diff options
author | Flickdm <douglas.flick@microsoft.com> | 2024-05-20 11:07:38 -0700 |
---|---|---|
committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2024-05-24 15:48:52 +0000 |
commit | a85336531cf56e4bb04cf61ec3991a8104320dc4 (patch) | |
tree | a388a1f22fa5ecb891a0afa90a14e95940a91409 /SecurityPkg | |
parent | e10d83234c7e3caaf940df79f4b302fca3729fb0 (diff) | |
download | edk2-a85336531cf56e4bb04cf61ec3991a8104320dc4.zip edk2-a85336531cf56e4bb04cf61ec3991a8104320dc4.tar.gz edk2-a85336531cf56e4bb04cf61ec3991a8104320dc4.tar.bz2 |
SecurityPkg RngDxe: Remove incorrect limitation on GetRng
Removed from gEfiRngAlgorithmRaw an incorrect assumption that
Raw cannot return less than 256 bits. The DRNG Algorithms
should always use a 256 bit seed as per nist standards
however a caller is free to request less than 256 bits.
>
> //
> // When a DRBG is used on the output of a entropy source,
> // its security level must be at least 256 bits according to UEFI
Spec.
> //
> if (RNGValueLength < 32) {
> return EFI_INVALID_PARAMETER;
> }
>
AARCH64 platforms do not have this limitation and this brings both
implementations into alignment with each other and the spec.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Pierre Gondois <pierre.gondois@arm.com>
Acked-by: Jiewe Yao <Jiewen.yao@intel.com>
Diffstat (limited to 'SecurityPkg')
-rw-r--r-- | SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c index 7e06e16..5723ed6 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c @@ -116,14 +116,6 @@ RngGetRNG ( // The "raw" algorithm is intended to provide entropy directly
//
if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
- //
- // When a DRBG is used on the output of a entropy source,
- // its security level must be at least 256 bits according to UEFI Spec.
- //
- if (RNGValueLength < 32) {
- return EFI_INVALID_PARAMETER;
- }
-
Status = GenerateEntropy (RNGValueLength, RNGValue);
return Status;
}
|