edk2/edk2-SecurityPkg-RngDxe-Rename-RdRandGenerateEntropy-to-g.patch

From 2a5e4e144cbea46784fde638765a9c9068ed2869 Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Tue, 25 Jun 2024 22:19:10 -0400
Subject: [PATCH 05/31] SecurityPkg/RngDxe: Rename RdRandGenerateEntropy to
 generic name

RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [5/31] 12b8646964435f1a70def57afb9f4565b11c5dc8

JIRA: https://issues.redhat.com/browse/RHEL-21856
CVE: CVE-2022-45237
Upstream: Merged

commit 8a89747844a5061791e55a25daedcf895180a794
Author: Sami Mujawar <sami.mujawar@arm.com>
Date:   Fri Oct 28 17:32:50 2022 +0200

    SecurityPkg/RngDxe: Rename RdRandGenerateEntropy to generic name

    Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668)

    Rename RdRandGenerateEntropy() to GenerateEntropy() to provide a
    common interface to generate entropy on other architectures.
    GenerateEntropy() is intended to generate high quality entropy.

    Also move the definition to RngDxeInternals.h

    Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
    Acked-by: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
 .../RngDxe/Rand/RdRand.c                      | 20 ++++++++++++-----
 .../RngDxe/Rand/RngDxe.c                      |  7 ++++--
 .../RandomNumberGenerator/RngDxe/RngDxe.inf   |  2 +-
 .../RngDxe/RngDxeInternals.h                  | 22 ++++++++++++++++++-
 4 files changed, 41 insertions(+), 10 deletions(-)

diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
index 83025a47d4..853bf43148 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
@@ -1,15 +1,23 @@
 /** @file
-  Support routines for RDRAND instruction access.
-
+  Support routines for RDRAND instruction access, which will leverage
+  Intel Secure Key technology to provide high-quality random numbers for use
+  in applications, or entropy for seeding other random number generators.
+  Refer to http://software.intel.com/en-us/articles/intel-digital-random-number
+  -generator-drng-software-implementation-guide/ for more information about Intel
+  Secure Key technology.
+
+Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
 Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
 (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
 #include <Library/RngLib.h>
+#include <Library/TimerLib.h>
 
 #include "AesCore.h"
-#include "RdRand.h"
 #include "RngDxeInternals.h"
 
 /**
@@ -87,9 +95,9 @@ RdRandGetSeed128 (
 **/
 EFI_STATUS
 EFIAPI
-RdRandGenerateEntropy (
-  IN UINTN         Length,
-  OUT UINT8        *Entropy
+GenerateEntropy (
+  IN UINTN   Length,
+  OUT UINT8  *Entropy
   )
 {
   EFI_STATUS  Status;
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
index 834123b945..19755b3bfd 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -14,13 +14,16 @@
    - EFI_RNG_ALGORITHM_X9_31_3DES_GUID        - Unsupported
    - EFI_RNG_ALGORITHM_X9_31_AES_GUID         - Unsupported
 
+  Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
   Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
   (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
 
-#include "RdRand.h"
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+
 #include "RngDxeInternals.h"
 
 /**
@@ -88,7 +91,7 @@ RngGetRNG (
       return EFI_INVALID_PARAMETER;
     }
 
-    Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
+    Status = GenerateEntropy (RNGValueLength, RNGValue);
     return Status;
   }
 
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
index f330097199..60efb5562e 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
@@ -10,6 +10,7 @@
 #
 #  Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
 #  (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+#  Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -36,7 +37,6 @@
 [Sources.IA32, Sources.X64]
   Rand/RngDxe.c
   Rand/RdRand.c
-  Rand/RdRand.h
   Rand/AesCore.c
   Rand/AesCore.h
 
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
index 25cccbe92c..fcb8b69153 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
@@ -10,6 +10,8 @@
 #ifndef RNGDXE_INTERNALS_H_
 #define RNGDXE_INTERNALS_H_
 
+#include <Protocol/Rng.h>
+
 /**
   Returns information about the random number generation implementation.
 
