From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web11.1886.1596241540365649259 for ; Fri, 31 Jul 2020 17:25:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=mOi4AwqC; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: jiewen.yao@intel.com) IronPort-SDR: B09sVSxfw6hue8gNEbElNJYdyU6Gn1hJCet0kOWGt5aLxlQmgNdeAGA5Z9+0D7+VIXyN/Q2BPy qnxhi+jKkY9g== X-IronPort-AV: E=McAfee;i="6000,8403,9699"; a="139860112" X-IronPort-AV: E=Sophos;i="5.75,420,1589266800"; d="scan'208";a="139860112" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Jul 2020 17:25:39 -0700 IronPort-SDR: TE61kG/ho+yUqE6jRft2iDKIaZpEcDgr3P4FJ2rdgZrNLeXRfQ3xtAcZXYqoQ1uO1GvtCG3oVE WxzLcwtvAJiw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,420,1589266800"; d="scan'208";a="491711946" Received: from orsmsx605.amr.corp.intel.com ([10.22.229.18]) by fmsmga005.fm.intel.com with ESMTP; 31 Jul 2020 17:25:38 -0700 Received: from orsmsx605.amr.corp.intel.com (10.22.229.18) by ORSMSX605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Fri, 31 Jul 2020 17:25:38 -0700 Received: from orsmsx110.amr.corp.intel.com (10.22.240.8) by orsmsx605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Fri, 31 Jul 2020 17:25:38 -0700 Received: from ORSEDG001.ED.cps.intel.com (10.7.248.4) by ORSMSX110.amr.corp.intel.com (10.22.240.8) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 31 Jul 2020 17:25:37 -0700 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.169) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 31 Jul 2020 17:25:37 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aBjaNSbBaDpA9mNS2wX6IRsxje1j0+oiueQNE0ldQHHU8zbnf//qt6SOk5qr7Kx9XSPZ1TyaYxa+U/3lu8qE7FeT1F0qa2Q8+jRkci+oEUrg3a2WMq8igiFQGn1YMPZJorVmAV95oxIB2//17Op1O9iWuyvDUEO7DDi4Rb+BqsrHmtB4CGE9mM29/8QIZKWCyNORJHaEHX4YyYwW0NSJZDQig9gBeXvhiYRTx4+ZLHsSepMKs8qVtU4K/cysLVU1RhgZtxbXB5P/XlHJijJPQyrmUWnW6YYYlpZ2JOnisyALa9xBdPn4uv2c4HsSI1GXf+WAuMBGyBdmTLCpkaU5rA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xaC4zh3MLK2cu9iW1+liAhYZ+xAgq8YZ7rxB2/5BQfk=; b=TbSWhD+AEuqnwxtPrHWHFg2VAmLXpO34zr8B7ih0CJ0Jm8wA5w1u+C43WFvAxGIbvzzohJorb/pQKr5FKC/FFPLgWshX7a4qk2sA44L/xQRzCRTKrxgIfeA0k+xkdg2U9V8Rnup+edEdqv1JO1pk5RaeheCgHqzg0hKVkklCHWEDjd9b3xJhS9TijZJ+JLjGkvGRxeI6bGgIIzni1NYnT0r64HRNC4/m5Zw0H3hG/39ryPDWtpqirtZET5H0B8z81hRPgvrF0wYWlMiQSLfAzUiF4nneNUbAfKKcPpr3C8raBTkRhbvWeEu8R72+x6w71R+fuM5P/RLz0xHuhV87UA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xaC4zh3MLK2cu9iW1+liAhYZ+xAgq8YZ7rxB2/5BQfk=; b=mOi4AwqCoAJlXm/hNOLgV+BHNW2kB1izO8hgcErL05O2swyA0WnC3JZkLNkmoc3ZKCs02lrYU+KdZagseX2f2i9UZlfd9E3UevonU66Myl8LToeI+pHkYnGf+MX6X5UT/2Kzd7GPHmuxptgJ7Eob10DCSW2CqxBJc5AwaQ11I/Y= Received: from BN6PR11MB1284.namprd11.prod.outlook.com (2603:10b6:404:49::9) by BN8PR11MB3540.namprd11.prod.outlook.com (2603:10b6:408:81::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.17; Sat, 1 Aug 2020 00:25:36 +0000 Received: from BN6PR11MB1284.namprd11.prod.outlook.com ([fe80::d04c:a532:881a:1d2f]) by BN6PR11MB1284.namprd11.prod.outlook.com ([fe80::d04c:a532:881a:1d2f%4]) with mapi id 15.20.3239.020; Sat, 1 Aug 2020 00:25:36 +0000 From: "Yao, Jiewen" To: "matthewfcarlson@gmail.com" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Lu, XiaoyuX" Subject: Re: [PATCH v3 1/3] CryptoPkg: OpensslLib: Use RngLib to generate entropy in rand_pool Thread-Topic: [PATCH v3 1/3] CryptoPkg: OpensslLib: Use RngLib to generate entropy in rand_pool Thread-Index: AQHWZ3kC7dwdaE0ZDE+rL1AOazqpBakiYOKw Date: Sat, 1 Aug 2020 00:25:35 +0000 Message-ID: References: <20200731202712.1759-1-matthewfcarlson@gmail.com> <20200731202712.1759-2-matthewfcarlson@gmail.com> In-Reply-To: <20200731202712.1759-2-matthewfcarlson@gmail.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiM2E0ZWNjMWMtNDJiNi00OGIwLWEwOTItMjNmMjA0NzkyZjUyIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiUzFUNVR2V0dUZXJTeFlGcGt3T3JMSG1ScHphS2FHVlNGOStuMENLVFwvTGVONEhkd3JqUHFtNGUrNytMT2NhSnIifQ== x-ctpclassification: CTP_NT dlp-version: 11.2.0.6 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.198] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5210a40c-16dc-4795-0340-08d835b1690a x-ms-traffictypediagnostic: BN8PR11MB3540: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4941; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: gOvZN05+LTkvnlOPM52fql+ukp0GS8YcBpaHkQEvM4WrHoY5DF5OawfvdrJ+dy2lZ1kXWFUhzjBfxaIyN1hkze8tNisl6eCcVfR845cgVrWOGU+39hsZP8pptXlPz2joqZfp7kDaKgmUaVNG+vIROtNBzenF7tOPN67CUSMR81iM2X/kHntqXQJeTfWC8oCJqlAqHvJd3duhTYH+PFiGH0IoJSX5SK0MG14EfuAUOY2uuRCKmuyNEm9p+QYsOSXYEC2rKCalhwWV11+9uUrGk1Ig4AqkcN1lAxUryKgguVH9UCGfps5Ybxt9DK1wDWgpGHLGpwmr13pKwGhF4COczLBVoUkjy3bDOsfGJmN3hehkn5GAPI1GQsD9G2P38zow+1gbwohCU0XDa6rPvd1NTg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN6PR11MB1284.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(396003)(136003)(39860400002)(376002)(346002)(366004)(966005)(4326008)(478600001)(107886003)(2906002)(9686003)(55016002)(8676002)(8936002)(66946007)(83380400001)(66446008)(64756008)(66556008)(66476007)(76116006)(26005)(186003)(30864003)(86362001)(71200400001)(19627235002)(52536014)(33656002)(5660300002)(110136005)(54906003)(6506007)(53546011)(316002)(7696005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: fzzn3mqzN59F0jfCf6qzKmj3V4PlngKCY59z038NuQh3gJi9Z4pu67aZs2z4YmbxfMbKOy+gEb8q0hBpvpIUGQYZSovBz+KrV2L/Y9ylYp5PXTjyQOJukBAJKop2b3bhduiBaS97mdA7/6LWlqG/I1gxhe8crsqqYa1feCyONA5aGqv7qJcFjaAd5mUZ8dH/jSgGAQigucHNmSeCs++U5kmJkhqqnzPNmCIWmcEA9Fl9O0OhLp0uBKE5ldwU6K154baPbVrYj4EpAfeMuUIsRX+KQYUBLprZ8DdqUOIluiCodoVE/kxNXP+erJqNWXbzSHjy2m/rxMc5kAawPXRKIZigHPNMY1hu4G9ObRFlZweq/GcoFptQoyuOmC0qJSpqjr1kU1ovDyQi97Aulk+aPdA/EXnfYKu5YDWNbHlliW/4FhDyKR6WSj0KrECODgRnu6N0vNcvsFCdo1sN6a8V7JSLsbTwpmEP6R0Cd+bDQMIidT4pVKERjXKKAoYWJWIc5lY/HsiEhxU7lCE5R7jihVfi8mFFfZ4GO7Rowq+ST/VsNKwX/A8+Yt+/nY/UIeXFg1T9ZHcg8bbfXO1kpVr4HqMsqqcMzVjeWtlsFdxwRfMFbaeuMOKUeH2StqrjAHVfEnmlOt6J5yFgUI7jvE+MTA== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1284.