From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pg1-f195.google.com (mail-pg1-f195.google.com [209.85.215.195]) by mx.groups.io with SMTP id smtpd.web10.1681.1598981844893584117 for ; Tue, 01 Sep 2020 10:37:24 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20161025 header.b=VBjCjsg9; spf=pass (domain: gmail.com, ip: 209.85.215.195, mailfrom: matthewfcarlson@gmail.com) Received: by mail-pg1-f195.google.com with SMTP id d19so1045051pgl.10 for ; Tue, 01 Sep 2020 10:37:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=E98MLPZ/vh/qk1AgW1stKbLroWUw9CeQAX9+i2py8p4=; b=VBjCjsg91AOAL+s8CsK1oZ+ewdUd/wrBTds6w4x/o2K1TsdUkQ5RzqOMCcvse87ZIf XCMOWTjpcPSRuxRug9ALhskQciFY8NdBPuFCSyyRN0QkkSUl1Srlg3wf/JZ2PvaTLzqS Rczm1zdXXIEUG7GcC7L2dFPLT+PKdCD6fqMV2T1AiGA7RZSYMu87hhkvc6oWsQSleJyf 66ky7uht1QQA8froOOqNwVyApNBxNOjiFb1PIQE7QkKX953xkdu5Gn169jSsMnvIPYDr BV33Ukbn3oRIp0f/RdkITqsHD+ETr8XzPA6KZQwxfFKBgeYqQFhhPV0g34AXa0L+1dEL 2vvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=E98MLPZ/vh/qk1AgW1stKbLroWUw9CeQAX9+i2py8p4=; b=ruv8hzZQRzB8DG2ZSOrGs/hlItn7MZm4MHpimIJsUkJ6XeHL4R9dLsKm5XYc4lF1bo Gg5QUj1Gh+16lUWBNjNPWRBD0By+rvCmB+lCWvQTAJgcmcoX3xE7oeQiLdwNr0bj7h9y LkKwnWrsDZCFzb2/0oM0/lHMFT+CNv2oLe7ItBOOHFOZw+CvRxhlgGravYk78+90OQb9 T7EehD2aajenDqePMPDeS48lg7cIqQbrRECR+dcejxrCjOIK/wFuk20JRiDgyVakQIyr wVrcj+Y68zOFo7uMJwG3b4pjBM/V+sR0CQjPqxN39egT+zeJjSwx+gZVBxhmppCf9Xpl OZxQ== X-Gm-Message-State: AOAM531c5VC8Em8oiYc4qb1snxVjJmXLQ+YennGe+CYnpJ0jk7a+gl4y OVeWNI28x2m8f/EhXOeg0ax8VnKpZOOQEGhI X-Google-Smtp-Source: ABdhPJyB1zU/P4jX9EZEgHTvIPxl7clbIsMZDMxqo9DSyaItH2+qYLQ3qSiB5/b77Vp0sZWs+fKFvg== X-Received: by 2002:a63:5d5d:: with SMTP id o29mr1136945pgm.161.1598981844125; Tue, 01 Sep 2020 10:37:24 -0700 (PDT) Return-Path: Received: from tvis-name-05.localdomain ([50.34.58.90]) by smtp.gmail.com with ESMTPSA id w12sm2662003pfn.92.2020.09.01.10.37.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Sep 2020 10:37:23 -0700 (PDT) From: "Matthew Carlson" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Anthony Perard , Jiewen Yao , Jian J Wang , Julien Grall , Jordan Justen , Laszlo Ersek , Liming Gao , Leif Lindholm , Michael D Kinney , Xiaoyu Lu , Zhiguang Liu , Sean Brogan , Matthew Carlson Subject: [PATCH v10 0/5] Use RngLib instead of TimerLib for OpensslLib Date: Tue, 1 Sep 2020 10:37:22 -0700 Message-Id: <20200901173722.1634-1-matthewfcarlson@gmail.com> X-Mailer: git-send-email 2.28.0.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Matthew Carlson Hello all, This patch contains a fix for Bugzilla 1871. There's been a good bit of community discussion around the topic, so below follows a general overview of the discussion and what this patch does. This is the seventh iteration of this patch series, focused on code style and a few functions being renamed to comply with style. Back in Devel message#40590 (https://edk2.groups.io/g/devel/message/40590) around the patch series that updates OpenSSL to 1.1.1b, a comment was made that suggested that platforms be in charge of the entropy/randomness that is provided to OpenSSL as currently the entropry source seems to be a hand-rolled random number generator that uses the PerformanceCounter from TimerLib. This causes OpenSSL to depend on TimerLib, which is often platform specific. In addition to being a potentially weaker source of randomness, this also poses a challenge to compile BaseCryptLibOnProtocol with a platform- agnostic version of TimerLib that works universally. The solution here is to allow platform to specify their source of entropy in addition to providing two new RngLibs: one that uses the TimerLib as well as one that uses RngProtocol to provide randomness. Then the decision to use RDRAND or other entropy sources is up to the platform. Mixing various entropy sources is the onus of the platform. It has been suggested on Devel#40590 and BZ#1871 that there should be mixing of the PerformanceCounter and RDRAND using something similar to the yarrow alogirthm that FreeBSD uses for example. This patch series doesn't offer an RngLib that offers that sort of mixing as the ultimate source of random is defined by the platform. This patch series offers three benefits: 1. Dependency reduction: Removes the need for a platform specific timer library. We publish a single binary used on numerous platforms for crypto and the introduced timer lib dependency caused issues because we could not fulfill our platform needs with one library instance. 2. Code maintenance: Removing this additional code and leveraging an existing library within Edk2 means less code to maintain. 