@@ -114,4 +116,22 @@ RngGetBytes (
   OUT UINT8        *RandBuffer
   );
 
-#endif  // RNGDXE_INTERNALS_H_
+/**
+  Generate high-quality entropy source using a TRNG or through RDRAND.
+
+  @param[in]   Length        Size of the buffer, in bytes, to fill with.
+  @param[out]  Entropy       Pointer to the buffer to store the entropy data.
+
+  @retval EFI_SUCCESS        Entropy generation succeeded.
+  @retval EFI_NOT_READY      Failed to request random data.
+
+**/
+EFI_STATUS
+EFIAPI
+GenerateEntropy (
+  IN UINTN   Length,
+  OUT UINT8  *Entropy
+  );
+
+#endif // RNGDXE_INTERNALS_H_
+
-- 
2.39.3
* Wed Jul 03 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20220126gitbb1bba3d77-13.el8_10.1 - edk2-MdeModulePkg-Change-use-of-EFI_D_-to-DEBUG_.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-Apply-uncrustify-changes.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-NetworkPkg-Apply-uncrustify-changes.p2.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Rename-RdRandGenerateEntropy-to-g.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Remove-ArchGetSupportedRngAlgorit.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Documentation-include-parameter-c.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Check-before-advertising-Cpu-Rng-.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Add-AArch64-RawAlgorithm-support-.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Add-debug-warning-for-NULL-PcdCpu.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Rename-AArch64-RngDxe.c.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Add-Arm-support-of-RngDxe.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Correctly-update-mAvailableAlgoAr.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Conditionally-install-EFI_RNG_PRO.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdeModulePkg-Duplicate-BaseRngLibTimerLib-to-MdeModu.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-Add-deprecated-warning-to-BaseRngLibTimer.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-SecurityPkg.dec-Move-PcdCpuRngSupportedA.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-DxeRngLib-Request-raw-algorithm-instead-of-de.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-Rng-Add-GUID-to-describe-Arm-Rndr-Rng-algorit.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdeModulePkg-Rng-Add-GUID-to-describe-unsafe-Rng-alg.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-Rng-Add-GetRngGuid-to-RngLib.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Use-GetRngGuid-when-probing-RngLi.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Simplify-Rng-algorithm-selection-.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-add-rng-test.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-OvmfPkg-wire-up-RngDxe.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch [RHEL-21854 RHEL-21856 RHEL-40099] - Resolves: RHEL-21854 (CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-8]) - Resolves: RHEL-21856 (CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-8]) - Resolves: RHEL-40099 (CVE-2024-1298 edk2: Temporary DoS vulnerability [rhel-8.10.z]) 2024-07-03 12:35:29 +00:00			`From 2a5e4e144cbea46784fde638765a9c9068ed2869 Mon Sep 17 00:00:00 2001`
			`From: Jon Maloy <jmaloy@redhat.com>`
			`Date: Tue, 25 Jun 2024 22:19:10 -0400`
			`Subject: [PATCH 05/31] SecurityPkg/RngDxe: Rename RdRandGenerateEntropy to`
			`generic name`

			`RH-Author: Jon Maloy <jmaloy@redhat.com>`
			`RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes`
			`RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099`
			`RH-Acked-by: Gerd Hoffmann <None>`
			`RH-Commit: [5/31] 12b8646964435f1a70def57afb9f4565b11c5dc8`

			`JIRA: https://issues.redhat.com/browse/RHEL-21856`
			`CVE: CVE-2022-45237`
			`Upstream: Merged`

			`commit 8a89747844a5061791e55a25daedcf895180a794`
			`Author: Sami Mujawar <sami.mujawar@arm.com>`
			`Date: Fri Oct 28 17:32:50 2022 +0200`

			`SecurityPkg/RngDxe: Rename RdRandGenerateEntropy to generic name`

			`Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668)`

			`Rename RdRandGenerateEntropy() to GenerateEntropy() to provide a`
			`common interface to generate entropy on other architectures.`
			`GenerateEntropy() is intended to generate high quality entropy.`

			`Also move the definition to RngDxeInternals.h`

			`Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>`
			`Acked-by: Jiewen Yao <jiewen.yao@intel.com>`

			`Signed-off-by: Jon Maloy <jmaloy@redhat.com>`
			`---`
			`.../RngDxe/Rand/RdRand.c \| 20 ++++++++++++-----`
			`.../RngDxe/Rand/RngDxe.c \| 7 ++++--`
			`.../RandomNumberGenerator/RngDxe/RngDxe.inf \| 2 +-`
			`.../RngDxe/RngDxeInternals.h \| 22 ++++++++++++++++++-`
			`4 files changed, 41 insertions(+), 10 deletions(-)`

