + @retval EFI_SUCCE= SS on success+ @retval others on error+ **/-VOID+EFI_STATUS IScsiGenR= andom ( IN OUT UINT8 *Rand, IN UINTN RandLength ) {- UINT32 R= andom;-- while (RandLength > 0) {- Random =3D NET_RANDOM (NetRandomIni= tSeed ());- *Rand++ =3D (UINT8)(Random);- RandLength--;- }+ return = PseudoRandom (Rand, RandLength); } /**diff --git a/NetworkPkg/Ip4Dxe/Ip4Dr= iver.c b/NetworkPkg/Ip4Dxe/Ip4Driver.c index ec483ff01fa9..683423f38dc7 100644 --- a/NetworkPkg/Ip4Dxe/Ip4Driver.c +++ b/NetworkPkg/Ip4Dxe/Ip4Driver.c @@ -2,6 +2,7 @@ The driver binding and service binding protocol for IP4 driver. Copyrig= ht (c) 2005 - 2019, Intel Corporation. All rights reserved.
+Copyright (= c) Microsoft Corporation (C) Copyright 2015 Hewlett-Packard Development Com= pany, L.P.
SPDX-License-Identifier: BSD-2-Clause-Patent@@ -549,11 +550= ,18 @@ Ip4DriverBindingStart ( EFI_IP4_CONFIG2_PROTOCOL *Ip4Cfg2; UINTN Index; = IP4_CONFIG2_DATA_ITEM *DataItem;+ UINT32 Random; = IpSb =3D NULL; Ip4Cfg2 =3D NULL; DataItem =3D NULL; + Status = =3D PseudoRandomU32 (&Random);+ if (EFI_ERROR (Status)) {+ DEBUG ((DEBU= G_ERROR, "%a failed to generate random number: %r\n", __func__, Status));+ = return Status;+ }+ // // Test for the Ip4 service binding protocol = //@@ -653,7 +661,7 @@ Ip4DriverBindingStart ( // // Initialize the IP4 ID //- mIp4Id =3D (UINT16)NET_RANDOM (NetR= andomInitSeed ());+ mIp4Id =3D (UINT16)Random; return Status; diff --gi= t a/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c b/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c index 70e232ce6c4d..4c1354d26cc1 100644 --- a/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c +++ b/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c @@ -2276,6 +2276,13 @@ Ip6ConfigInitInstance ( UINTN Index; UINT16 IfIndex; IP6_CONF= IG_DATA_ITEM *DataItem;+ UINT32 Random;++ Status =3D Pseu= doRandomU32 (&Random);+ if (EFI_ERROR (Status)) {+ DEBUG ((DEBUG_ERROR,= "%a failed to generate random number: %r\n", __func__, Status));+ retur= n Status;+ } IpSb =3D IP6_SERVICE_FROM_IP6_CONFIG_INSTANCE (Instance); = @@ -2381,7 +2388,7 @@ Ip6ConfigInitInstance ( // The NV variable is not set, so generate a random IAID, and write do= wn the // fresh new configuration as the NV variable now. //- In= stance->IaId =3D NET_RANDOM (NetRandomInitSeed ());+ Instance->IaId =3D = Random; for (Index =3D 0; Index < IpSb->SnpMode.HwAddressSize; Index++= ) { Instance->IaId |=3D (IpSb->SnpMode.CurrentAddress.Addr[Index] << = ((Index << 3) & 31));diff --git a/NetworkPkg/Ip6Dxe/Ip6Driver.c b/NetworkPk= g/Ip6Dxe/Ip6Driver.c index b483a7d136d9..cbe011dad472 100644 --- a/NetworkPkg/Ip6Dxe/Ip6Driver.c +++ b/NetworkPkg/Ip6Dxe/Ip6Driver.c @@ -3,7 +3,7 @@ Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
= (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
