From nobody Tue Feb 10 09:57:22 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+106687+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+106687+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1688633556; cv=none; d=zohomail.com; s=zohoarc; b=SV7AkGvMj+S2RjA4+ltdqDTlinB++l/7DZ7Iqn987rC9eikcf5aIiIWl5UD4VLe44pp63LewrJJdgwLXnVJrkNk+/fTEPI3KUtCB8mHJDJFQK0yiiNZiwOt9DWwXvuhAlQdXGQfHmkMiHfNtvTKPJzNyHWp94znzzJKoKuK9iHU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1688633556; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=oL3gB+iJBczVMPr9W5FZ0IqeHSJ/g4mVyjKBRSCb6Lo=; b=aI1ZMDsZUsV2Sfk67Av9VM6CkvTWHtEOMaPVOfV5MmNgL9WDUyu18D/eCl5T2OGH1TRibvBaXbwcH53Z5NhwuRE2jm4TtqQ10nSd7V3yrrYa99YEdDt0aw+y5xPOT03b8JCaMM7SXoYX+aAYxMnMong6W75L/CVUqvnGhz2YjYQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+106687+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1688633556543807.4905659807764; Thu, 6 Jul 2023 01:52:36 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id YmN3YY1788612x33JpWd6Faq; Thu, 06 Jul 2023 01:52:36 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.17196.1688633555621121298 for ; Thu, 06 Jul 2023 01:52:35 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 48C79DE0; Thu, 6 Jul 2023 01:53:17 -0700 (PDT) X-Received: from e126645.arm.com (unknown [10.57.86.190]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id D3AE53F73F; Thu, 6 Jul 2023 01:52:32 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Kun Qin Subject: [edk2-devel] [PATCH v3 2/6] MdePkg/DxeRngLib: Request raw algorithm instead of default Date: Thu, 6 Jul 2023 10:51:55 +0200 Message-Id: <20230706085159.626374-3-pierre.gondois@arm.com> In-Reply-To: <20230706085159.626374-1-pierre.gondois@arm.com> References: <20230706085159.626374-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: MIuI8yxEi73CghOeozSyP00jx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1688633556; bh=5F/rSKBh4JMheymDnbk7xaQWxayhxoYtpYrTrWlM94k=; h=Cc:Date:From:Reply-To:Subject:To; b=SU289jmqqNJbPO3KRu8rkybIcycxXxaot1CAfNqAtlaZn6ktMjWcz/rmDGUnpBC5CCX Hfe6uqcivJKdgT4rcMveaL/Hg3OHphgO5hClRyHZLVprQbfz9fIMHXDxerjoXSgOmfjQZ bgT50S2ufv/NKbv9hPtL4ZUaC8jandcgVoY= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1688633558128100001 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois The DxeRngLib tries to generate a random number using the 3 NIST SP 800-90 compliant DRBG algorithms, i.e. 256-bits CTR, HASH and HMAC. If none of the call is successful, the fallback option is the default RNG algorithm of the EFI_RNG_PROTOCOL. This default algorithm might be an unsafe implementation. Try requesting the Raw algorithm before requesting the default one. Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar --- MdePkg/Library/DxeRngLib/DxeRngLib.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLi= b/DxeRngLib.c index 46aea515924f..a01b66ad7d20 100644 --- a/MdePkg/Library/DxeRngLib/DxeRngLib.c +++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c @@ -65,9 +65,15 @@ GenerateRandomNumberViaNist800Algorithm ( return Status; } =20 + Status =3D RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmRaw, Buffe= rSize, Buffer); + DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Raw - Status =3D %r\n", __func= __, Status)); + if (!EFI_ERROR (Status)) { + return Status; + } + // If all the other methods have failed, use the default method from the= RngProtocol Status =3D RngProtocol->GetRNG (RngProtocol, NULL, BufferSize, Buffer); - DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Hash-256 - Status =3D %r\n", _= _func__, Status)); + DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status =3D %r\n", __= func__, Status)); if (!EFI_ERROR (Status)) { return Status; } --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106687): https://edk2.groups.io/g/devel/message/106687 Mute This Topic: https://groups.io/mt/99981853/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-