From nobody Tue Feb 10 03:38:33 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+106633+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+106633+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1688460741; cv=none; d=zohomail.com; s=zohoarc; b=k3yM3pzIzgI2RjtTOcitUhTF0vT6jIlrYZPAizd0660Mpfq4gAiiqFkIQCY65i6fBtr2TqJfmRxgARoi0nXPa2fQLAnU6gCmDqL5ZW3od43A0pJeamihKXqcFjFg73bSUVP4n8yswGTe3f58qe8MziHAff1Z9QmNMP+6e9EAisM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1688460741; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=WABV1YmL+0u0/68WxxFd6sanMGmIsxszdAOd5M1qw5s=; b=nZnVcRfmJZn1l/LxCAkqjOupqz62+Oi4ZOHKpony+zOc12jIHyLOAj/gb7gz7MqOoDRBOs0OKA1wS8fy96R5AI7fbmgpz5J0Q7awrRlawRKuqAXuCpqKqMmy3D1R6vRzcUvPnR2Q2UI2Ii8+Ge+jr8jq1IxfhL4IKCZIQYczyZg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+106633+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1688460741404419.9391717654677; Tue, 4 Jul 2023 01:52:21 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id UfICYY1788612xytkhFPNeiK; Tue, 04 Jul 2023 01:52:21 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.54421.1688460740619705099 for ; Tue, 04 Jul 2023 01:52:20 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 977441474; Tue, 4 Jul 2023 01:53:02 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.101]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id B11153F73F; Tue, 4 Jul 2023 01:52:18 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Kun Qin Subject: [edk2-devel] [PATCH v2 2/6] MdePkg/DxeRngLib: Request raw algorithm instead of default Date: Tue, 4 Jul 2023 10:51:57 +0200 Message-Id: <20230704085201.260801-3-pierre.gondois@arm.com> In-Reply-To: <20230704085201.260801-1-pierre.gondois@arm.com> References: <20230704085201.260801-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: SWYH4JDlHBBH1C8PvOE4CSmux1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1688460741; bh=Q3yptlwz3K8dryCbSFlT8Pt9jcfcnwPUDaXqVXLuk8c=; h=Cc:Date:From:Reply-To:Subject:To; b=UWPQGm0C9Rk6yYm+5DWe/LPhBUtfP5qraoEuubgN9U6FfpX5I0aWEFpz7b1xEOPYaV7 PBhlusZQvFf/+h8h4yD1pdhisN5XK3RUto6YwfOaqA7n7Zi7zagtpMC6IwR2aVAx7BK1r 326/mLmseYEIQ6obSVo2rnAvApUHfQyoa5o= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1688460742317100011 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois The DxeRngLib tries to generate a random number using the 3 NIST SP 800-90 compliant DRBG algorithms, i.e. 256-bits CTR, HASH and HMAC. If none of the call is successful, the fallback option is the default RNG algorithm of the EFI_RNG_PROTOCOL. This default algorithm might be an unsafe implementation. Try requesting the Raw algorithm before requesting the default one. Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar --- MdePkg/Library/DxeRngLib/DxeRngLib.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLi= b/DxeRngLib.c index 46aea515924f..a01b66ad7d20 100644 --- a/MdePkg/Library/DxeRngLib/DxeRngLib.c +++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c @@ -65,9 +65,15 @@ GenerateRandomNumberViaNist800Algorithm ( return Status; } =20 + Status =3D RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmRaw, Buffe= rSize, Buffer); + DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Raw - Status =3D %r\n", __func= __, Status)); + if (!EFI_ERROR (Status)) { + return Status; + } + // If all the other methods have failed, use the default method from the= RngProtocol Status =3D RngProtocol->GetRNG (RngProtocol, NULL, BufferSize, Buffer); - DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Hash-256 - Status =3D %r\n", _= _func__, Status)); + DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status =3D %r\n", __= func__, Status)); if (!EFI_ERROR (Status)) { return Status; } --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106633): https://edk2.groups.io/g/devel/message/106633 Mute This Topic: https://groups.io/mt/99943074/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-