8e51a8153a
- edk2-MdeModulePkg-Change-use-of-EFI_D_-to-DEBUG_.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-Apply-uncrustify-changes.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-NetworkPkg-Apply-uncrustify-changes.p2.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Rename-RdRandGenerateEntropy-to-g.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Remove-ArchGetSupportedRngAlgorit.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Documentation-include-parameter-c.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Check-before-advertising-Cpu-Rng-.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Add-AArch64-RawAlgorithm-support-.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Add-debug-warning-for-NULL-PcdCpu.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Rename-AArch64-RngDxe.c.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Add-Arm-support-of-RngDxe.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Correctly-update-mAvailableAlgoAr.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Conditionally-install-EFI_RNG_PRO.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdeModulePkg-Duplicate-BaseRngLibTimerLib-to-MdeModu.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-Add-deprecated-warning-to-BaseRngLibTimer.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-SecurityPkg.dec-Move-PcdCpuRngSupportedA.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-DxeRngLib-Request-raw-algorithm-instead-of-de.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-Rng-Add-GUID-to-describe-Arm-Rndr-Rng-algorit.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdeModulePkg-Rng-Add-GUID-to-describe-unsafe-Rng-alg.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-Rng-Add-GetRngGuid-to-RngLib.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Use-GetRngGuid-when-probing-RngLi.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Simplify-Rng-algorithm-selection-.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-add-rng-test.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-OvmfPkg-wire-up-RngDxe.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch [RHEL-21854 RHEL-21856 RHEL-40099] - Resolves: RHEL-21854 (CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-8]) - Resolves: RHEL-21856 (CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-8]) - Resolves: RHEL-40099 (CVE-2024-1298 edk2: Temporary DoS vulnerability [rhel-8.10.z])
177 lines
5.9 KiB
Diff
177 lines
5.9 KiB
Diff
From 2a5e4e144cbea46784fde638765a9c9068ed2869 Mon Sep 17 00:00:00 2001
|
|
From: Jon Maloy <jmaloy@redhat.com>
|
|
Date: Tue, 25 Jun 2024 22:19:10 -0400
|
|
Subject: [PATCH 05/31] SecurityPkg/RngDxe: Rename RdRandGenerateEntropy to
|
|
generic name
|
|
|
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
|
RH-Acked-by: Gerd Hoffmann <None>
|
|
RH-Commit: [5/31] 12b8646964435f1a70def57afb9f4565b11c5dc8
|
|
|
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
|
CVE: CVE-2022-45237
|
|
Upstream: Merged
|
|
|
|
commit 8a89747844a5061791e55a25daedcf895180a794
|
|
Author: Sami Mujawar <sami.mujawar@arm.com>
|
|
Date: Fri Oct 28 17:32:50 2022 +0200
|
|
|
|
SecurityPkg/RngDxe: Rename RdRandGenerateEntropy to generic name
|
|
|
|
Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668)
|
|
|
|
Rename RdRandGenerateEntropy() to GenerateEntropy() to provide a
|
|
common interface to generate entropy on other architectures.
|
|
GenerateEntropy() is intended to generate high quality entropy.
|
|
|
|
Also move the definition to RngDxeInternals.h
|
|
|
|
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
|
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
|
|
|
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
|
---
|
|
.../RngDxe/Rand/RdRand.c | 20 ++++++++++++-----
|
|
.../RngDxe/Rand/RngDxe.c | 7 ++++--
|
|
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 2 +-
|
|
.../RngDxe/RngDxeInternals.h | 22 ++++++++++++++++++-
|
|
4 files changed, 41 insertions(+), 10 deletions(-)
|
|
|
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
|
|
index 83025a47d4..853bf43148 100644
|
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
|
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
|
|
@@ -1,15 +1,23 @@
|
|
/** @file
|
|
- Support routines for RDRAND instruction access.
|
|
-
|
|
+ Support routines for RDRAND instruction access, which will leverage
|
|
+ Intel Secure Key technology to provide high-quality random numbers for use
|
|
+ in applications, or entropy for seeding other random number generators.