-+ Copyr= ight (c) Microsoft Corporation SPDX-License-Identifier: BSD-2-Clause-Pate= nt **/@@ -316,7 +316,11 @@ Ip6CreateService ( IpSb->CurHopLimit =3D IP6_HOP_LIMIT; IpSb->LinkMTU =3D= IP6_MIN_LINK_MTU; IpSb->BaseReachableTime =3D IP6_REACHABLE_TIME;- Ip6U= pdateReachableTime (IpSb);+ Status =3D Ip6UpdateReachable= Time (IpSb);+ if (EFI_ERROR (Status)) {+ goto ON_ERROR;+ }+ // // = RFC4861 RETRANS_TIMER: 1,000 milliseconds //@@ -516,11 +520,18 @@ Ip6Driv= erBindingStart ( EFI_STATUS Status; EFI_IP6_CONFIG_PROTOCOL *Ip6Cfg; I= P6_CONFIG_DATA_ITEM *DataItem;+ UINT32 Random; Ip= Sb =3D NULL; Ip6Cfg =3D NULL; DataItem =3D NULL; + Status =3D Ps= eudoRandomU32 (&Random);+ if (EFI_ERROR (Status)) {+ DEBUG ((DEBUG_ERRO= R, "%a failed to generate random number: %r\n", __func__, Status));+ ret= urn Status;+ }+ // // Test for the Ip6 service binding protocol //@@= -656,7 +667,7 @@ Ip6DriverBindingStart ( // // Initialize the IP6 ID //- mIp6Id =3D NET_RANDOM (NetRandomIni= tSeed ());+ mIp6Id =3D Random; return EFI_SUCCESS; diff --git a/Network= Pkg/Ip6Dxe/Ip6If.c b/NetworkPkg/Ip6Dxe/Ip6If.c index 4629c05f25a0..f3d11c4d2155 100644 --- a/NetworkPkg/Ip6Dxe/Ip6If.c +++ b/NetworkPkg/Ip6Dxe/Ip6If.c @@ -2,7 +2,7 @@ Implement IP6 pseudo interface. Copyright (c) 2009 - 2018, Intel Corp= oration. All rights reserved.
-+ Copyright (c) Microsoft Corporation = SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ -89,6 +89,14 @@ Ip6SetA= ddress ( IP6_PREFIX_LIST_ENTRY *PrefixEntry; UINT64 Delay; I= P6_DELAY_JOIN_LIST *DelayNode;+ EFI_STATUS Status;+ UINT32= Random;++ Status =3D PseudoRandomU32 (&Random);+ if (EFI= _ERROR (Status)) {+ DEBUG ((DEBUG_ERROR, "%a failed to generate random n= umber: %r\n", __func__, Status));+ return Status;+ } NET_CHECK_SIGNA= TURE (Interface, IP6_INTERFACE_SIGNATURE); @@ -164,7 +172,7 @@ Ip6SetAddres= s ( // Thus queue the address to be processed in Duplicate Address Detection= module // after the delay time (in milliseconds). //- Delay =3D (UINT= 64)NET_RANDOM (NetRandomInitSeed ());+ Delay =3D (UINT64)Random; Delay = =3D MultU64x32 (Delay, IP6_ONE_SECOND_IN_MS); Delay =3D RShiftU64 (Delay,= 32); diff --git a/NetworkPkg/Ip6Dxe/Ip6Mld.c b/NetworkPkg/Ip6Dxe/Ip6Mld.c index e6b2b653e295..498a11854305 100644 --- a/NetworkPkg/Ip6Dxe/Ip6Mld.c +++ b/NetworkPkg/Ip6Dxe/Ip6Mld.c @@ -696,7 +696,15 @@ Ip6UpdateDelayTimer ( IN OUT IP6_MLD_GROUP *Group ) {- UINT32 Delay;+ UINT32 Delay;= + EFI_STATUS Status;+ UINT32 Random;++ Status =3D PseudoRandomU32 = (&Random);+ if (EFI_ERROR (Status)) {+ DEBUG ((DEBUG_ERROR, "%a failed = to generate random number: %r\n", __func__, Status));+ return Status;+ = } // // If the Query packet specifies a Maximum Response Delay of zero= , perform timer@@ -715,7 +723,7 @@ Ip6UpdateDelayTimer ( // is less than the remaining value of the running timer. // if ((Gr= oup->DelayTimer =3D=3D 0) || (Delay < Group->DelayTimer)) {- Group->Dela= yTimer =3D Delay / 4294967295UL * NET_RANDOM (NetRandomInitSeed ());+ Gr= oup->DelayTimer =3D Delay / 4294967295UL * Random; } return EFI_SUCCES= S;diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.c b/NetworkPkg/Ip6Dxe/Ip6Nd.c index c10c7017f88d..72aa45c10f3f 100644 --- a/NetworkPkg/Ip6Dxe/Ip6Nd.c +++ b/NetworkPkg/Ip6Dxe/Ip6Nd.c @@ -2,7 +2,7 @@ Implementation of Neighbor Discovery support routines. Copyright (c) = 2009 - 2018, Intel Corporation. All rights reserved.
