From: "Laszlo Ersek" <lersek@redhat.com>
To: "Wang, Jian J" <jian.j.wang@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"Lu, XiaoyuX" <xiaoyux.lu@intel.com>
Cc: "Ye, Ting" <ting.ye@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Date: Tue, 14 May 2019 17:08:17 +0200 [thread overview]
Message-ID: <328ede09-9511-9af5-4286-ed9ccede87fc@redhat.com> (raw)
In-Reply-To: <D827630B58408649ACB04F44C5100036258F9B4D@SHSMSX107.ccr.corp.intel.com>
On 05/14/19 15:25, Wang, Jian J wrote:
> Laszlo,
>
>
>> -----Original Message-----
>> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
>> Laszlo Ersek
>> Sent: Tuesday, May 14, 2019 6:59 PM
>> To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io; Lu, XiaoyuX
>> <xiaoyux.lu@intel.com>
>> Cc: Ye, Ting <ting.ye@intel.com>
>> Subject: Re: [edk2-devel] [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b
>>
>> Hi Jian,
>>
>> On 05/14/19 09:03, Wang, Jian J wrote:
>>>> -----Original Message-----
>>>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>>>> Sent: Tuesday, May 14, 2019 12:15 AM
>>>> To: devel@edk2.groups.io; Wang, Jian J <jian.j.wang@intel.com>; Lu,
>> XiaoyuX
>>>> <xiaoyux.lu@intel.com>
>>>> Cc: Ye, Ting <ting.ye@intel.com>
>>>> Subject: Re: [edk2-devel] [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to
>> 1.1.1b
>>
>>>> Honestly the best I could suggest is, "use RDRAND if available, fall
>>>> back to TimerLib otherwise". :( But I would understand if you wanted to
>>>> postpone RDRAND until later.
>>
>>> Actually we wanted to use hardware seed/rand generator at first. I
>>> thought it might not be acceptable due to the fact it's processor
>>> dependent. So we hesitated. My understanding to above comment
>>> is that you agree to use rdrand/rdseed if available and fall back to
>>> TimerLib otherwise, right?
>>
>> I've now tried to read up a little bit on RDRAND. It seems that crypto
>> folks do not universally trust RDRAND. Some people reject RDRAND
>> completely, while others are willing to use RDRAND as *one* source for
>> entropy, but they always mix it with other entropy sources. But even
>> that practice is not acceptable to some people, saying that RDRAND can
>> be used to compromise those other entropy sources, dependent on the
>> mixing details. It seems that FreeBSD at the least uses the Yarrow
>> algorithm for mixing, which comes with its own complexities.
>>
>> As much as I dislike it, at the moment I cannot recommend anything
>> better than just TimerLib. I'm not satisfied with TimerLib, but I don't
>> know enough to suggest an improvement. RDRAND looked like a good entropy
>> source, but then reading up on people's opinions on it, gave me pause.
>>
>> In the longer term, I believe a serious reorganization of BaseCryptLib /
>> OpensslLib / etc might help. Namely, move the seeding / entropy
>> collection out of these low-level libraries, and force all dependent
>> modules (drivers and such) to provide their own entropy.
>>
>> Then, privileged drivers (e.g. SMM drivers) could use a low-level
>> platform device for collecting randomness, without depending on 3rd
>> party UEFI drivers. Less privileged drivers (such as for HTTPS boot)
>> could perhaps consume EFI_RNG_PROTOCOL, or maybe some protocol /
>> abstraction exposed by TPM drivers.
>>
>> I guess it's OK if we stick with TimerLib for this OpenSSL version upgrade.
>>
>
> I'm not aware of the rdrand stories. Since there're concerns in the instruction,
> I agree not to use it in this patch series and we need a reorganization or even
> re-design for the random interface in the future.
>
> To avoid any misunderstanding, let me summarize what will be done in the v4:
>
> TSC is used as first entropy source if it's available and fall back to TimerLib
> otherwise. AES block cipher will be used to increase entropy rate or reduce
> bias (NIST SP800-90B).
Side comment: I don't think you can increase the entropy rate by
choosing an AES block cipher. You can increase the entropy rate by using
a better entropy source, or by using additional entropy sources. What
AES can help with is to distribute the entropy over all bits in the
block, from the low order bits of the entropy source ("avalanche effect").
> Please confirm above implementation then we'll provide a v4 tomorrow.
Main comment: yes, the above approach looks fine to me, thank you.
Cheers
Laszlo
>
>> Can we please document the use of platform timers as entropy sources
>> (including the TSC) in the following wiki article?
>>
>> https://github.com/tianocore/tianocore.github.io/wiki/CryptoPkg
>>
>> I'm not asking for many details, just a short summary of the fact and
>> why we do this.
>>
>
> Sure.
>
> Regards,
> Jian
>
>> Thanks
>> Laszlo
>>
>>
>
next prev parent reply other threads:[~2019-05-14 15:08 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-09 5:23 [PATCH v2 1/6] CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL Xiaoyu lu
2019-05-09 5:23 ` [PATCH v2 2/6] CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl Xiaoyu lu
2019-05-09 13:42 ` [edk2-devel] " Laszlo Ersek
2019-05-10 8:51 ` Xiaoyu lu
2019-05-13 15:12 ` Laszlo Ersek
2019-05-14 12:41 ` Xiaoyu lu
2019-05-14 15:11 ` Laszlo Ersek
2019-05-09 5:23 ` [PATCH v2 3/6] CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue Xiaoyu lu
2019-05-09 17:16 ` [edk2-devel] " Laszlo Ersek
2019-05-09 5:23 ` [PATCH v2 4/6] CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL Xiaoyu lu
2019-05-09 13:48 ` [edk2-devel] " Laszlo Ersek
2019-05-09 5:23 ` [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b Xiaoyu lu
2019-05-09 17:15 ` [edk2-devel] " Laszlo Ersek
2019-05-09 17:30 ` Laszlo Ersek
2019-05-10 10:26 ` Wang, Jian J
2019-05-13 16:14 ` Laszlo Ersek
2019-05-14 7:03 ` Wang, Jian J
2019-05-14 10:58 ` Laszlo Ersek
2019-05-14 13:25 ` Wang, Jian J
2019-05-14 15:08 ` Laszlo Ersek [this message]
2019-05-09 20:58 ` Laszlo Ersek
2019-05-10 8:51 ` Xiaoyu lu
2019-05-09 5:23 ` [PATCH v2 6/6] CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible Xiaoyu lu
2019-05-09 14:01 ` [edk2-devel] " Laszlo Ersek
2019-05-09 14:20 ` Wang, Jian J
2019-05-09 21:34 ` Laszlo Ersek
2019-05-09 11:32 ` [edk2-devel] [PATCH v2 1/6] CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=328ede09-9511-9af5-4286-ed9ccede87fc@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox