[edk2-devel] [PATCH v1 3/8] MdePkg/DxeRngLib: Request raw algorithm instead of default

Sami Mujawar sami.mujawar at arm.com
Thu Jun 29 10:24:09 UTC 2023 

Hi Pierre,

Thank you for this patch.

These changes look good to me.

Reviewed-by: Sami Mujawar <sami.mujawar at arm.com>

Regards,

Sami Mujawar

On 09/05/2023 08:40 am, pierre.gondois at arm.com wrote:
> From: Pierre Gondois <pierre.gondois at arm.com>
>
> The DxeRngLib tries to generate a random number using the 3 NIST
> SP 800-90 compliant DRBG algorithms, i.e. 256-bits CTR, HASH and HMAC.
> If none of the call is successful, the fallback option is the default
> RNG algorithm of the EFI_RNG_PROTOCOL. This default algorithm might
> be an unsafe implementation.
>
> Try requesting the Raw algorithm before requesting the default one.
>
> Signed-off-by: Pierre Gondois <pierre.gondois at arm.com>
> ---
>   MdePkg/Library/DxeRngLib/DxeRngLib.c | 8 +++++++-
>   1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLib/DxeRngLib.c
> index 46aea515924f..a01b66ad7d20 100644
> --- a/MdePkg/Library/DxeRngLib/DxeRngLib.c
> +++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c
> @@ -65,9 +65,15 @@ GenerateRandomNumberViaNist800Algorithm (
>       return Status;
>     }
>   
> +  Status = RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmRaw, BufferSize, Buffer);
> +  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Raw - Status = %r\n", __func__, Status));
> +  if (!EFI_ERROR (Status)) {
> +    return Status;
> +  }
> +
>     // If all the other methods have failed, use the default method from the RngProtocol
>     Status = RngProtocol->GetRNG (RngProtocol, NULL, BufferSize, Buffer);
> -  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Hash-256 - Status = %r\n", __func__, Status));
> +  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status = %r\n", __func__, Status));
>     if (!EFI_ERROR (Status)) {
>       return Status;
>     }


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106508): https://edk2.groups.io/g/devel/message/106508
Mute This Topic: https://groups.io/mt/98779040/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list