edk2/SOURCES/edk2-SecurityPkg-RngDxe-add-rng-test.patch

72 lines
2.1 KiB
Diff

From 7719d41979ef6e376d183c70cd47951ff5bf6ef1 Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Thu, 20 Jun 2024 10:33:43 -0400
Subject: [PATCH 5/8] SecurityPkg/RngDxe: add rng test
RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
RH-Jira: RHEL-40270 RHEL-40272
RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [5/8] 84a58daaed0ee81ebed501392be33338da575df6
JIRA: https://issues.redhat.com/browse/RHEL-40270
Upstream: Merged
CVE: CVE-2023-45237
commit a61bc0accb8a76edba4f073fdc7bafc908df045d
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri May 31 09:49:13 2024 +0200
SecurityPkg/RngDxe: add rng test
Check whenever RngLib actually returns random numbers, only return
a non-zero number of Algorithms if that is the case.
This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL
only in case it can actually deliver random numbers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Check whenever RngLib actually returns random numbers, only return
a non-zero number of Algorithms if that is the case.
This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL
only in case it can actually deliver random numbers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
index 7e06e16e4b..285b5f46e7 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -23,6 +23,7 @@
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
+#include <Library/RngLib.h>
#include "RngDxeInternals.h"
@@ -43,7 +44,12 @@ GetAvailableAlgorithms (
VOID
)
{
- mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT;
+ UINT64 RngTest;
+
+ if (GetRandomNumber64 (&RngTest)) {
+ mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT;
+ }
+
return EFI_SUCCESS;
}
--
2.39.3