From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by mx.groups.io with SMTP id smtpd.web10.17196.1688633555621121298
 for <devel@edk2.groups.io>;
 Thu, 06 Jul 2023 01:52:35 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: pierre.gondois@arm.com)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 48C79DE0;
	Thu,  6 Jul 2023 01:53:17 -0700 (PDT)
Received: from e126645.arm.com (unknown [10.57.86.190])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id D3AE53F73F;
	Thu,  6 Jul 2023 01:52:32 -0700 (PDT)
From: "PierreGondois" <pierre.gondois@arm.com>
To: devel@edk2.groups.io
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Jose Marinho <Jose.Marinho@arm.com>,
	Kun Qin <kuqin12@gmail.com>
Subject: [PATCH v3 2/6] MdePkg/DxeRngLib: Request raw algorithm instead of default
Date: Thu,  6 Jul 2023 10:51:55 +0200
Message-Id: <20230706085159.626374-3-pierre.gondois@arm.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20230706085159.626374-1-pierre.gondois@arm.com>
References: <20230706085159.626374-1-pierre.gondois@arm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

From: Pierre Gondois <pierre.gondois@arm.com>

The DxeRngLib tries to generate a random number using the 3 NIST
SP 800-90 compliant DRBG algorithms, i.e. 256-bits CTR, HASH and HMAC.
If none of the call is successful, the fallback option is the default
RNG algorithm of the EFI_RNG_PROTOCOL. This default algorithm might
be an unsafe implementation.

Try requesting the Raw algorithm before requesting the default one.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
---
 MdePkg/Library/DxeRngLib/DxeRngLib.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRng=
Lib/DxeRngLib.c
index 46aea515924f..a01b66ad7d20 100644
--- a/MdePkg/Library/DxeRngLib/DxeRngLib.c
+++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c
@@ -65,9 +65,15 @@ GenerateRandomNumberViaNist800Algorithm (
     return Status;
   }
=20
+  Status =3D RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmRaw, Buf=
ferSize, Buffer);
+  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Raw - Status =3D %r\n", __fu=
nc__, Status));
+  if (!EFI_ERROR (Status)) {
+    return Status;
+  }
+
   // If all the other methods have failed, use the default method from t=
he RngProtocol
   Status =3D RngProtocol->GetRNG (RngProtocol, NULL, BufferSize, Buffer)=
;
-  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Hash-256 - Status =3D %r\n",=
 __func__, Status));
+  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status =3D %r\n", =
__func__, Status));
   if (!EFI_ERROR (Status)) {
     return Status;
   }
--=20
2.25.1