From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (EUR05-DB8-obe.outbound.protection.outlook.com [40.107.20.73]) by mx.groups.io with SMTP id smtpd.web11.5085.1688034269459686315 for ; Thu, 29 Jun 2023 03:24:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=ZOrUzRHv; spf=pass (domain: arm.com, ip: 40.107.20.73, mailfrom: sami.mujawar@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UcS+FuZsdEQcUWqfxNYDQ+w3ZBTkNWBb4m7wOk2931Y=; b=ZOrUzRHvHj22yliZAV8I48r4NBNlJWmQAOz1DvKtJsn7W++Iz8hx9bXXKn2HX/1OUhsb9UJaM9rwtYSOQuPZAFqVM9ke+rekEt6BGQj0+/1H2jtz/jYxdBrIZXipUky0LdV3kxQs3kKGO0p72V8nqo2YU5XXgA2ndYEiSeWNa5A= Received: from AS9PR05CA0193.eurprd05.prod.outlook.com (2603:10a6:20b:495::15) by DB9PR08MB6635.eurprd08.prod.outlook.com (2603:10a6:10:254::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.26; Thu, 29 Jun 2023 10:24:26 +0000 Received: from AM7EUR03FT065.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:495:cafe::54) by AS9PR05CA0193.outlook.office365.com (2603:10a6:20b:495::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6544.22 via Frontend Transport; Thu, 29 Jun 2023 10:24:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM7EUR03FT065.mail.protection.outlook.com (100.127.140.250) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6544.22 via Frontend Transport; Thu, 29 Jun 2023 10:24:26 +0000 Received: ("Tessian outbound 52217515e112:v142"); Thu, 29 Jun 2023 10:24:26 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: d4a169ac20940aec X-CR-MTA-TID: 64aa7808 Received: from 1865ec9ab9ef.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 3358D364-E546-42A3-9928-8EE1520CA824.1; Thu, 29 Jun 2023 10:24:14 +0000 Received: from EUR03-DBA-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 1865ec9ab9ef.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 29 Jun 2023 10:24:14 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MUYcBHMH5I+qEZ6lXo1hd6Vug8glD9c1oUID9nkzbaNj5TZGWhov4Pmzox7vSOruevcp9lI7TaFeMYsXobzYlndMOyURFgfN9w+M2PPhey/B8RS9cQypf0rCG3wrkm5xDkf+XC53CHGJ2QDq6Q35Kfhl4KvfL9l4OOpMW5+zN1udjsRM1BPc9OVel+SHM8sECamtqjid2anlkK6tEh93rgl6kOPmMOMtew9+ejB7ImxPvYAepfaZP7aVQsdFX4OY5tpliAt4N4GV8Tr4gNCIyAZ5Jq+sEyFIOECSGp3x4BkXISE3iSRbVcuqFv5OEZZpYnFHBY9qO5UMAfod7U06wg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UcS+FuZsdEQcUWqfxNYDQ+w3ZBTkNWBb4m7wOk2931Y=; b=UnBSIFtR0aElHXx/yRoRhxQxbdX2Zs2GR1dVab5hsHA3Ol+YYvCdwcgx/R4cN/ivyr0/RBXSIADXrEI2ZAcNfZecMS+lhZV1uLF9gFko1CjZB4rgJAw6SLaHs/1Qmox4ywgByIro5Mn8nBI7IIm213LBG9jrFphlWAfRWFwQD66yYGjA0h5YFNi3U+bF3NHae9CXGo4nLyYUSlqfQxffbQQkH+WjCItWkoeP5oi5jz6n0z+oczBdQiw1GuXs3Y8Ikn+hB9XOxaXyU66ehDbLzD8Y41vFSnNc9BTM+PvyrlzpXurmTzIujmfr1eNClEfsTkW3ysmVeSqdxF3m/RXglA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UcS+FuZsdEQcUWqfxNYDQ+w3ZBTkNWBb4m7wOk2931Y=; b=ZOrUzRHvHj22yliZAV8I48r4NBNlJWmQAOz1DvKtJsn7W++Iz8hx9bXXKn2HX/1OUhsb9UJaM9rwtYSOQuPZAFqVM9ke+rekEt6BGQj0+/1H2jtz/jYxdBrIZXipUky0LdV3kxQs3kKGO0p72V8nqo2YU5XXgA2ndYEiSeWNa5A= Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Received: from AS8PR08MB6806.eurprd08.prod.outlook.com (2603:10a6:20b:39b::12) by PAWPR08MB9996.eurprd08.prod.outlook.com (2603:10a6:102:35a::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.37; Thu, 29 Jun 2023 10:24:13 +0000 Received: from AS8PR08MB6806.eurprd08.prod.outlook.com ([fe80::8ef4:aa57:6248:7850]) by AS8PR08MB6806.eurprd08.prod.outlook.com ([fe80::8ef4:aa57:6248:7850%4]) with mapi id 15.20.6544.019; Thu, 29 Jun 2023 10:24:13 +0000 Message-ID: <9bd1c268-e910-0f6a-bf61-e6c4a64afa76@arm.com> Date: Thu, 29 Jun 2023 11:24:09 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: [PATCH v1 3/8] MdePkg/DxeRngLib: Request raw algorithm instead of default To: pierre.gondois@arm.com, devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Jose Marinho , Samer El-Haj-Mahmoud , "nd@arm.com" References: <20230509074042.1523428-1-pierre.gondois@arm.com> <20230509074042.1523428-4-pierre.gondois@arm.com> From: "Sami Mujawar" In-Reply-To: <20230509074042.1523428-4-pierre.gondois@arm.com> X-ClientProxiedBy: LO2P123CA0060.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:1::24) To AS8PR08MB6806.eurprd08.prod.outlook.com (2603:10a6:20b:39b::12) MIME-Version: 1.0 X-MS-TrafficTypeDiagnostic: AS8PR08MB6806:EE_|PAWPR08MB9996:EE_|AM7EUR03FT065:EE_|DB9PR08MB6635:EE_ X-MS-Office365-Filtering-Correlation-Id: 7fbee2a9-9edf-4049-15ae-08db788b03d7 x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: 4mggc+e3oi2TKMr9bq/Byk8lVtDakvxnn5ys0zNZHe8cetviSP5RakwXd6BWtfSGp/lJWGmrvLywyvxVzwKun9KALWgcDM+1A2aE7OlIol65uHQIxnWeEM+9OXw9NvjeQhSdAqKsRGgEZgLX4Xl2pd4LVP+0ofqhotLk6poJA+r/Dv2FlioLFnWuGDlC+TlnwyQRsRQrAuBE6A9cYsXE/ReNwlsa1mGbSUgjTiyOfDULB8ybMMHGe9yTzowApzPvLqaaaKi4jibCAe7we8KxNX3g9e8YyT9H8ORdPeoyRzLSVE3VraEk8JBWhsnnzWEEm0CGGZ+lpPQNTzsp5dTQ24ZORqPERXXKqPBejaMIkIJs5Le3uv5uRbQCuFIbNRNvZPdypniAmjD3rdmdyBY2salpf4xL711KWKN9xPt0sBrZbAKKgQDXBqEy13/3KoknfC08pNUOoZ8qkCOS/w12Abl/Do4zKcgfI35zFI4odc5GGhwFwqvyF4zhQdUKboSflC5Eey1l5WreqXZjifRERPM/khKL5vuOUp0HRjbXtMqVGDsRIw5oS15s8zdAcbEgQWTaRkPdxwNJFTgNXuMHtvDwh5DR5afKAGmpG8RsgL6fubeHCkbnG4U8EStYQW8PNDb/E+7NUrSjfSHCscOeKA== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR08MB6806.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(346002)(366004)(39860400002)(376002)(396003)(136003)(451199021)(6666004)(36756003)(6486002)(26005)(2616005)(38100700002)(186003)(53546011)(6512007)(83380400001)(6506007)(86362001)(31696002)(478600001)(5660300002)(2906002)(31686004)(8676002)(316002)(4326008)(8936002)(41300700001)(66476007)(66946007)(19627235002)(66556008)(44832011)(54906003)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR08MB9996 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Return-Path: Sami.Mujawar@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM7EUR03FT065.