Re: [edk2-devel] [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng

Thu, 23 May 2024 22:53:34 -0700 

Acked-by: Jiewe Yao <jiewen....@intel.com>

BTW: This patch is already got RB from below people. I suggest you can put them 
in commit directly.

Reviewed-by: Pierre Gondois <pierre.gond...@arm.com>
Reviewed-by: Ard Biesheuvel <a...@kernel.org>

Thank you
Yao, Jiewen

> -----Original Message-----
> From: Flickdm <doug.e...@gmail.com>
> Sent: Friday, May 24, 2024 1:45 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen....@intel.com>
> Subject: [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on
> GetRng
> 
> Removed from gEfiRngAlgorithmRaw an incorrect assumption that
> Raw cannot return less than 256 bits. The DRNG Algorithms
> should always use a 256 bit seed as per nist standards
> however a caller is free to request less than 256 bits.
> >
> >     //
> >    // When a DRBG is used on the output of a entropy source,
> >    // its security level must be at least 256 bits according to UEFI
> Spec.
> >    //
> >    if (RNGValueLength < 32) {
> >      return EFI_INVALID_PARAMETER;
> >    }
> >
> 
> AARCH64 platforms do not have this limitation and this brings both
> implementations into alignment with each other and the spec.
> 
> Cc: Jiewen Yao <jiewen....@intel.com>
> 
> Signed-off-by: Doug Flick [MSFT] <doug.e...@gmail.com>
> Reviewed-by: Ard Biesheuvel <a...@kernel.org>
> ---
>  SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 --------
>  1 file changed, 8 deletions(-)
> 
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> index 7e06e16e4b..5723ed6957 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> @@ -116,14 +116,6 @@ RngGetRNG (
>    // The "raw" algorithm is intended to provide entropy directly
> 
>    //
> 
>    if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
> 
> -    //
> 
> -    // When a DRBG is used on the output of a entropy source,
> 
> -    // its security level must be at least 256 bits according to UEFI Spec.
> 
> -    //
> 
> -    if (RNGValueLength < 32) {
> 
> -      return EFI_INVALID_PARAMETER;
> 
> -    }
> 
> -
> 
>      Status = GenerateEntropy (RNGValueLength, RNGValue);
> 
>      return Status;
> 
>    }
> 
> --
> 2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119246): https://edk2.groups.io/g/devel/message/119246
Mute This Topic: https://groups.io/mt/106276859/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to