From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 4230BD80047 for ; Fri, 24 May 2024 05:53:33 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=h43iuvN3HyjR0my+W41oixSNW2KcitQmqwoEP1RfTQo=; c=relaxed/simple; d=groups.io; h=From:To:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1716530011; v=1; b=oInAZ5DadxIimIciNvm8PotOnbomgPSdK4xpdWRnCSAlSgrIh28kth4ftr5KBYGR8wDRmO/d x+6ZxFl0KWn8nK/WVB5nzp1+rA3a5ZAp2Q2gS49s15yYzZGPr3HuV93uQ+UhNm9f+ceTA0BHHEd D9EyzKjjXkphj5tuYKzeitErcqn01glyfCBqyjZydiV6sWkfWWb32aFt83PW54qbRzYc7DJPmiq 5I9rQiMpgIJz/qxdNs9YQNgxVzx/Mo7W/lc3faCrg0/XsQNCTaj/3aYHHQgH4VVIV1TEhN/N2gG 0vz4EcmEK/Bm0JvjZX2Rt1yb2rrWGhU7pvP6FLpnc7ZuA== X-Received: by 127.0.0.2 with SMTP id n52gYY7687511xVgRM4icuhV; Thu, 23 May 2024 22:53:31 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.19]) by mx.groups.io with SMTP id smtpd.web11.9471.1716530011146086024 for ; Thu, 23 May 2024 22:53:31 -0700 X-CSE-ConnectionGUID: ZDhQy5k4QluFmIGfH0X3rw== X-CSE-MsgGUID: f25/xmHRQbWf386+6W316A== X-IronPort-AV: E=McAfee;i="6600,9927,11081"; a="12742183" X-IronPort-AV: E=Sophos;i="6.08,184,1712646000"; d="scan'208";a="12742183" X-Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa111.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 May 2024 22:53:31 -0700 X-CSE-ConnectionGUID: vhc67Q9mSAug39F8a0abXw== X-CSE-MsgGUID: T4noHE6jTZWrkHUROeenBQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,184,1712646000"; d="scan'208";a="38353837" X-Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmviesa003.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 23 May 2024 22:53:30 -0700 X-Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 23 May 2024 22:53:30 -0700 X-Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 23 May 2024 22:53:29 -0700 X-Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39 via Frontend Transport; Thu, 23 May 2024 22:53:29 -0700 X-Received: from NAM04-MW2-obe.outbound.protection.outlook.com (104.47.73.169) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.39; Thu, 23 May 2024 22:53:16 -0700 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by MN6PR11MB8244.namprd11.prod.outlook.com (2603:10b6:208:470::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7587.36; Fri, 24 May 2024 05:53:14 +0000 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::6444:ca4c:aa3e:f8d2]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::6444:ca4c:aa3e:f8d2%4]) with mapi id 15.20.7587.035; Fri, 24 May 2024 05:53:14 +0000 From: "Yao, Jiewen" To: Flickdm , "devel@edk2.groups.io" Subject: Re: [edk2-devel] [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng Thread-Topic: [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng Thread-Index: AQHarZ2qdokl6G4QwE+IZ08firpsHbGl4axQ Date: Fri, 24 May 2024 05:53:14 +0000 Message-ID: References: <20240524054512.523329-1-douglas.flick@microsoft.com> <20240524054512.523329-8-douglas.flick@microsoft.com> In-Reply-To: <20240524054512.523329-8-douglas.flick@microsoft.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|MN6PR11MB8244:EE_ x-ms-office365-filtering-correlation-id: 6f326150-2e1d-41bc-ae02-08dc7bb5cd4a x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: =?us-ascii?Q?U7pza/pLsV1yaNpLDr5/HhiD7esDS9DBTPozO6ZLJS2Xa4u5KX+A+5R8iRS3?= =?us-ascii?Q?U0nB1UuobPXgRPTh1u1MEr8BiwZVYltBoQ8/GvJXmHwQddFt0O5Pql2uDct4?