3. Platform defined quality: A platform can choose which instance to use and the implications of that instance. This patch series seeks to address five seperate issues. 1) Use RngLib interface to generate random entropy in rand_pool 2) Remove dependency on TimerLib in OpensslLib 3) Add a new version of RngLib implemented by TimerLib 4) Add a new version of RngLib implemented by EFI_RNG_PROTOCOL 5) Add RngLib to platforms in EDK2 such as ArmVirtPkg and OvmfPkg Since this changes the dependencies of OpenSSL, this has the potential of being a breaking change for platforms in edk2-platforms. The easiest solution is just to use the RngLib that uses the TimerLib as this closely mimics the behavior of OpenSSL prior to this patch series. There is also a null version of RngLib for CI environments that need this change (https://edk2.groups.io/g/devel/message/50432). Though it should be pointed out that in CI environments, the null version of BaseCryptLib or OpenSSL should be used. In addition, it has been suggested that 1) Add AsmRdSeed to BaseLib. 2) Update BaseRngLib to use AsmRdSeed() for the random number, if RdSeed is supported (CPUID BIT18) However, this is largely out of scope for this particular patch series and will likely need to be in a follow-up series later. It is my understanding that the OpenSSL code uses the values provided as a randomness pool rather than a seed or random numbers itself, so the requirements for randomness are not quite as stringent as other applications. For the ArmVirtPkg and OvmfPkg platforms, the patch series here just adds in the TimerLib based RngLib as that is similar to the functionality of before. It is added as a common library so any custom RngLib defined in the DSC should take precedence over the TimerLibRngLib. Ref: https://github.com/tianocore/edk2/pull/845 Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1871 Patch Series History: v10 - addressed comments from Liming removing magic numbers and adding DebugLib to TimerRngLib v8 - addressed comments from Ard and Mike around code style for DxeRngLib and BaseRngLibTimerLib v7 - addressed comments from Lazlo and Ard for further fixes around OvmfPkg v6 - addressed comments from Lazlo and Ard for fixes around OvmfPkg v5 - moved additions for OvmfPkg and ArmVirtPkg to correct positions v4 - added more information to various commit messages v3 - addressed comments from Mike K around fixes to BaseRngLibTimer delays v2 - renamed some libraries to fit with naming conventions Cc: Ard Biesheuvel Cc: Anthony Perard Cc: Jiewen Yao Cc: Jian J Wang Cc: Julien Grall Cc: Jordan Justen Cc: Laszlo Ersek Cc: Liming Gao Cc: Leif Lindholm Cc: Michael D Kinney Cc: Xiaoyu Lu Cc: Zhiguang Liu Cc: Sean Brogan Signed-off-by: Matthew Carlson Matthew Carlson (5): MdePkg: TimerRngLib: Added RngLib that uses TimerLib MdePkg: BaseRngLibDxe: Add RngLib that uses RngDxe OvmfPkg: Add RngLib based on TimerLib for Crypto ArmVirtPkg: Add RngLib based on TimerLib for CryptoPkg CryptoPkg: OpensslLib: Use RngLib to generate entropy in rand_pool CryptoPkg/Library/OpensslLib/rand_pool.c | 269 +++++--------------- CryptoPkg/Library/OpensslLib/rand_pool_noise.c | 29 --- CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c | 43 ---- MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c | 189 ++++++++++++++ MdePkg/Library/DxeRngLib/DxeRngLib.c | 199 +++++++++++++++ ArmVirtPkg/ArmVirt.dsc.inc | 1 + CryptoPkg/CryptoPkg.ci.yaml | 4 +- CryptoPkg/CryptoPkg.dsc | 1 + CryptoPkg/Library/OpensslLib/OpensslLib.inf | 15 +- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 15 +- CryptoPkg/Library/OpensslLib/rand_pool_noise.h | 29 --- MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 36 +++ MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni | 15 ++ MdePkg/Library/DxeRngLib/DxeRngLib.inf | 38 +++ MdePkg/Library/DxeRngLib/DxeRngLib.uni | 15 ++ MdePkg/MdePkg.dsc | 5 +- OvmfPkg/Bhyve/BhyveX64.dsc | 1 + OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/OvmfXen.dsc | 1 + 21 files changed, 570 insertions(+), 338 deletions(-) delete mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c delete mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c create mode 100644 MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c create mode 100644 MdePkg/Library/DxeRngLib/DxeRngLib.c delete mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h create mode 100644 MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf create mode 100644 MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni create mode 100644 MdePkg/Library/DxeRngLib/DxeRngLib.inf create mode 100644 MdePkg/Library/DxeRngLib/DxeRngLib.uni -- 2.28.0.windows.1