From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.243]) by mx.groups.io with SMTP id smtpd.web11.32254.1599441808870361299 for ; Sun, 06 Sep 2020 18:23:29 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=none, err=permanent DNS error (domain: byosoft.com.cn, ip: 58.240.74.243, mailfrom: gaoliming@byosoft.com.cn) Received: from DESKTOPS6D0PVI ([58.246.60.130]) (envelope-sender ) by 192.168.6.13 with ESMTP for ; Mon, 07 Sep 2020 09:23:21 +0800 X-WM-Sender: gaoliming@byosoft.com.cn X-WM-AuthFlag: YES X-WM-AuthUser: gaoliming@byosoft.com.cn From: "gaoliming" To: , Cc: "'Ard Biesheuvel'" , "'Anthony Perard'" , "'Jiewen Yao'" , "'Jian J Wang'" , "'Julien Grall'" , "'Jordan Justen'" , "'Laszlo Ersek'" , "'Liming Gao'" , "'Leif Lindholm'" , "'Michael D Kinney'" , "'Xiaoyu Lu'" , "'Zhiguang Liu'" , "'Sean Brogan'" References: <20200901173722.1634-1-matthewfcarlson@gmail.com> In-Reply-To: <20200901173722.1634-1-matthewfcarlson@gmail.com> Subject: =?UTF-8?B?5Zue5aSNOiBbZWRrMi1kZXZlbF0gW1BBVENIIHYxMCAwLzVdIFVzZSBSbmdMaWIgaW5zdGVhZCBvZiBUaW1lckxpYiBmb3IgT3BlbnNzbExpYg==?= Date: Mon, 7 Sep 2020 09:23:20 +0800 Message-ID: <001001d684b5$79629860$6c27c920$@byosoft.com.cn> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQG4aIiVdNeLnJGQY9DLgN24nuriJqmYmRNA Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable Content-Language: zh-cn Mattthew: Thanks for your update. The changes in MdePkg are good to me.=20 Reviewed-by: Liming Gao Thanks Liming > -----=D3=CA=BC=FE=D4=AD=BC=FE----- > =B7=A2=BC=FE=C8=CB: bounce+27952+64916+4905953+8761045@groups.io > =B4=FA=B1=ED Matthew > Carlson > =B7=A2=CB=CD=CA=B1=BC=E4: 2020=C4=EA9=D4=C22=C8=D5 1:37 > =CA=D5=BC=FE=C8=CB: devel@edk2.groups.io > =B3=AD=CB=CD: Ard Biesheuvel ; Anthony Perard > ; Jiewen Yao ; Jian J > Wang ; Julien Grall ; Jordan Just= en > ; Laszlo Ersek ; Liming Ga= o > ; Leif Lindholm ; Michael D > Kinney ; Xiaoyu Lu ; > Zhiguang Liu ; Sean Brogan > ; Matthew Carlson > > =D6=F7=CC=E2: [edk2-devel] [PATCH v10 0/5] Use RngLib instead of TimerLi= b for > OpensslLib >=20 > From: Matthew Carlson >=20 > Hello all, >=20 > This patch contains a fix for Bugzilla 1871. > There's been a good bit of community discussion around the topic, > so below follows a general overview of the discussion and what this patc= h > does. >=20 > This is the seventh iteration of this patch series, focused on code styl= e and a > few functions being renamed to comply with style. >=20 > Back in Devel message#40590 > (https://edk2.groups.io/g/devel/message/40590) > around the patch series that updates OpenSSL to 1.1.1b, a comment was > made > that suggested that platforms be in charge of the entropy/randomness tha= t > is provided to OpenSSL as currently the entropry source seems to be a > hand-rolled random number generator that uses the PerformanceCounter > from > TimerLib. This causes OpenSSL to depend on TimerLib, which is often platform > specific. In addition to being a potentially weaker source of randomness= , > this also poses a challenge to compile BaseCryptLibOnProtocol with a > platform- > agnostic version of TimerLib that works universally. >=20 > The solution here is to allow platform to specify their source of entrop= y in > addition to providing two new RngLibs: one that uses the TimerLib as wel= l as > one that uses RngProtocol to provide randomness. Then the decision to us= e > RDRAND or other entropy sources is up to the platform. Mixing various > entropy > sources is the onus of the platform. It has been suggested on Devel#4059= 0 > and > BZ#1871 that there should be mixing of the PerformanceCounter and > RDRAND using > something similar to the yarrow alogirthm that FreeBSD uses for example. > This > patch series doesn't offer an RngLib that offers that sort of mixing as the > ultimate source of random is defined by the platform. >=20 > This patch series offers three benefits: > 1. Dependency reduction: Removes the need for a platform specific timer > library. We publish a single binary used on numerous platforms for > crypto and the introduced timer lib dependency caused issues because we > could not fulfill our platform needs with one library instance. >=20 > 2. Code maintenance: Removing this additional code and leveraging an > existing > library within Edk2 means less code to maintain. >=20 > 3. Platform defined quality: A platform can choose which instance to use and > the implications of that instance. >=20 > This patch series seeks to address five seperate issues. > 1) Use RngLib interface to generate random entropy in rand_pool > 2) Remove dependency on TimerLib in OpensslLib > 3) Add a new version of RngLib implemented by TimerLib > 4) Add