SecurityPkg: RngDxe: Remove incorrect limitation on GetRng

Removed from gEfiRngAlgorithmRaw an incorrect assumption that Raw cannot return less than 256 bits. The DRNG Algorithms should always use a 256 bit seed as per nist standards however a caller is free to request less than 256 bits. > > // > // When a DRBG is used on the output of a entropy source, > // its security level must be at least 256 bits according to UEFI Spec. > // > if (RNGValueLength < 32) { > return EFI_INVALID_PARAMETER; > } > AARCH64 platforms do not have this limitation and this brings both implementations into alignment with each other and the spec. Cc: Jiewen Yao <[email protected]> Signed-off-by: Doug Flick [MSFT] <[email protected]> Reviewed-by: Ard Biesheuvel <[email protected]>
Flickdm · May 20, 2024 · 8ae4d50 · 8ae4d50
1 parent 21d9f0f
commit 8ae4d50
Showing 1 changed file with 0 additions and 8 deletions.
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -116,14 +116,6 @@ RngGetRNG (
   // The "raw" algorithm is intended to provide entropy directly
   //
   if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
-    //
-    // When a DRBG is used on the output of a entropy source,
-    // its security level must be at least 256 bits according to UEFI Spec.
-    //
-    if (RNGValueLength < 32) {
-      return EFI_INVALID_PARAMETER;
-    }
-
     Status = GenerateEntropy (RNGValueLength, RNGValue);
     return Status;
   }