From nobody Tue Feb 10 06:59:03 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+106859+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+106859+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1689168612; cv=none; d=zohomail.com; s=zohoarc; b=Bh3lLi0DIgYk78i94T1jxNByaae6J/nKCC6pIDPNWeRvJ6ba/9Mtt9Pog5i0+uvXjCZWVS1sF9+FaP1Hl65KDVO4lc4Exw7uCqmEAREV7QF+oM7DwaqndybayeEyTCeRbSQiY3Ur7c7bFXULLazjQ8LjC+nZdv7MrAiaZOG8DV0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1689168612; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=hFLnI+mMpfpqVkUw4Wbkae8kide6MQioFnCaX0QsRjA=; b=F+P9c47eubOgoTy4xfQAXhlnHgUIt4a0X/IX9JaulbMQk/bAc/x0eO0TQAhRYQYlS9Zib0cdPf2YjoeopSEX09VUojzgQxNQ4iMpOZx6BXT1yXTk4TO19rfGHwtkLA2rk1RHfEkTAXlnCAGGEye1RyhrX8TuWdcB3yU+86HHKjU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+106859+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1689168612775286.1853838711437; Wed, 12 Jul 2023 06:30:12 -0700 (PDT) Return-Path: DKIM-Signature: a=rsa-sha256; bh=J2Rw+XnsIEDWKjHmUmSwy0ofYuDnnjlDFa2QzRKduA0=; c=relaxed/simple; d=groups.io; h=X-Received:X-Received:X-Received:X-Received:From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:X-Gm-Message-State:Content-Transfer-Encoding; s=20140610; t=1689168612; v=1; b=e6S5YyjMMO85jMKwinG3w6gEH0p8+x5J5+nPmLwMfiJu9sCieK1kXbzrwdx1xOlhcHYtU7DE sMup5mPz2Ml89qRceRbS9cTFVTkoXgd4Cx7JyIH+a7y0CADwbiGOUVc4GOVMHS9mN7SRdRYY1Oh guDHzlnhzcr+noo3rsMPvlGI= X-Received: by 127.0.0.2 with SMTP id wqgsYY1788612x5UHFChBg6I; Wed, 12 Jul 2023 06:30:12 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.7379.1689168611892733007 for ; Wed, 12 Jul 2023 06:30:12 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 080F714BF; Wed, 12 Jul 2023 06:30:54 -0700 (PDT) X-Received: from e126645.home (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 05B1C3F67D; Wed, 12 Jul 2023 06:30:08 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Kun Qin , pierre.gondois@arm.com Subject: [edk2-devel] [PATCH v4 3/8] MdePkg/DxeRngLib: Request raw algorithm instead of default Date: Wed, 12 Jul 2023 15:29:42 +0200 Message-Id: <20230712132947.332643-4-pierre.gondois@arm.com> In-Reply-To: <20230712132947.332643-1-pierre.gondois@arm.com> References: <20230712132947.332643-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: rFB15whhYiXg1lXxDU52rfjcx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1689168614271100015 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois The DxeRngLib tries to generate a random number using the 3 NIST SP 800-90 compliant DRBG algorithms, i.e. 256-bits CTR, HASH and HMAC. If none of the call is successful, the fallback option is the default RNG algorithm of the EFI_RNG_PROTOCOL. This default algorithm might be an unsafe implementation. Try requesting the Raw algorithm before requesting the default one. Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar --- MdePkg/Library/DxeRngLib/DxeRngLib.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLi= b/DxeRngLib.c index 46aea515924f..a01b66ad7d20 100644 --- a/MdePkg/Library/DxeRngLib/DxeRngLib.c +++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c @@ -65,9 +65,15 @@ GenerateRandomNumberViaNist800Algorithm ( return Status; } =20 + Status =3D RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmRaw, Buffe= rSize, Buffer); + DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Raw - Status =3D %r\n", __func= __, Status)); + if (!EFI_ERROR (Status)) { + return Status; + } + // If all the other methods have failed, use the default method from the= RngProtocol Status =3D RngProtocol->GetRNG (RngProtocol, NULL, BufferSize, Buffer); - DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Hash-256 - Status =3D %r\n", _= _func__, Status)); + DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status =3D %r\n", __= func__, Status)); if (!EFI_ERROR (Status)) { return Status; } --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106859): https://edk2.groups.io/g/devel/message/106859 Mute This Topic: https://groups.io/mt/100099383/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-