Re: [edk2-devel] [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng
Acked-by: Jiewe Yao
BTW: This patch is already got RB from below people. I suggest you can put them
in commit directly.
Reviewed-by: Pierre Gondois
Reviewed-by: Ard Biesheuvel
Thank you
Yao, Jiewen
> -Original Message-
> From: Flickdm
> Sent: Friday, May 24, 2024 1:45 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen
> Subject: [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on
> GetRng
>
> Removed from gEfiRngAlgorithmRaw an incorrect assumption that
> Raw cannot return less than 256 bits. The DRNG Algorithms
> should always use a 256 bit seed as per nist standards
> however a caller is free to request less than 256 bits.
> >
> > //
> >// When a DRBG is used on the output of a entropy source,
> >// its security level must be at least 256 bits according to UEFI
> Spec.
> >//
> >if (RNGValueLength < 32) {
> > return EFI_INVALID_PARAMETER;
> >}
> >
>
> AARCH64 platforms do not have this limitation and this brings both
> implementations into alignment with each other and the spec.
>
> Cc: Jiewen Yao
>
> Signed-off-by: Doug Flick [MSFT]
> Reviewed-by: Ard Biesheuvel
> ---
> SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8
> 1 file changed, 8 deletions(-)
>
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> index 7e06e16e4b..5723ed6957 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> @@ -116,14 +116,6 @@ RngGetRNG (
>// The "raw" algorithm is intended to provide entropy directly
>
>//
>
>if (CompareGuid (RNGAlgorithm, )) {
>
> -//
>
> -// When a DRBG is used on the output of a entropy source,
>
> -// its security level must be at least 256 bits according to UEFI Spec.
>
> -//
>
> -if (RNGValueLength < 32) {
>
> - return EFI_INVALID_PARAMETER;
>
> -}
>
> -
>
> Status = GenerateEntropy (RNGValueLength, RNGValue);
>
> return Status;
>
>}
>
> --
> 2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119246): https://edk2.groups.io/g/devel/message/119246
Mute This Topic: https://groups.io/mt/106276859/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng
Removed from gEfiRngAlgorithmRaw an incorrect assumption that
Raw cannot return less than 256 bits. The DRNG Algorithms
should always use a 256 bit seed as per nist standards
however a caller is free to request less than 256 bits.
>
> //
>// When a DRBG is used on the output of a entropy source,
>// its security level must be at least 256 bits according to UEFI
Spec.
>//
>if (RNGValueLength < 32) {
> return EFI_INVALID_PARAMETER;
>}
>
AARCH64 platforms do not have this limitation and this brings both
implementations into alignment with each other and the spec.
Cc: Jiewen Yao
Signed-off-by: Doug Flick [MSFT]
Reviewed-by: Ard Biesheuvel
---
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8
1 file changed, 8 deletions(-)
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
index 7e06e16e4b..5723ed6957 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -116,14 +116,6 @@ RngGetRNG (
// The "raw" algorithm is intended to provide entropy directly
//
if (CompareGuid (RNGAlgorithm, )) {
-//
-// When a DRBG is used on the output of a entropy source,
-// its security level must be at least 256 bits according to UEFI Spec.
-//
-if (RNGValueLength < 32) {
- return EFI_INVALID_PARAMETER;
-}
-
Status = GenerateEntropy (RNGValueLength, RNGValue);
return Status;
}
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119234): https://edk2.groups.io/g/devel/message/119234
Mute This Topic: https://groups.io/mt/106276859/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng
Removed from gEfiRngAlgorithmRaw an incorrect assumption that
Raw cannot return less than 256 bits. The DRNG Algorithms
should always use a 256 bit seed as per nist standards
however a caller is free to request less than 256 bits.
>
> //
>// When a DRBG is used on the output of a entropy source,
>// its security level must be at least 256 bits according to UEFI
Spec.
>//
>if (RNGValueLength < 32) {
> return EFI_INVALID_PARAMETER;
>}
>
AARCH64 platforms do not have this limitation and this brings both
implementations into alignment with each other and the spec.
Cc: Jiewen Yao
Signed-off-by: Doug Flick [MSFT]
Reviewed-by: Ard Biesheuvel
---
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8
1 file changed, 8 deletions(-)
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
index 7e06e16e4b..5723ed6957 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -116,14 +116,6 @@ RngGetRNG (
// The "raw" algorithm is intended to provide entropy directly
//
if (CompareGuid (RNGAlgorithm, )) {
-//
-// When a DRBG is used on the output of a entropy source,
-// its security level must be at least 256 bits according to UEFI Spec.
-//
-if (RNGValueLength < 32) {
- return EFI_INVALID_PARAMETER;
-}
-
Status = GenerateEntropy (RNGValueLength, RNGValue);
return Status;
}
--
2.34.1