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 6f72251b-6dfe-44b6-81cd-08db788afbcb X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 0uNuy3fh+QSrkOFoVDnB4IcxuSsSTb4pWBSAB2QTl3atRpQWChzjuWSAlFSCzm3EAIMK7p9z3Q60TCNijIUzrAvh7xj0FGXe0zqA6WuzISgsgMBQYwOAMtJ7AIW6+wemPNr/Xiaj8ECXhoJz7IF6Ig/it/U/YkxGG+q8FNDdwDsqWDhHCwpBJMFansbg+gu/JH959PmZ5aoYQnx5Ut+MccfI0V9yfddvXGFaWjXTsULQrh1wD0A9+YS4MsE5Ic8zq209vwoWrIikD43savMZEYvRwBg862MD8HdAuYnzC5ceECvrWsEhaawicZxVJKtO7v1Ox0qpD0diharmTycSDrXWdoN+YLvo6ci0dcbtbF0E6B0BQRnFzlss7OYrHktqccbH832lobYKdnFJBVB4DWMuOHXYiVG/ZzCj/JEC6UOYOFGbieRZOmJrzlWVMcTAVb4zqDVzp/YeQP2c4YuRKmzIBQ9TqejXMxhk7XeSxbDI+8dysfKp3j0BudIuGwB3w9M+MtRQupheEeJDMPFK0ogeNIt3gsDZky28LKQdrP2Q8shufPGZaq3Qe40/xxUnLyASlmI7c06ZWr4uDttI5IN4P38/k3uis6KzVtdEFf4rZyiHjkibnFdYU9awMHM1p11HlpqXkYNlEju1NzICvluAPLUH/jPgPFssC3ta1A14ZMG8Taj0pRfuCsL4XVnTB5TIdwM6F37gqZ784u/PYe1H9mNTuIV+GyDUTRbC7vJ3ZHETr5S5SMhZI/ZOS4uVKPTyt8jKl0qRhGHTs9U6Sg== X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230028)(4636009)(376002)(136003)(396003)(346002)(39860400002)(451199021)(46966006)(36840700001)(40470700004)(316002)(19627235002)(8676002)(70586007)(70206006)(6512007)(6506007)(186003)(4326008)(336012)(53546011)(26005)(8936002)(6486002)(54906003)(41300700001)(6666004)(40460700003)(82310400005)(44832011)(5660300002)(2906002)(40480700001)(2616005)(478600001)(356005)(81166007)(82740400003)(31696002)(86362001)(31686004)(36860700001)(36756003)(47076005)(83380400001)(43740500002);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Jun 2023 10:24:26.2646 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7fbee2a9-9edf-4049-15ae-08db788b03d7 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM7EUR03FT065.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB6635 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi Pierre, Thank you for this patch. These changes look good to me. Reviewed-by: Sami Mujawar Regards, Sami Mujawar On 09/05/2023 08:40 am, pierre.gondois@arm.com wrote: > From: Pierre Gondois > > The DxeRngLib tries to generate a random number using the 3 NIST > SP 800-90 compliant DRBG algorithms, i.e. 256-bits CTR, HASH and HMAC. > If none of the call is successful, the fallback option is the default > RNG algorithm of the EFI_RNG_PROTOCOL. This default algorithm might > be an unsafe implementation. > > Try requesting the Raw algorithm before requesting the default one. > > Signed-off-by: Pierre Gondois > --- > MdePkg/Library/DxeRngLib/DxeRngLib.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLib/DxeRngLib.c > index 46aea515924f..a01b66ad7d20 100644 > --- a/MdePkg/Library/DxeRngLib/DxeRngLib.c > +++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c > @@ -65,9 +65,15 @@ GenerateRandomNumberViaNist800Algorithm ( > return Status; > } > > + Status = RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmRaw, BufferSize, Buffer); > + DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Raw - Status = %r\n", __func__, Status)); > + if (!EFI_ERROR (Status)) { > + return Status; > + } > + > // If all the other methods have failed, use the default method from the RngProtocol > Status = RngProtocol->GetRNG (RngProtocol, NULL, BufferSize, Buffer); > - DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Hash-256 - Status = %r\n", __func__, Status)); > + DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status = %r\n", __func__, Status)); > if (!EFI_ERROR (Status)) { > return Status; > }