SecurityPkg RngDxe: Remove incorrect limitation on GetRng

Removed from gEfiRngAlgorithmRaw an incorrect assumption that Raw cannot return less than 256 bits. The DRNG Algorithms should always use a 256 bit seed as per nist standards however a caller is free to request less than 256 bits. > > // > // When a DRBG is used on the output of a entropy source, > // its security level must be at least 256 bits according to UEFI Spec. > // > if (RNGValueLength < 32) { > return EFI_INVALID_PARAMETER; > } > AARCH64 platforms do not have this limitation and this brings both implementations into alignment with each other and the spec. Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Pierre Gondois <pierre.gondois@arm.com> Acked-by: Jiewe Yao <Jiewen.yao@intel.com>
2025-07-28 08:04:07 +02:00 · 2024-05-20 11:07:38 -07:00 · 2024-05-20 11:07:38 -07:00 · a85336531c
commit a85336531c
parent e10d83234c
1 changed files with 0 additions and 8 deletions
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@ -116,14 +116,6 @@ RngGetRNG (
  // The "raw" algorithm is intended to provide entropy directly
  //
  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
-    //
-    // When a DRBG is used on the output of a entropy source,
-    // its security level must be at least 256 bits according to UEFI Spec.
-    //
-    if (RNGValueLength < 32) {
-      return EFI_INVALID_PARAMETER;
-    }
-
    Status = GenerateEntropy (RNGValueLength, RNGValue);
    return Status;
  }