-+ Copyright (c) M= icrosoft Corporation SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ = -16,17 +16,28 @@ EFI_MAC_ADDRESS mZeroMacAddress; @param[in, out] IpSb Points to the IP6_SERVICE. + @retval EFI_SUCC= ESS ReachableTime Updated+ @retval others Failed = to update ReachableTime **/-VOID+EFI_STATUS Ip6UpdateReachableTime ( IN O= UT IP6_SERVICE *IpSb ) {- UINT32 Random;+ UINT32 Random;+ EFI_S= TATUS Status; - Random =3D (NetRandomInitSeed () / 429496729= 5UL) * IP6_RANDOM_FACTOR_SCALE;+ Status =3D PseudoRandomU32 (&Random);+ i= f (EFI_ERROR (Status)) {+ DEBUG ((DEBUG_ERROR, "%a failed to generate ra= ndom number: %r\n", __func__, Status));+ return Status;+ }++ Random = =3D (Random / 4294967295UL) * IP6_RANDOM_FACTOR_SCALE; Random = =3D Random + IP6_MIN_RANDOM_FACTOR_SCALED; IpSb->ReachableTi= me =3D (IpSb->BaseReachableTime * Random) / IP6_RANDOM_FACTOR_SCALE;++ ret= urn EFI_SUCCESS; } /**@@ -972,10 +983,17 @@ Ip6InitDADProcess ( IP6_SERVICE *IpSb; EFI_STATUS = Status; UINT32 Ma= xDelayTick;+ UINT32 Random; NET_CHEC= K_SIGNATURE (IpIf, IP6_INTERFACE_SIGNATURE); ASSERT (AddressInfo !=3D NUL= L); + Status =3D PseudoRandomU32 (&Random);+ if (EFI_ERROR (Status)) {+ = DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func_= _, Status));+ return Status;+ }+ // // Do nothing if we have alread= y started DAD on the address. //@@ -1014,7 +1032,7 @@ Ip6InitDADProcess ( Entry->Transmit =3D 0; Entry->Receive =3D 0; MaxDelayTick = =3D IP6_MAX_RTR_SOLICITATION_DELAY / IP6_TIMER_INTERVAL_IN_MS;- Entry->= RetransTick =3D (MaxDelayTick * ((NET_RANDOM (NetRandomInitSeed ()) % 5) + = 1)) / 5;+ Entry->RetransTick =3D (MaxDelayTick * ((Random % 5) + 1)) / 5; = Entry->AddressInfo =3D AddressInfo; Entry->Callback =3D Callback; = Entry->Context =3D Context;@@ -2078,7 +2096,10 @@ Ip6ProcessRouterAdver= tise ( // in BaseReachableTime and recompute a ReachableTime. // IpSb= ->BaseReachableTime =3D ReachableTime;- Ip6UpdateReachableTime (IpSb);+ = Status =3D Ip6UpdateReachableTime (IpSb);+ if (EFI_E= RROR (Status)) {+ goto Exit;+ } } if (RetransTimer !=3D 0) {di= ff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/Dx= eNetLib/DxeNetLib.c index fd4a9e15a892..b13853b23c7e 100644 --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c @@ -3,6 +3,7 @@ Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
(C= ) Copyright 2015 Hewlett Packard Enterprise Development LP
+Copyright (c= ) Microsoft Corporation SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@= -31,6 +32,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include = +#include #define NIC_ITEM_CONFIG_SIZE= (sizeof (NIC_IP4_CONFIG_INFO) + sizeof (EFI_IP4_ROUTE_TABLE) * MAX_IP4_CO= NFIG_IN_VARIABLE) #define DEFAULT_ZERO_START ((UINTN) ~0)@@ -127,6 +129,= 24 @@ GLOBAL_REMOVE_IF_UNREFERENCED VLAN_DEVICE_PATH mNetVlanDevicePathTem= plate =3D { 0 }; +//+// These represent UEFI SPEC defined algorithms that should be = supported by+// the RNG protocol and are generally considered secure.+//+//= The order of the algorithms in this array is important. This order is the = order+// in which the algorithms will be tried by the RNG protocol.+// If y= our platform needs to use a specific algorithm for the random number genera= tor,+// then you should place that algorithm first in the array.