tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MdePkg/DxeRngLib: Request raw algorithm instead of default 

The DxeRngLib tries to generate a random number using the 3 NIST
SP 800-90 compliant DRBG algorithms, i.e. 256-bits CTR, HASH and HMAC.
If none of the call is successful, the fallback option is the default
RNG algorithm of the EFI_RNG_PROTOCOL. This default algorithm might
be an unsafe implementation.

Try requesting the Raw algorithm before requesting the default one.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Kun Qin <kun.qin@microsoft.com>
This commit is contained in:
Pierre Gondois 2023-08-11 16:33:05 +02:00 committed by mergify[bot]
parent 65b5dd828e
commit bd1f0eecc1
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
MdePkg/Library/DxeRngLib/DxeRngLib.c
View File

@ -65,9 +65,15 @@ GenerateRandomNumberViaNist800Algorithm (
return Status;
}
Status = RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmRaw, BufferSize, Buffer);
DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Raw - Status = %r\n", __func__, Status));
if (!EFI_ERROR (Status)) {
return Status;
}
// If all the other methods have failed, use the default method from the RngProtocol
Status = RngProtocol->GetRNG (RngProtocol, NULL, BufferSize, Buffer);
DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Hash-256 - Status = %r\n", __func__, Status));
DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status = %r\n", __func__, Status));
if (!EFI_ERROR (Status)) {
return Status;
}