From 7719d41979ef6e376d183c70cd47951ff5bf6ef1 Mon Sep 17 00:00:00 2001 From: Jon Maloy Date: Thu, 20 Jun 2024 10:33:43 -0400 Subject: [PATCH 5/8] SecurityPkg/RngDxe: add rng test RH-Author: Jon Maloy RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237 RH-Jira: RHEL-40270 RHEL-40272 RH-Acked-by: Gerd Hoffmann RH-Commit: [5/8] 84a58daaed0ee81ebed501392be33338da575df6 JIRA: https://issues.redhat.com/browse/RHEL-40270 Upstream: Merged CVE: CVE-2023-45237 commit a61bc0accb8a76edba4f073fdc7bafc908df045d Author: Gerd Hoffmann Date: Fri May 31 09:49:13 2024 +0200 SecurityPkg/RngDxe: add rng test Check whenever RngLib actually returns random numbers, only return a non-zero number of Algorithms if that is the case. This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL only in case it can actually deliver random numbers. Signed-off-by: Gerd Hoffmann Signed-off-by: Jon Maloy Check whenever RngLib actually returns random numbers, only return a non-zero number of Algorithms if that is the case. This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL only in case it can actually deliver random numbers. Signed-off-by: Gerd Hoffmann --- SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c index 7e06e16e4b..285b5f46e7 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c @@ -23,6 +23,7 @@ #include #include +#include #include "RngDxeInternals.h" @@ -43,7 +44,12 @@ GetAvailableAlgorithms ( VOID ) { - mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT; + UINT64 RngTest; + + if (GetRandomNumber64 (&RngTest)) { + mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT; + } + return EFI_SUCCESS; } -- 2.39.3