rpms/edk2
7
0
Fork 0
Code Issues Pull Requests Releases Activity
c9s
edk2/0037-SecurityPkg-RngDxe-add-rng-test.patch
Miroslav Rezanina 5872fb18b4 * Thu Jun 20 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-1 
- Rebase to edk2-stable202405
- Bumo openssl to 8e5beb77088b
- Resolves: RHEL-32486
  (rebase to edk2-stable202405 [rhel-9])
- Resolves: RHEL-36446
  (edk2: enable MOR [rhel-9])
- Resolves: RHEL-21653
  (CVE-2023-6237 edk2: openssl: Excessive time spent checking invalid RSA public keys [rhel-9])
- Resolves: RHEL-21150
  (CVE-2023-6129 edk2: mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC)
- Resolves: RHEL-22490
  (CVE-2024-0727 edk2: openssl: denial of service via null dereference [rhel-9])
2024-06-20 04:31:02 -04:00

44 lines
1.4 KiB
Diff
Raw Permalink Blame History

From 4947d363211159647e9266fa20ad9d4c8bc52f71 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 31 May 2024 09:49:13 +0200
Subject: [PATCH] SecurityPkg/RngDxe: add rng test
Check whenever RngLib actually returns random numbers, only return
a non-zero number of Algorithms if that is the case.
This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL
only in case it can actually deliver random numbers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit a61bc0accb8a76edba4f073fdc7bafc908df045d)
---
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
index 5723ed6957..8b0742bab6 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -23,6 +23,7 @@
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
+#include <Library/RngLib.h>
#include "RngDxeInternals.h"
@@ -43,7 +44,12 @@ GetAvailableAlgorithms (
VOID
)
{
- mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT;
+ UINT64 RngTest;
+
+ if (GetRandomNumber64 (&RngTest)) {
+ mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT;
+ }
+
return EFI_SUCCESS;
}
Reference in New Issue View Git Blame Copy Permalink