+//+GLOBAL_= REMOVE_IF_UNREFERENCED EFI_GUID *mSecureHashAlgorithms[] =3D {+ &gEfiRngA= lgorithmSp80090Ctr256Guid, // SP800-90A DRBG CTR using AES-256+ &gEfiRngA= lgorithmSp80090Hmac256Guid, // SP800-90A DRBG HMAC using SHA-256+ &gEfiRng= AlgorithmSp80090Hash256Guid, // SP800-90A DRBG Hash using SHA-256+ &gEfiRn= gAlgorithmRaw, // Raw data from NRBG (or TRNG)+};++#define S= ECURE_HASH_ALGORITHMS_SIZE (sizeof (mSecureHashAlgorithms) / sizeof (EFI_G= UID *))+ /** Locate the handles that support SNP, then open one of them = to send the syslog packets. The caller isn't required to close@@ -884,34 += 904,107 @@ Ip6Swap128 ( } /**- Initialize a random seed using current time and monotonic count.+= Generate a Random output data given a length. - Get current time and mon= otonic count first. Then initialize a random seed- based on some basic mat= hematics operation on the hour, day, minute, second,- nanosecond and year = of the current time and the monotonic count value.+ @param[out] Output - T= he buffer to store the generated random data.+ @param[in] OutputLength - T= he length of the output buffer. - @return The random seed initialized with= current time.+ @retval EFI_SUCCESS On Success+ @retval EFI_INV= ALID_PARAMETER Pointer is null or size is zero+ @retval EFI_NOT_FOUND = RNG protocol not found+ @retval Others Error from RngPr= otocol->GetRNG() + @return Status code **/-UINT32+EFI_STATUS EFIAPI-NetRan= domInitSeed (- VOID+PseudoRandom (+ OUT VOID *Output,+ IN UINTN Ou= tputLength ) {- EFI_TIME Time;- UINT32 Seed;- UINT64 MonotonicC= ount;+ EFI_RNG_PROTOCOL *RngProtocol;+ EFI_STATUS Status;+ UINTN= AlgorithmIndex; - gRT->GetTime (&Time, NULL);- Seed =3D (Ti= me.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | Time.Second);- Seed ^= =3D Time.Nanosecond;- Seed ^=3D Time.Year << 7;+ if ((Output =3D=3D NULL)= || (OutputLength =3D=3D 0)) {+ return EFI_INVALID_PARAMETER;+ } - gBS= ->GetNextMonotonicCount (&MonotonicCount);- Seed +=3D (UINT32)MonotonicCou= nt;+ Status =3D gBS->LocateProtocol (&gEfiRngProtocolGuid, NULL, (VOID **)= &RngProtocol);+ if (EFI_ERROR (Status)) {+ DEBUG ((DEBUG_ERROR, "Failed= to locate EFI_RNG_PROTOCOL: %r\n", Status));+ ASSERT_EFI_ERROR (Status)= ;+ return Status;+ } - return Seed;+ if (PcdGetBool (PcdEnforceSecure= RngAlgorithms)) {+ for (AlgorithmIndex =3D 0; AlgorithmIndex < SECURE_HA= SH_ALGORITHMS_SIZE; AlgorithmIndex++) {+ Status =3D RngProtocol->GetRN= G (RngProtocol, mSecureHashAlgorithms[AlgorithmIndex], OutputLength, (UINT8= *)Output);+ if (!EFI_ERROR (Status)) {+ //+ // Secure A= lgorithm was supported on this platform+ //+ return EFI_SUCCE= SS;+ } else if (Status =3D=3D EFI_UNSUPPORTED) {+ //+ //= Secure Algorithm was not supported on this platform+ //+ DEB= UG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d= : %r\n", AlgorithmIndex, Status));++ //+ // Try the next secu= re algorithm+ //+ continue;+ } else {+ //+ = // Some other error occurred+ //+ DEBUG ((DEBUG_ERROR, "Fail= ed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex= , Status));+ ASSERT_EFI_ERROR (Status);+ return Status;+ = }+ }++ //+ // If we get here, we failed to generate random data u= sing any secure algorithm+ // Platform owner should ensure that at least= one secure algorithm is supported+ //+ ASSERT_EFI_ERROR (Status);+ = return Status;+ }++ //+ // Lets try using the default algorithm (which= may not be secure)+ //+ Status =3D RngProtocol->GetRNG (RngProtocol, NUL= L, OutputLength, (UINT8 *)Output);+ if (EFI_ERROR (Status)) {+ DEBUG ((= DEBUG_ERROR, "%a failed to generate random data: %r\n", __func__, Status));= + ASSERT_EFI_ERROR (Status);+ return Status;+ }++ return EFI_SUCCES= S;+}++/**+ Generate a 32-bit pseudo-random number.