From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 0F1C4740032 for ; Fri, 24 May 2024 05:45:27 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=Sj7LVISeship2BTKZq99umxeBkro5GAHgrZQ5p+YXq4=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1716529526; v=1; b=LcjgNOZ73h1O0vVRF9zAfs1bNouKdWonLU91vAl4AhMYND1vBUYZZ58rOOo0CZNB6G7zg09T wWUdMpEldfdDrnHYx3DOcL4su8Y7imZXY6x+Tl85DWSyqc7EZ56LzlP1LFVIEpUxQvTB48OsW9+ 2qX6gtfhB34sOHBtwKDVivV8S0hxDSwE3n7PlzS7dlQDWYPBKK2b/RzXlZf8eW1S87ExQzoVEuG +IjESCuieentrjv5WU9/aoJXWzCLq0QgYT4XHmRO/+JHc1mmgdSxQSDBT+Vj6hVbCchpRl9A9kJ tKpTWm26M0qDJUVRFsFaZXDomszMQcl/9R5a2aTsiQOzg== X-Received: by 127.0.0.2 with SMTP id SeEJYY7687511x1orUw5TZrh; Thu, 23 May 2024 22:45:26 -0700 X-Received: from mail-oo1-f47.google.com (mail-oo1-f47.google.com [209.85.161.47]) by mx.groups.io with SMTP id smtpd.web10.9217.1716529524728012988 for ; Thu, 23 May 2024 22:45:24 -0700 X-Received: by mail-oo1-f47.google.com with SMTP id 006d021491bc7-5b974ed350bso21177eaf.1 for ; Thu, 23 May 2024 22:45:24 -0700 (PDT) X-Gm-Message-State: 0M2uDJzmSUDE4Yo7qx8Ai8zCx7686176AA= X-Google-Smtp-Source: AGHT+IF04YIcDuhPtvzCgAcPIKzEzUBO3DZAVBGcs2PSuV1IDQTfmOBOB9tipF931RgdWQmanstpxA== X-Received: by 2002:a05:6870:524b:b0:24c:5e61:77e1 with SMTP id 586e51a60fabf-24ca15f8985mr1308854fac.57.1716529523347; Thu, 23 May 2024 22:45:23 -0700 (PDT) X-Received: from localhost.localdomain (c-67-160-15-86.hsd1.wa.comcast.net. [67.160.15.86]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-6f8fcfe64a4sm471919b3a.158.2024.05.23.22.45.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 May 2024 22:45:23 -0700 (PDT) From: "Doug Flick via groups.io" X-Google-Original-From: Flickdm To: devel@edk2.groups.io Cc: Jiewen Yao Subject: [edk2-devel] [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng Date: Thu, 23 May 2024 22:44:59 -0700 Message-Id: <20240524054512.523329-8-douglas.flick@microsoft.com> In-Reply-To: <20240524054512.523329-1-douglas.flick@microsoft.com> References: <20240524054512.523329-1-douglas.flick@microsoft.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Thu, 23 May 2024 22:45:24 -0700 Resent-From: dougflick@microsoft.com Reply-To: devel@edk2.groups.io,dougflick@microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=LcjgNOZ7; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io Removed from gEfiRngAlgorithmRaw an incorrect assumption that Raw cannot return less than 256 bits. The DRNG Algorithms should always use a 256 bit seed as per nist standards however a caller is free to request less than 256 bits. > > // > // When a DRBG is used on the output of a entropy source, > // its security level must be at least 256 bits according to UEFI Spec. > // > if (RNGValueLength < 32) { > return EFI_INVALID_PARAMETER; > } > AARCH64 platforms do not have this limitation and this brings both implementations into alignment with each other and the spec. Cc: Jiewen Yao Signed-off-by: Doug Flick [MSFT] Reviewed-by: Ard Biesheuvel --- SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/Secur= ityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c index 7e06e16e4b..5723ed6957 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c @@ -116,14 +116,6 @@ RngGetRNG ( // The "raw" algorithm is intended to provide entropy directly=0D //=0D if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {=0D - //=0D - // When a DRBG is used on the output of a entropy source,=0D - // its security level must be at least 256 bits according to UEFI Spec= .=0D - //=0D - if (RNGValueLength < 32) {=0D - return EFI_INVALID_PARAMETER;=0D - }=0D -=0D Status =3D GenerateEntropy (RNGValueLength, RNGValue);=0D return Status;=0D }=0D --=20 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119234): https://edk2.groups.io/g/devel/message/119234 Mute This Topic: https://groups.io/mt/106276859/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-