= =?us-ascii?Q?PZezyByEaJevqwABW1LQEEXj4TwGHGpI+nIM/X9VL4xQ4EmXqGpgJE2W8MdF?= =?us-ascii?Q?QShQEycvJYhPHMZvY+7UR7kD/Ox5WTKZd5VfHZSp8G64hnjw56eFdbX7j1zq?= =?us-ascii?Q?J23cPrMn7eATXl0u7brP+bF0S+LLMJB8qaF+0cfKD0+rU9PCEto/PPMWjTZ/?= =?us-ascii?Q?qpPh8yVOtI6ayiERijdFHjF9Sk/EamGuWh0kGz8Vs1dRGSYOuDU2eH224ZKa?= =?us-ascii?Q?D366JpRpWKX2ujBHMv+TObObveSk2yN7WqEyz5om7tHvUlFShw5wmwV1SVRa?= =?us-ascii?Q?Kr+TyDv2WwLocmnUr2rcgzTPolpceOY6Yr9GJmjtnTHvvt5hsxFnAmwC1Utq?= =?us-ascii?Q?FgFkgi0XzFnGov3P8LI2iK4U1SW2RFhEvClv9R6nM8M3Si0eI89sr+9xbz3l?= =?us-ascii?Q?s6hEcAc5nzVt/DhardvnLnUa5Alqa1go0H+YnvU7tcvYbd5mGDopM2TtjLsQ?= =?us-ascii?Q?2qgwaMS0/sKXkJydNjMlPjHNFDZnqPoCfnxBoH9qrInYSxqGZIUkf8+iQbO/?= =?us-ascii?Q?SVSF/f97ETr6vzccJE6945RWFUN2NVo8nAyNjnLuuTR1b7l7LOZY/uil9W/o?= =?us-ascii?Q?PivThRQk1BdE9d+tFr5G9IDCoGF7ej/x5T74qWxGtgc+ZLFF8gzFoBaphBiH?= =?us-ascii?Q?9KWeM9MD3H0zu1cACB077+5PhBiaBSlVV1NnALgaQXRFaNoCo4bBSiSqdJYy?= =?us-ascii?Q?GG/G4jFcBsB1e5ucWCWHK0wOdIWKi6XZsCFUXXmVvb8Rmvu1YAhCOFTFH158?= =?us-ascii?Q?/QzQ1YTyTtuTczynXph3kX4xXH0lKF8OPh6olUN+hKd4LplNp3dWBaUTQiGq?= =?us-ascii?Q?ZvaHlfDtUOGFpXVbn7Bei92etTVuUJ0l63Kxit+Keh25+2cgofspuM4w+Xff?= =?us-ascii?Q?XyXJZZ/A8cC4nthfhdZRdpfN4LhpT896VZTaM2C5R8Bn3ajOfw191XX+YNeN?= =?us-ascii?Q?h50V5lcr1HDAhZApB3C2raV68Ya4g3I7BiEhxhAzHmy+VfucHzmyMwnR/HIs?= =?us-ascii?Q?5ZOhjl6MQAqoMayoEg8aj2J5Sb5kwJEijd9qHuJ4tSaWrMuPqsI80r6cP942?= =?us-ascii?Q?k39z6/mBMK1mqc80x7xh33gNMNPt645VxoOoRbLa+DE1xN2t6RUREY2B5Fam?= =?us-ascii?Q?UN1tY3GYi3w9ZewN270xA6eiw60cK37F7+XOjedYnFhaIIpevt+oXxzGk4fm?= =?us-ascii?Q?J3wO1Jpt9UNqGr/TbuZGtcOQpU9IT8Z84YNVBXAuO9olUw=3D=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?9hH14nzQI3fz+yyN/7TeFwwEXHf/BJ4iftU3L9U7AZUn/rxnhVJPe+fWFvNx?= =?us-ascii?Q?L/tUiksEypTH6gjqieVr5QEmdRkUhSjHXCwKf1bMGQ4/uDgbsy+eMtmCDkeu?= =?us-ascii?Q?zsUNywWZOfDZ/65w1rMmX1bIT+YQTeE8j+H2OXbDo5JP0QqNLs8u/eS5VbNE?= =?us-ascii?Q?DmlANCJX7Rsp2TV1Qed4MAtWxZSTcWPTPNmw58lGQf5Cpf7/XLWrDreJw02d?= =?us-ascii?Q?g48aHBkFvaNIlhH/wYECpsYbWCVLS9U2Wjc4fElrJV9E+VqAw7Xz97c0U+r6?= =?us-ascii?Q?1y58IHMIbWuWqSBpH55JNe0JFei3biEVbuz/YVMK7JxmguXkYS1TzTYj8A1d?= =?us-ascii?Q?09F82y7D5+Bk+vyaDPUng4vG+KBJhTqZNL9MSciIWnrYn/bLZEv5xgPi8jlK?= =?us-ascii?Q?HH1IdudrXCDozsc9oZeeHJ+AXwr7PPu0eBC16NbjeyLJPMlqAivo5fZu8mf/?= =?us-ascii?Q?I5fNtWucpI4PfC0BhYifOOAzmPgMix1mR/nvhVnPvzTQ26UtPC4p+clIZvoy?= =?us-ascii?Q?MS1Qex3h6hLnhHbUWUWDwTqhI9J4djf+6NbF5mtyaREyJX+tDaYdn2eAUu51?= =?us-ascii?Q?iy08GJpHBnevNtmUvBcmW0z/Ta6QA/ZRvBwcKEANH3uV/+5aSiCt+rbdHg7p?= =?us-ascii?Q?+6Lcur11Cb4ueIdC+KkiBBhmv4cw2GZwrKu5hwkGDjpS/gb03HoqohzgfZmq?= =?us-ascii?Q?agU1X1u2rmbQpYPURY61v+bswWFpCGhAsFnlZKuks/ClwpX1IoSmXlScbiUK?= =?us-ascii?Q?PpfwNt0sK9JNuY/mve2a3Dvf00zYL/cRGfocu1p6GjT4b5oxXVH805dFyl3G?= =?us-ascii?Q?MGkgzUOutID/MXaVStDbvSG2+yoV1JoEsuHvLSYgLWA3UDbYL7auT65l7gC6?= =?us-ascii?Q?DWUmzyqbwPiAmWJdZIFTS4bmN5M0wDqwYpDl09mA9m82AairKMJm3r/wNDhP?= =?us-ascii?Q?+WPCTQIwjGRM+VfRyCRWUjkWx30ouay/z6nIbH09XohhLbLy7qivDrZ7co2T?= =?us-ascii?Q?bSw/dETU6zQzdBXqDXR7DD2yZQ7hI5jS3WBAet/TXkLss2o98aI2sBlyhQpv?= =?us-ascii?Q?FE1cOQnbnqkC8XpSKJDAOSJySSxmkV1yP6d8OKdAgMraWnjuRQxW5yPn5/mz?= =?us-ascii?Q?ukO80mriD4gwAoQR8CRgfxx6EwRqrl3/WDin7xtfCViyMU5rTuo5zOHij5U2?= =?us-ascii?Q?AyqtdAtVGEs3kLROFFy9uIHWNrmRjhNbMlReYXYWP2AWJUGv6qNWxL4a0RE4?= =?us-ascii?Q?15VpvXLvUrQFACVCzDrmuIurLrf4nD9yQzOZOVnzBB5rEmUlqIDR+7yAVcV9?= =?us-ascii?Q?dJNZ8U8v+pxp2bvaaO9/gk2EKhFhNDj5iD/60pRBmdoCnIY/TQs26VTh3V9s?= =?us-ascii?Q?U/myfK5rhw2IcsDd05bK7GkY8ylNp3yb89VPKrS8b7aCp62IyEV3Q7AxKzF0?= =?us-ascii?Q?khdX1sPT/Z7R7d/6TAcNHbvppCB2SBYCmtkqLbi9d2k1pDsL/wwAqmMHGc2l?= =?us-ascii?Q?1ZDnBGKDgay2/1NDMuh8Pl2b3aptyqXPyD3ToAVbZ/MYhS4P4qzjHXhhsXeU?= =?us-ascii?Q?ft2pnY0znJ/rimTn0d3EBNid1wkuLy5FQR4uONpx?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6f326150-2e1d-41bc-ae02-08dc7bb5cd4a X-MS-Exchange-CrossTenant-originalarrivaltime: 24 May 2024 05:53:14.3150 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 04FVmsu4MWB4oFQDeEiIMsgX4Jak5hWSC5uuxnHE81JkPd401sKJljQxBTOcXk6U3q3Y9sitWFbQs5XybNI5vw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN6PR11MB8244 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Thu, 23 May 2024 22:53:31 -0700 Resent-From: jiewen.yao@intel.com Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: gTiQrqUpicyZaGWr01eG9bI3x7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=oInAZ5Da; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none) Acked-by: Jiewe Yao BTW: This patch is already got RB from below people. I suggest you can put = them in commit directly. Reviewed-by: Pierre Gondois Reviewed-by: Ard Biesheuvel Thank you Yao, Jiewen > -----Original Message----- > From: Flickdm > Sent: Friday, May 24, 2024 1:45 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen > Subject: [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitatio= n on > GetRng >=20 > Removed from gEfiRngAlgorithmRaw an incorrect assumption that > Raw cannot return less than 256 bits. The DRNG Algorithms > should always use a 256 bit seed as per nist standards > however a caller is free to request less than 256 bits. > > > > // > > // When a DRBG is used on the output of a entropy source, > > // its security level must be at least 256 bits according to UEFI > Spec. > > // > > if (RNGValueLength < 32) { > > return EFI_INVALID_PARAMETER; > > } > > >=20 > AARCH64 platforms do not have this limitation and this brings both > implementations into alignment with each other and the spec. >=20 > Cc: Jiewen Yao >=20 > Signed-off-by: Doug Flick [MSFT] > Reviewed-by: Ard Biesheuvel > --- > SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 -------- > 1 file changed, 8 deletions(-) >=20 > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c > b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c > index 7e06e16e4b..5723ed6957 100644 > --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c > @@ -116,14 +116,6 @@ RngGetRNG ( > // The "raw" algorithm is intended to provide entropy directly >=20 > // >=20 > if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) { >=20 > - // >=20 > - // When a DRBG is used on the output of a entropy source, >=20 > - // its security level must be at least 256 bits according to UEFI Sp= ec. >=20 > - // >=20 > - if (RNGValueLength < 32) { >=20 > - return EFI_INVALID_PARAMETER; >=20 > - } >=20 > - >=20 > Status =3D GenerateEntropy (RNGValueLength, RNGValue); >=20 > return Status; >=20 > } >=20 > -- > 2.34.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119246): https://edk2.groups.io/g/devel/message/119246 Mute This Topic: https://groups.io/mt/106276859/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-