++ @param[out] Output -= The buffer to store the generated random number.++ @retval EFI_SUCCESS = On Success+ @retval EFI_NOT_FOUND RNG protocol not found+ = @retval Others Error from RngProtocol->GetRNG()++ @return = Status code+**/+EFI_STATUS+EFIAPI+PseudoRandomU32 (+ OUT UINT32 *Output+ = )+{+ return PseudoRandom (Output, sizeof (*Output)); } /**diff --git a/N= etworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c index 98a90e02109b..8fe6badd687c 100644 --- a/NetworkPkg/TcpDxe/TcpDriver.c +++ b/NetworkPkg/TcpDxe/TcpDriver.c @@ -2,7 +2,7 @@ The driver binding and service binding protocol for the TCP driver. C= opyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
-+ Co= pyright (c) Microsoft Corporation SPDX-License-Identifier: BSD-2-Clause-P= atent **/@@ -163,7 +163,13 @@ TcpDriverEntryPoint ( ) { EFI_STATUS Status;- UINT32 Seed;+ UINT32 Random;++ S= tatus =3D PseudoRandomU32 (&Random);+ if (EFI_ERROR (Status)) {+ DEBUG = ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Statu= s));+ return Status;+ } // // Install the TCP Driver Binding Proto= col@@ -203,9 +209,8 @@ TcpDriverEntryPoint ( // // Initialize ISS and random port. //- Seed =3D NetRa= ndomInitSeed ();- mTcpGlobalIss =3D NET_RANDOM (Seed) % mTcpGlobalIss;- = mTcp4RandomPort =3D (UINT16)(TCP_PORT_KNOWN + (NET_RANDOM (Seed) % TCP_POR= T_KNOWN));+ mTcpGlobalIss =3D Random % mTcpGlobalIss;+ mTcp4RandomPort = =3D (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN)); mTcp6RandomPort= =3D mTcp4RandomPort; return EFI_SUCCESS;diff --git a/NetworkPkg/Udp4Dxe= /Udp4Driver.c b/NetworkPkg/Udp4Dxe/Udp4Driver.c index cb917fcfc90f..c7ea16f4cd6f 100644 --- a/NetworkPkg/Udp4Dxe/Udp4Driver.c +++ b/NetworkPkg/Udp4Dxe/Udp4Driver.c @@ -1,6 +1,7 @@ /** @file Copyright (c) 2006 - 2018, Intel Corporation. All rights reserv= ed.
+Copyright (c) Microsoft Corporation SPDX-License-Identifier: BSD-2-= Clause-Patent **/@@ -555,6 +556,13 @@ Udp4DriverEntryPoint ( ) { EFI_STATUS Status;+ UINT32 Random;++ Status =3D PseudoRand= omU32 (&Random);+ if (EFI_ERROR (Status)) {+ DEBUG ((DEBUG_ERROR, "%a f= ailed to generate random number: %r\n", __func__, Status));+ return Stat= us;+ } // // Install the Udp4DriverBinding and Udp4ComponentName prot= ocols.@@ -571,7 +579,7 @@ Udp4DriverEntryPoint ( // // Initialize the UDP random port. //- mUdp4RandomPort = =3D (UINT16)(((UINT16)NetRandomInitSeed ()) % UDP4_PORT_KNOWN + UDP4_PORT_K= NOWN);+ mUdp4RandomPort =3D (UINT16)(((UINT16)Random) % UDP4_PORT_KNOWN = + UDP4_PORT_KNOWN); } return Status;diff --git a/NetworkPkg/Udp6Dxe/Ud= p6Driver.c b/NetworkPkg/Udp6Dxe/Udp6Driver.c index ae96fb996627..edb758d57ca4 100644 --- a/NetworkPkg/Udp6Dxe/Udp6Driver.c +++ b/NetworkPkg/Udp6Dxe/Udp6Driver.c @@ -2,7 +2,7 @@ Driver Binding functions and Service Binding functions for the Network d= river module. Copyright (c) 2009 - 2018, Intel Corporation. All rights r= eserved.
