From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+107011+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 26C8D7803CC
	for <rebecca@openfw.io>; Tue, 18 Jul 2023 11:52:42 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=aP7bumEE321E1sRNknzvkbKrXMIxZNKNJ0/B78b5dVo=;
 c=relaxed/simple; d=groups.io;
 h=X-Received:X-Received:X-Received:X-Received:From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:X-Gm-Message-State:Content-Transfer-Encoding;
 s=20140610; t=1689681160; v=1;
 b=YqeI6MR9/MlZ2Zyg+WKudVQBwkXs3gznMeDSbjA8cFw7SL09aj8lsJqP2h37JGVdE92hGroN
 fUxNKeYYTN+LPS0IPuVStrlhRSS88/nfycs4yhhF5HpLTpRw9v/soJmCWnoTp0qA14DKkABgQEi
 KulWKo3fmXyEf2dWwCpJriWc=
X-Received: by 127.0.0.2 with SMTP id qluGYY7687511x53vA4pLqT9; Tue, 18 Jul 2023 04:52:40 -0700
X-Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by mx.groups.io with SMTP id smtpd.web10.5680.1689681160314585989
 for <devel@edk2.groups.io>;
 Tue, 18 Jul 2023 04:52:40 -0700
X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4BF8F12FC;
	Tue, 18 Jul 2023 04:53:23 -0700 (PDT)
X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.101])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 4A8A23F6C4;
	Tue, 18 Jul 2023 04:52:38 -0700 (PDT)
From: "PierreGondois" <pierre.gondois@arm.com>
To: devel@edk2.groups.io
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Jose Marinho <Jose.Marinho@arm.com>,
	Kun Qin <kuqin12@gmail.com>
Subject: [edk2-devel] [PATCH v5 4/9] MdePkg/DxeRngLib: Request raw algorithm instead of default
Date: Tue, 18 Jul 2023 13:51:51 +0200
Message-Id: <20230718115156.1224842-5-pierre.gondois@arm.com>
In-Reply-To: <20230718115156.1224842-1-pierre.gondois@arm.com>
References: <20230718115156.1224842-1-pierre.gondois@arm.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com
X-Gm-Message-State: G5Ml01kBbSma9KCCkLSAwcMex7686176AA=
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=YqeI6MR9;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=arm.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

From: Pierre Gondois <pierre.gondois@arm.com>

The DxeRngLib tries to generate a random number using the 3 NIST
SP 800-90 compliant DRBG algorithms, i.e. 256-bits CTR, HASH and HMAC.
If none of the call is successful, the fallback option is the default
RNG algorithm of the EFI_RNG_PROTOCOL. This default algorithm might
be an unsafe implementation.

Try requesting the Raw algorithm before requesting the default one.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
---
 MdePkg/Library/DxeRngLib/DxeRngLib.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRng=
Lib/DxeRngLib.c
index 46aea515924f..a01b66ad7d20 100644
--- a/MdePkg/Library/DxeRngLib/DxeRngLib.c
+++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c
@@ -65,9 +65,15 @@ GenerateRandomNumberViaNist800Algorithm (
     return Status;
   }
=20
+  Status =3D RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmRaw, Buf=
ferSize, Buffer);
+  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Raw - Status =3D %r\n", __fu=
nc__, Status));
+  if (!EFI_ERROR (Status)) {
+    return Status;
+  }
+
   // If all the other methods have failed, use the default method from t=
he RngProtocol
   Status =3D RngProtocol->GetRNG (RngProtocol, NULL, BufferSize, Buffer)=
;
-  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Hash-256 - Status =3D %r\n",=
 __func__, Status));
+  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status =3D %r\n", =
__func__, Status));
   if (!EFI_ERROR (Status)) {
     return Status;
   }
--=20
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107011): https://edk2.groups.io/g/devel/message/107011
Mute This Topic: https://groups.io/mt/100213731/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-