From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+107713+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 5EB6DD806C6
	for <rebecca@openfw.io>; Fri, 11 Aug 2023 14:33:33 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=YySYKUMnm03GiTE4VlDYC7bZtoYbh170eJ4DgeBxkQE=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20140610; t=1691764412; v=1;
 b=ZdxgJO1gXRJurHeUSsIicmUT5cT78W99/wAl52CucHTdKPhLDU9h1NhQWfEmWu/6JHzIhvB5
 626ixSMWeTbtstowMinSZomxLmeWn5WvNlqXmyDMLN9YI9aQXxVnLXjlqkUX6sRxm6BRN/R0LQs
 TvUlq3jFPpTErZebmfqlHgVg=
X-Received: by 127.0.0.2 with SMTP id S3fWYY7687511xZQC088T7do; Fri, 11 Aug 2023 07:33:32 -0700
X-Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by mx.groups.io with SMTP id smtpd.web11.44223.1691764411540563483
 for <devel@edk2.groups.io>;
 Fri, 11 Aug 2023 07:33:31 -0700
X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8F4BA150C;
	Fri, 11 Aug 2023 07:34:13 -0700 (PDT)
X-Received: from e126645.arm.com (unknown [10.57.35.55])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 088293F64C;
	Fri, 11 Aug 2023 07:33:28 -0700 (PDT)
From: "PierreGondois" <pierre.gondois@arm.com>
To: devel@edk2.groups.io
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Kun Qin <kuqin12@gmail.com>
Subject: [edk2-devel] [PATCH v6 4/9] MdePkg/DxeRngLib: Request raw algorithm instead of default
Date: Fri, 11 Aug 2023 16:33:05 +0200
Message-Id: <20230811143310.55101-5-pierre.gondois@arm.com>
In-Reply-To: <20230811143310.55101-1-pierre.gondois@arm.com>
References: <20230811143310.55101-1-pierre.gondois@arm.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: Zci8CgmMGdyjK4P4lcOwyGOmx7686176AA=
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=ZdxgJO1g;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=arm.com (policy=none)

From: Pierre Gondois <pierre.gondois@arm.com>

The DxeRngLib tries to generate a random number using the 3 NIST
SP 800-90 compliant DRBG algorithms, i.e. 256-bits CTR, HASH and HMAC.
If none of the call is successful, the fallback option is the default
RNG algorithm of the EFI_RNG_PROTOCOL. This default algorithm might
be an unsafe implementation.

Try requesting the Raw algorithm before requesting the default one.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Tested-by: Kun Qin <kun.qin@microsoft.com>
---
 MdePkg/Library/DxeRngLib/DxeRngLib.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRng=
Lib/DxeRngLib.c
index 46aea515924f..a01b66ad7d20 100644
--- a/MdePkg/Library/DxeRngLib/DxeRngLib.c
+++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c
@@ -65,9 +65,15 @@ GenerateRandomNumberViaNist800Algorithm (
     return Status;
   }
=20
+  Status =3D RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmRaw, Buf=
ferSize, Buffer);
+  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Raw - Status =3D %r\n", __fu=
nc__, Status));
+  if (!EFI_ERROR (Status)) {
+    return Status;
+  }
+
   // If all the other methods have failed, use the default method from t=
he RngProtocol
   Status =3D RngProtocol->GetRNG (RngProtocol, NULL, BufferSize, Buffer)=
;
-  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Hash-256 - Status =3D %r\n",=
 __func__, Status));
+  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status =3D %r\n", =
__func__, Status));
   if (!EFI_ERROR (Status)) {
     return Status;
   }
--=20
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107713): https://edk2.groups.io/g/devel/message/107713
Mute This Topic: https://groups.io/mt/100684687/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-