-+ Copyright (c) Microsoft Corporation SPDX-License-Identifi= er: BSD-2-Clause-Patent **/@@ -596,6 +596,13 @@ Udp6DriverEntryPoint ( ) { EFI_STATUS Status;+ UINT32 Random;++ Status =3D PseudoRand= omU32 (&Random);+ if (EFI_ERROR (Status)) {+ DEBUG ((DEBUG_ERROR, "%a f= ailed to generate random number: %r\n", __func__, Status));+ return Stat= us;+ } // // Install the Udp6DriverBinding and Udp6ComponentName prot= ocols.@@ -614,7 +621,7 @@ Udp6DriverEntryPoint ( // Initialize the UDP random port. // mUdp6RandomPort =3D (UIN= T16)(- ((UINT16)NetRandomInitSeed ()) %+ = ((UINT16)Random) % = UDP6_PORT_KNOWN + UDP6_PORT_KNOWN = );diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c b= /NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c index 91146b78cb1e..452038c2194c 100644 --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c @@ -2,7 +2,7 @@ Functions implementation related with DHCPv4 for UefiPxeBc Driver. Co= pyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
-+ Cop= yright (c) Microsoft Corporation SPDX-License-Identifier: BSD-2-Clause-Pa= tent **/@@ -1381,6 +1381,12 @@ PxeBcDhcp4Discover ( UINT8 VendorOptLen; UINT32 = Xid; + Status =3D PseudoRandomU32 (&Xid);+ if (EFI_ERROR (Sta= tus)) {+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n= ", __func__, Status));+ return Status;+ }+ Mode =3D Private->PxeBc.= Mode; Dhcp4 =3D Private->Dhcp4; Status =3D EFI_SUCCESS;@@ -1471,7 +147= 7,6 @@ PxeBcDhcp4Discover ( // // Set fields of the token for the request packet. //- Xid = =3D NET_RANDOM (NetRandomInitSeed ()); Token.P= acket->Dhcp4.Header.Xid =3D HTONL (Xid); Token.Packet->Dhcp4.Header.= Reserved =3D HTONS ((UINT16)((IsBCast) ? 0x8000 : 0x0)); CopyMem (&Token.= Packet->Dhcp4.Header.ClientAddr, &Private->StationIp, sizeof (EFI_IPv4_ADDR= ESS));diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c b/NetworkPkg/UefiPx= eBcDxe/PxeBcDhcp6.c index 7fd1281c1184..bcabbd221983 100644 --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c @@ -2180,7 +2180,7 @@ PxeBcDhcp6Discover ( UINTN ReadSize; UINT16 = OpCode; UINT16 OpLen;- UINT32 = Xid;+ UINT32 Random; EFI_STATU= S Status; UINTN Discover= LenNeeded; @@ -2198,6 +2198,12 @@ PxeBcDhcp6Discover ( return EFI_DEVICE_ERROR; } + Status =3D PseudoRandomU32 (&Random);+= if (EFI_ERROR (Status)) {+ DEBUG ((DEBUG_ERROR, "%a failed to generate= random number: %r\n", __func__, Status));+ return Status;+ }+ Discov= erLenNeeded =3D sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET); Discover = =3D AllocateZeroPool (DiscoverLenNeeded); if (Discover =3D=3D NULL) {@= @ -2207,8 +2213,7 @@ PxeBcDhcp6Discover ( // // Build the discover packet by the cached request packet before. = //- Xid =3D NET_RANDOM (NetRandomInitSeed ());- Disc= over->TransactionId =3D HTONL (Xid);+ Discover->TransactionId =3D HTONL (R= andom); Discover->MessageType =3D Request->Dhcp6.Header.MessageType; = RequestOpt =3D Request->Dhcp6.Option; DiscoverOpt = =3D Discover->DhcpOptions;diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDrive= r.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c index d84aca7e85ab..4cd915b41157 100644 --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c @@ -3,6 +3,7 @@ (C) Copyright 2014 Hewlett-Packard Development Company, L.P.
Copy= right (c) 2007 - 2019, Intel Corporation. All rights reserved.
