From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 60415D8026F for ; Thu, 9 May 2024 05:56:48 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=lA/2mfLorcjFsysJwrbX2z7eV/9SnCyvNO12USrtRxY=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1715234206; v=1; b=JUs/Ew7cWXoj+U8lqmdZvOEciye7wi3S5G8n8bWlT+2ElulifELs9SKv6RKDGIYAea2fkySn fndwkNAmCnWAVe9fL0f5oz48L9I99znKtFc0ZkSAc77aGoEUF9nHyVMT2na1uY/0+wb3cHNbPdh N2wrZeq48gOGTQGuncwAsONd/gHntPwqjIPIVIMEHMRXmObiLsbi2HDTYVMhivBt4a7kApo3eRk c1mPa1Ydj8uXSYVNbP4XPEf22pr70tVwQej1Lt8aiNUw8B+cwtrlWWbignzmBbcAkFjNdVQKdPy tnmREAqDkIGY/s7c88vSbCfcLaFzfBWWKygJdkaM+QL3A== X-Received: by 127.0.0.2 with SMTP id YbgvYY7687511x0SkgI3XCFl; Wed, 08 May 2024 22:56:46 -0700 X-Received: from mail-ot1-f50.google.com (mail-ot1-f50.google.com [209.85.210.50]) by mx.groups.io with SMTP id smtpd.web11.3558.1715234203521143049 for ; Wed, 08 May 2024 22:56:43 -0700 X-Received: by mail-ot1-f50.google.com with SMTP id 46e09a7af769-6f0e4212d5aso56383a34.3 for ; Wed, 08 May 2024 22:56:43 -0700 (PDT) X-Gm-Message-State: RHDbU7MFIPi2874Vmc6rN0jVx7686176AA= X-Google-Smtp-Source: AGHT+IHbseLIx9i2GBtcNstrsjgnU47daxldoDUf9XctkCTs/dsm0iLjImvCJ73dw9YIb8vIZq8uvQ== X-Received: by 2002:a54:448c:0:b0:3c6:805:4889 with SMTP id 5614622812f47-3c9852b25c1mr4944548b6e.17.1715234202691; Wed, 08 May 2024 22:56:42 -0700 (PDT) X-Received: from localhost.localdomain (c-67-160-15-86.hsd1.wa.comcast.net. [67.160.15.86]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-6f4d2b26cf5sm525611b3a.195.2024.05.08.22.56.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 May 2024 22:56:42 -0700 (PDT) From: "Doug Flick via groups.io" To: devel@edk2.groups.io Cc: Jiewen Yao Subject: [edk2-devel] [PATCH v2 07/13] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng Date: Wed, 8 May 2024 22:56:27 -0700 Message-Id: <20240509055633.828642-8-doug.edk2@gmail.com> In-Reply-To: <20240509055633.828642-1-doug.edk2@gmail.com> References: <20240509055633.828642-1-doug.edk2@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 08 May 2024 22:56:43 -0700 Resent-From: dougflick@microsoft.com Reply-To: devel@edk2.groups.io,dougflick@microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b="JUs/Ew7c"; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=pass (policy=none) header.from=groups.io Removed from gEfiRngAlgorithmRaw an incorrect assumption that Raw cannot return less than 256 bits. The DRNG Algorithms should always use a 256 bit seed as per nist standards however a caller is free to request less than 256 bits. > > // > // When a DRBG is used on the output of a entropy source, > // its security level must be at least 256 bits according to UEFI Spec. > // > if (RNGValueLength < 32) { > return EFI_INVALID_PARAMETER; > } > AARCH64 platforms do not have this limitation and this brings both implementations into alignment with each other and the spec. Cc: Jiewen Yao Signed-off-by: Doug Flick [MSFT] --- SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/Secur= ityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c index 7e06e16e4be5..5723ed695747 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c @@ -116,14 +116,6 @@ RngGetRNG ( // The "raw" algorithm is intended to provide entropy directly=0D //=0D if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {=0D - //=0D - // When a DRBG is used on the output of a entropy source,=0D - // its security level must be at least 256 bits according to UEFI Spec= .=0D - //=0D - if (RNGValueLength < 32) {=0D - return EFI_INVALID_PARAMETER;=0D - }=0D -=0D Status =3D GenerateEntropy (RNGValueLength, RNGValue);=0D return Status;=0D }=0D --=20 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118722): https://edk2.groups.io/g/devel/message/118722 Mute This Topic: https://groups.io/mt/105996584/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-