SecurityPkg RngDxe: Remove incorrect limitation on GetRng

Removed from gEfiRngAlgorithmRaw an incorrect assumption that
Raw cannot return less than 256 bits. The DRNG Algorithms
should always use a 256 bit seed as per nist standards
however a caller is free to request less than 256 bits.
>
>     //
>    // When a DRBG is used on the output of a entropy source,
>    // its security level must be at least 256 bits according to UEFI
Spec.
>    //
>    if (RNGValueLength < 32) {
>      return EFI_INVALID_PARAMETER;
>    }
>

AARCH64 platforms do not have this limitation and this brings both
implementations into alignment with each other and the spec.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Pierre Gondois <pierre.gondois@arm.com>
Acked-by: Jiewe Yao <Jiewen.yao@intel.com>

1 files changed, 0 insertions, 8 deletions

diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
index 7e06e16..5723ed6 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -116,14 +116,6 @@ RngGetRNG (
   // The "raw" algorithm is intended to provide entropy directly

   //

   if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {

-    //

-    // When a DRBG is used on the output of a entropy source,

-    // its security level must be at least 256 bits according to UEFI Spec.

-    //

-    if (RNGValueLength < 32) {

-      return EFI_INVALID_PARAMETER;

-    }

-

     Status = GenerateEntropy (RNGValueLength, RNGValue);

     return Status;

   }