+ Copyri= ght (c) Microsoft Corporation SPDX-License-Identifier: BSD-2-Clause-Pate= nt @@ -892,6 +893,13 @@ PxeBcCreateIp6Children ( PXEBC_PRIVATE_PROTOCOL *Id; EFI_SIMPLE_NETWORK_PROTOCOL *Snp; = UINTN Index;+ UINT32 Random;= ++ Status =3D PseudoRandomU32 (&Random);+ if (EFI_ERROR (Status)) {+ D= EBUG ((DEBUG_ERROR, "Failed to generate random number using EFI_RNG_PROTOCO= L: %r\n", Status));+ return Status;+ } if (Private->Ip6Nic !=3D NULL= ) { //@@ -935,9 +943,9 @@ PxeBcCreateIp6Children ( } //- // Generate a random IAID for the Dhcp6 assigned address.+ //= Set a random IAID for the Dhcp6 assigned address. //- Private->IaId =3D= NET_RANDOM (NetRandomInitSeed ());+ Private->IaId =3D Random; if (Priva= te->Snp !=3D NULL) { for (Index =3D 0; Index < Private->Snp->Mode->HwAd= dressSize; Index++) { Private->IaId |=3D (Private->Snp->Mode->Current= Address.Addr[Index] << ((Index << 3) & 31));diff --git a/NetworkPkg/Securit= yFixes.yaml b/NetworkPkg/SecurityFixes.yaml index fa42025e0d82..20a4555019d9 100644 --- a/NetworkPkg/SecurityFixes.yaml +++ b/NetworkPkg/SecurityFixes.yaml @@ -122,3 +122,42 @@ CVE_2023_45235: - http://www.openwall.com/lists/oss-security/2024/01/16/2 - http:/= /packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html = - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-e= dk-ii-ipv6-network-stack.html+CVE_2023_45237:+ commit_titles:+ - "Netwo= rkPkg:: SECURITY PATCH CVE 2023-45237"+ cve: CVE-2023-45237+ date_reporte= d: 2023-08-28 13:56 UTC+ description: "Bug 09 - Use of a Weak PseudoRandom= Number Generator"+ note:+ files_impacted:+ - NetworkPkg/Dhcp4Dxe/Dhcp= 4Driver.c+ - NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c+ - NetworkPkg/DnsDxe/D= nsDhcp.c+ - NetworkPkg/DnsDxe/DnsImpl.c+ - NetworkPkg/HttpBootDxe/Htt= pBootDhcp6.c+ - NetworkPkg/IScsiDxe/IScsiCHAP.c+ - NetworkPkg/IScsiDx= e/IScsiMisc.c+ - NetworkPkg/IScsiDxe/IScsiMisc.h+ - NetworkPkg/Includ= e/Library/NetLib.h+ - NetworkPkg/Ip4Dxe/Ip4Driver.c+ - NetworkPkg/Ip6= Dxe/Ip6ConfigImpl.c+ - NetworkPkg/Ip6Dxe/Ip6Driver.c+ - NetworkPkg/Ip= 6Dxe/Ip6If.c+ - NetworkPkg/Ip6Dxe/Ip6Mld.c+ - NetworkPkg/Ip6Dxe/Ip6Nd= .c+ - NetworkPkg/Ip6Dxe/Ip6Nd.h+ - NetworkPkg/Library/DxeNetLib/DxeNe= tLib.c+ - NetworkPkg/Library/DxeNetLib/DxeNetLib.inf+ - NetworkPkg/Ne= tworkPkg.dec+ - NetworkPkg/TcpDxe/TcpDriver.c+ - NetworkPkg/Udp4Dxe/U= dp4Driver.c+ - NetworkPkg/Udp6Dxe/Udp6Driver.c+ - NetworkPkg/UefiPxeB= cDxe/PxeBcDhcp4.c+ - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c+ - NetworkP= kg/UefiPxeBcDxe/PxeBcDriver.c+ links:+ - https://bugzilla.tianocore.org= /show_bug.cgi?id=3D4542+ - https://nvd.nist.gov/vuln/detail/CVE-2023-452= 37+ - http://www.openwall.com/lists/oss-security/2024/01/16/2+ - http= ://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html+ = - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores= -edk-ii-ipv6-network-stack.html--=20 2.34.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118929): https://edk2.groups.io/g/devel/message/118929 Mute This Topic: https://groups.io/mt/105996586/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-