|
|
+ Refer to http://software.intel.com/en-us/articles/intel-digital-random-number
|
|
+ -generator-drng-software-implementation-guide/ for more information about Intel
|
|
+ Secure Key technology.
|
|
+
|
|
+Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
|
|
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
|
|
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
|
|
**/
|
|
+#include <Library/BaseLib.h>
|
|
+#include <Library/BaseMemoryLib.h>
|
|
#include <Library/RngLib.h>
|
|
+#include <Library/TimerLib.h>
|
|
|
|
#include "AesCore.h"
|
|
-#include "RdRand.h"
|
|
#include "RngDxeInternals.h"
|
|
|
|
/**
|
|
@@ -87,9 +95,9 @@ RdRandGetSeed128 (
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
-RdRandGenerateEntropy (
|
|
- IN UINTN Length,
|
|
- OUT UINT8 *Entropy
|
|
+GenerateEntropy (
|
|
+ IN UINTN Length,
|
|
+ OUT UINT8 *Entropy
|
|
)
|
|
{
|
|
EFI_STATUS Status;
|
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
|
index 834123b945..19755b3bfd 100644
|
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
|
@@ -14,13 +14,16 @@
|
|
- EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
|
|
- EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
|
|
|
|
+ Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
|
|
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
|
|
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
|
|
**/
|
|
|
|
-#include "RdRand.h"
|
|
+#include <Library/BaseLib.h>
|
|
+#include <Library/BaseMemoryLib.h>
|
|
+
|
|
#include "RngDxeInternals.h"
|
|
|
|
/**
|
|
@@ -88,7 +91,7 @@ RngGetRNG (
|
|
return EFI_INVALID_PARAMETER;
|
|
}
|
|
|
|
- Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
|
|
+ Status = GenerateEntropy (RNGValueLength, RNGValue);
|
|
return Status;
|
|
}
|
|
|
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
|
index f330097199..60efb5562e 100644
|
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
|
@@ -10,6 +10,7 @@
|
|
#
|
|
# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
|
|
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
|
|
+# Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
|
|
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
#
|
|
##
|
|
@@ -36,7 +37,6 @@
|
|
[Sources.IA32, Sources.X64]
|
|
Rand/RngDxe.c
|
|
Rand/RdRand.c
|
|
- Rand/RdRand.h
|
|
Rand/AesCore.c
|
|
Rand/AesCore.h
|
|
|
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
|
index 25cccbe92c..fcb8b69153 100644
|
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
|
@@ -10,6 +10,8 @@
|
|
#ifndef RNGDXE_INTERNALS_H_
|
|
#define RNGDXE_INTERNALS_H_
|
|
|
|
+#include <Protocol/Rng.h>
|
|
+
|
|
/**
|
|
Returns information about the random number generation implementation.
|
|
|
|
@@ -114,4 +116,22 @@ RngGetBytes (
|
|
OUT UINT8 *RandBuffer
|
|
);
|
|
|
|
-#endif // RNGDXE_INTERNALS_H_
|
|
+/**
|
|
+ Generate high-quality entropy source using a TRNG or through RDRAND.
|
|
+
|
|
+ @param[in] Length Size of the buffer, in bytes, to fill with.
|
|
+ @param[out] Entropy Pointer to the buffer to store the entropy data.
|
|
+
|
|
+ @retval EFI_SUCCESS Entropy generation succeeded.
|
|
+ @retval EFI_NOT_READY Failed to request random data.
|
|
+
|
|
+**/
|
|
+EFI_STATUS
|
|
+EFIAPI
|
|
+GenerateEntropy (
|
|
+ IN UINTN Length,
|
|
+ OUT UINT8 *Entropy
|
|
+ );
|
|
+
|
|
+#endif // RNGDXE_INTERNALS_H_
|
|
+
|
|
--
|
|
2.39.3
|
|
|