From: Pierre Gondois <pierre.gond...@arm.com>
The DxeRngLib tries to generate a random number using the 3 NIST
SP 800-90 compliant DRBG algorithms, i.e. 256-bits CTR, HASH and HMAC.
If none of the call is successful, the fallback option is the default
RNG algorithm of the EFI_RNG_PROTOCOL. This default algorithm might
be an unsafe implementation.
Try requesting the Raw algorithm before requesting the default one.
Signed-off-by: Pierre Gondois <pierre.gond...@arm.com>
Reviewed-by: Sami Mujawar <sami.muja...@arm.com>
---
MdePkg/Library/DxeRngLib/DxeRngLib.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c
b/MdePkg/Library/DxeRngLib/DxeRngLib.c
index 46aea515924f..a01b66ad7d20 100644
--- a/MdePkg/Library/DxeRngLib/DxeRngLib.c
+++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c
@@ -65,9 +65,15 @@ GenerateRandomNumberViaNist800Algorithm (
return Status;
}
+ Status = RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmRaw, BufferSize,
Buffer);
+ DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Raw - Status = %r\n", __func__,
Status));
+ if (!EFI_ERROR (Status)) {
+ return Status;
+ }
+
// If all the other methods have failed, use the default method from the
RngProtocol
Status = RngProtocol->GetRNG (RngProtocol, NULL, BufferSize, Buffer);
- DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Hash-256 - Status = %r\n",
__func__, Status));
+ DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status = %r\n",
__func__, Status));
if (!EFI_ERROR (Status)) {
return Status;
}
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106859): https://edk2.groups.io/g/devel/message/106859
Mute This Topic: https://groups.io/mt/100099383/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