a new version of RngLib implemented by EFI_RNG_PROTOCOL > 5) Add RngLib to platforms in EDK2 such as ArmVirtPkg and OvmfPkg >=20 > Since this changes the dependencies of OpenSSL, this has the potential o= f > being > a breaking change for platforms in edk2-platforms. The easiest solution = is just > to use the RngLib that uses the TimerLib as this closely mimics the behavior of > OpenSSL prior to this patch series. There is also a null version of RngL= ib for > CI environments that need this change > (https://edk2.groups.io/g/devel/message/50432). Though it should be > pointed out > that in CI environments, the null version of BaseCryptLib or OpenSSL should > be > used. >=20 > In addition, it has been suggested that > 1) Add AsmRdSeed to BaseLib. > 2) Update BaseRngLib to use AsmRdSeed() for the random number, > if RdSeed is supported (CPUID BIT18) >=20 > However, this is largely out of scope for this particular patch series a= nd > will likely need to be in a follow-up series later. >=20 > It is my understanding that the OpenSSL code uses the values provided as= a > randomness pool rather than a seed or random numbers itself, so the > requirements for randomness are not quite as stringent as other applications. >=20 > For the ArmVirtPkg and OvmfPkg platforms, the patch series here just add= s in > the TimerLib based RngLib as that is similar to the functionality of before. > It is added as a common library so any custom RngLib defined in the DSC > should take precedence over the TimerLibRngLib. >=20 > Ref: https://github.com/tianocore/edk2/pull/845 > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1871 >=20 > Patch Series History: > v10 - addressed comments from Liming removing magic numbers and adding > DebugLib to TimerRngLib > v8 - addressed comments from Ard and Mike around code style for DxeRngLi= b > and BaseRngLibTimerLib > v7 - addressed comments from Lazlo and Ard for further fixes around OvmfPkg > v6 - addressed comments from Lazlo and Ard for fixes around OvmfPkg > v5 - moved additions for OvmfPkg and ArmVirtPkg to correct positions > v4 - added more information to various commit messages > v3 - addressed comments from Mike K around fixes to BaseRngLibTimer > delays > v2 - renamed some libraries to fit with naming conventions >=20 > Cc: Ard Biesheuvel > Cc: Anthony Perard > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Julien Grall > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Liming Gao > Cc: Leif Lindholm > Cc: Michael D Kinney > Cc: Xiaoyu Lu > Cc: Zhiguang Liu > Cc: Sean Brogan >=20 > Signed-off-by: Matthew Carlson >=20 > Matthew Carlson (5): > MdePkg: TimerRngLib: Added RngLib that uses TimerLib > MdePkg: BaseRngLibDxe: Add RngLib that uses RngDxe > OvmfPkg: Add RngLib based on TimerLib for Crypto > ArmVirtPkg: Add RngLib based on TimerLib for CryptoPkg > CryptoPkg: OpensslLib: Use RngLib to generate entropy in rand_pool >=20 > CryptoPkg/Library/OpensslLib/rand_pool.c | 269 > +++++--------------- > CryptoPkg/Library/OpensslLib/rand_pool_noise.c | 29 --- > CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c | 43 ---- > MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c | 189 > ++++++++++++++ > MdePkg/Library/DxeRngLib/DxeRngLib.c | 199 > +++++++++++++++ > ArmVirtPkg/ArmVirt.dsc.inc | 1 + > CryptoPkg/CryptoPkg.ci.yaml | 4 +- > CryptoPkg/CryptoPkg.dsc | 1 + > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 15 +- > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 15 +- > CryptoPkg/Library/OpensslLib/rand_pool_noise.h | 29 --- > MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 36 +++ > MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni | 15 ++ > MdePkg/Library/DxeRngLib/DxeRngLib.inf | 38 +++ > MdePkg/Library/DxeRngLib/DxeRngLib.uni | 15 ++ > MdePkg/MdePkg.dsc | > 5 +- > OvmfPkg/Bhyve/BhyveX64.dsc | 1 > + > OvmfPkg/OvmfPkgIa32.dsc | 1 > + > OvmfPkg/OvmfPkgIa32X64.dsc | 1 > + > OvmfPkg/OvmfPkgX64.dsc | 1 > + > OvmfPkg/OvmfXen.dsc | > 1 + > 21 files changed, 570 insertions(+), 338 deletions(-) > delete mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c > delete mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > create mode 100644 MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c > create mode 100644 MdePkg/Library/DxeRngLib/DxeRngLib.c > delete mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h > create mode 100644 > MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf > create mode 100644 > MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni > create mode 100644 MdePkg/Library/DxeRngLib/DxeRngLib.inf > create mode 100644 MdePkg/Library/DxeRngLib/DxeRngLib.uni >=20 > -- > 2.28.0.windows.1 >=20 >=20 >=20