			`diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c`
			`index 83025a47d4..853bf43148 100644`
			`--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c`
			`+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c`
			`@@ -1,15 +1,23 @@`
			`/** @file`
			`- Support routines for RDRAND instruction access.`
			`-`
			`+ Support routines for RDRAND instruction access, which will leverage`
			`+ Intel Secure Key technology to provide high-quality random numbers for use`
			`+ in applications, or entropy for seeding other random number generators.`
			`+ Refer to http://software.intel.com/en-us/articles/intel-digital-random-number`
			`+ -generator-drng-software-implementation-guide/ for more information about Intel`
			`+ Secure Key technology.`
			`+`
			`+Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>`
			`Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>`
			`(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>`
			`SPDX-License-Identifier: BSD-2-Clause-Patent`

			`**/`
			`+#include <Library/BaseLib.h>`
			`+#include <Library/BaseMemoryLib.h>`
			`#include <Library/RngLib.h>`
			`+#include <Library/TimerLib.h>`

			`#include "AesCore.h"`
			`-#include "RdRand.h"`
			`#include "RngDxeInternals.h"`

			`/**`
			`@@ -87,9 +95,9 @@ RdRandGetSeed128 (`
			`**/`
			`EFI_STATUS`
			`EFIAPI`
			`-RdRandGenerateEntropy (`
			`- IN UINTN Length,`
			`- OUT UINT8 *Entropy`
			`+GenerateEntropy (`
			`+ IN UINTN Length,`
			`+ OUT UINT8 *Entropy`
			`)`
			`{`
			`EFI_STATUS Status;`
			`diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c`
			`index 834123b945..19755b3bfd 100644`
			`--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c`
			`+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c`
			`@@ -14,13 +14,16 @@`
			`- EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported`
			`- EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported`

			`+ Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>`
			`Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>`
			`(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>`
			`SPDX-License-Identifier: BSD-2-Clause-Patent`

			`**/`

			`-#include "RdRand.h"`
			`+#include <Library/BaseLib.h>`
			`+#include <Library/BaseMemoryLib.h>`
			`+`
			`#include "RngDxeInternals.h"`

			`/**`
			`@@ -88,7 +91,7 @@ RngGetRNG (`
			`return EFI_INVALID_PARAMETER;`
			`}`

			`- Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);`
			`+ Status = GenerateEntropy (RNGValueLength, RNGValue);`
			`return Status;`
			`}`

			`diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf`
			`index f330097199..60efb5562e 100644`
			`--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf`
			`+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf`
			`@@ -10,6 +10,7 @@`
			`#`
			`# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>`
			`# (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>`
			`+# Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>`
			`# SPDX-License-Identifier: BSD-2-Clause-Patent`
			`#`
			`##`
			`@@ -36,7 +37,6 @@`
			`[Sources.IA32, Sources.X64]`
			`Rand/RngDxe.c`
			`Rand/RdRand.c`
			`- Rand/RdRand.h`
			`Rand/AesCore.c`
			`Rand/AesCore.h`

			`diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h`
			`index 25cccbe92c..fcb8b69153 100644`
			`--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h`
			`+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h`
			`@@ -10,6 +10,8 @@`
			`#ifndef RNGDXE_INTERNALS_H_`
			`#define RNGDXE_INTERNALS_H_`

			`+#include <Protocol/Rng.h>`
			`+`
			`/**`
			`Returns information about the random number generation implementation.`

			`@@ -114,4 +116,22 @@ RngGetBytes (`
			`OUT UINT8 *RandBuffer`
			`);`

			`-#endif // RNGDXE_INTERNALS_H_`
			`+/**`
			`+ Generate high-quality entropy source using a TRNG or through RDRAND.`
			`+`
			`+ @param[in] Length Size of the buffer, in bytes, to fill with.`
			`+ @param[out] Entropy Pointer to the buffer to store the entropy data.`
			`+`
			`+ @retval EFI_SUCCESS Entropy generation succeeded.`
			`+ @retval EFI_NOT_READY Failed to request random data.`
			`+`
			`+**/`
			`+EFI_STATUS`
			`+EFIAPI`
			`+GenerateEntropy (`
			`+ IN UINTN Length,`
			`+ OUT UINT8 *Entropy`
			`+ );`
			`+`
			`+#endif // RNGDXE_INTERNALS_H_`
			`+`
			`--`
			`2.39.3`