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5210a40c-16dc-4795-0340-08d835b1690a X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Aug 2020 00:25:35.9962 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 82+9DitR1Dg/fc3DHo5JMv5UJvgR6qhu2Rp19/a7AuJ/bgvNlk3L3AKMemHBhy1XgT9TaNGLbTbW832AtUN1CA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3540 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi I have read https://bugzilla.tianocore.org/show_bug.cgi?id=3D1871 I would like to give R-B, because the code matches what described in Bugzil= la. Before that, I would like double confirm on the randomness requirement. According to https://software.intel.com/content/www/us/en/develop/blogs/the= -difference-between-rdrand-and-rdseed.html, the RDSEED is a "Non-determinis= tic random bit generator", while RDRAND is a "Cryptographically secure pseu= dorandom number generator" Before this patch: rand_pool_acquire_entropy()-> RandGetSeed128()->MicroSecondDelay()+RandGetB= ytes()->GetRandomNoise64()->AsmReadTsc()+MicroSecondDelay(). rand_pool_add_nonce_data()->GetPerformanceCounter()+RandGetBytes() It seems return TSC and TimerCounter. After this patch: rand_pool_acquire_entropy()->RandGetBytes()->GetRandomNumber64()->AsmRdRand= 64(). rand_pool_add_nonce_data()->RandGetBytes() It becomes pseudorandom. So the meaning of the function seems changed. I have not checked the randomness requirement for those two functions yet. But could anyone confirm that a pseudorandom value returned is OK? Or should we use RDSEED for non-deterministic value? Thank you Yao Jiewen > -----Original Message----- > From: matthewfcarlson@gmail.com > Sent: Saturday, August 1, 2020 4:27 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Lu, XiaoyuX ; Matthew Carlson > > Subject: [PATCH v3 1/3] CryptoPkg: OpensslLib: Use RngLib to generate ent= ropy > in rand_pool >=20 > From: Matthew Carlson >=20 > Changes OpenSSL to no longer depend on TimerLib and instead use RngLib. > This allows platforms to decide for themsevles what sort of entropy sourc= e > they provide to OpenSSL and TlsLib. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Xiaoyu Lu > Signed-off-by: Matthew Carlson > --- > CryptoPkg/Library/OpensslLib/rand_pool.c | 203 ++-------------= ----- > CryptoPkg/Library/OpensslLib/rand_pool_noise.c | 29 --- > CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c | 43 ----- > CryptoPkg/CryptoPkg.dsc | 1 + > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 15 +- > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 15 +- > CryptoPkg/Library/OpensslLib/rand_pool_noise.h | 29 --- > 7 files changed, 22 insertions(+), 313 deletions(-) >=20 > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c > b/CryptoPkg/Library/OpensslLib/rand_pool.c > index 9e0179b03490..b3ff03b2aa13 100644 > --- a/CryptoPkg/Library/OpensslLib/rand_pool.c > +++ b/CryptoPkg/Library/OpensslLib/rand_pool.c > @@ -11,53 +11,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include >=20 >=20 >=20 > #include >=20 > -#include >=20 > - >=20 > -#include "rand_pool_noise.h" >=20 > - >=20 > -/** >=20 > - Get some randomness from low-order bits of GetPerformanceCounter resul= ts. >=20 > - And combine them to the 64-bit value >=20 > - >=20 > - @param[out] Rand Buffer pointer to store the 64-bit random value. >=20 > - >=20 > - @retval TRUE Random number generated successfully. >=20 > - @retval FALSE Failed to generate. >=20 > -**/ >=20 > -STATIC >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -GetRandNoise64FromPerformanceCounter( >=20 > - OUT UINT64 *Rand >=20 > - ) >=20 > -{ >=20 > - UINT32 Index; >=20 > - UINT32 *RandPtr; >=20 > - >=20 > - if (NULL =3D=3D Rand) { >=20 > - return FALSE; >=20 > - } >=20 > - >=20 > - RandPtr =3D (UINT32 *) Rand; >=20 > - >=20 > - for (Index =3D 0; Index < 2; Index ++) { >=20 > - *RandPtr =3D (UINT32) (GetPerformanceCounter () & 0xFF); >=20 > - MicroSecondDelay (10); >=20 > - RandPtr++; >=20 > - } >=20 > - >=20 > - return TRUE; >=20 > -} >=20 > +#include >=20 >=20 >=20 > /** >=20 > Calls RandomNumber64 to fill >=20 > a buffer of arbitrary size with random bytes. >=20 > + This is a shim layer to RngLib. >=20 >=20 >=20 > @param[in] Length Size of the buffer, in bytes, to fill with= . >=20 > @param[out] RandBuffer Pointer to the buffer to store the random r= esult. >=20 >=20 >=20 > - @retval EFI_SUCCESS Random bytes generation succeeded. >=20 > - @retval EFI_NOT_READY Failed to request random bytes. >=20 > + @retval True Random bytes generation succeeded. >=20 > + @retval False Failed to request random bytes. >=20 >=20 >=20 > **/ >=20 > STATIC >=20 > @@ -73,17 +38,17 @@ RandGetBytes ( >=20 >=20 > Ret =3D FALSE; >=20 >=20 >=20 > + if (RandBuffer =3D=3D NULL) { >=20 > + DEBUG((DEBUG_ERROR, "[OPENSSL_RAND_POOL] NULL RandBuffer. No > random numbers are generated and your system is not secure\n")); >=20 > + ASSERT(FALSE); // Since we can't generate random numbers, we should > assert. Otherwise we will just blow up later. >=20 > + return Ret; >=20 > + } >=20 > + >=20 > + >=20 > while (Length > 0) { >=20 > - // >=20 > - // Get random noise from platform. >=20 > - // If it failed, fallback to PerformanceCounter >=20 > - // If you really care about security, you must override >=20 > - // GetRandomNoise64FromPlatform. >=20 > - // >=20 > - Ret =3D GetRandomNoise64 (&TempRand); >=20 > - if (Ret =3D=3D FALSE) { >=20 > - Ret =3D GetRandNoise64FromPerformanceCounter (&TempRand); >=20 > - } >=20 > + // Use RngLib to get random number >=20 > + Ret =3D GetRandomNumber64(&TempRand); >=20 > + >=20 > if (!Ret) { >=20 > return Ret; >=20 > } >=20 > @@ -100,125 +65,6 @@ RandGetBytes ( > return Ret; >=20 > } >=20 >=20 >=20 > -/** >=20 > - Creates a 128bit random value that is fully forward and backward predi= ction > resistant, >=20 > - suitable for seeding a NIST SP800-90 Compliant. >=20 > - This function takes multiple random numbers from PerformanceCounter to > ensure reseeding >=20 > - and performs AES-CBC-MAC over the data to compute the seed value. >=20 > - >=20 > - @param[out] SeedBuffer Pointer to a 128bit buffer to store the ran= dom > seed. >=20 > - >=20 > - @retval TRUE Random seed generation succeeded. >=20 > - @retval FALSE Failed to request random bytes. >=20 > - >=20 > -**/ >=20 > -STATIC >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -RandGetSeed128 ( >=20 > - OUT UINT8 *SeedBuffer >=20 > - ) >=20 > -{ >=20 > - BOOLEAN Ret; >=20 > - UINT8 RandByte[16]; >=20 > - UINT8 Key[16]; >=20 > - UINT8 Ffv[16]; >=20 > - UINT8 Xored[16]; >=20 > - UINT32 Index; >=20 > - UINT32 Index2; >=20 > - AES_KEY AESKey; >=20 > - >=20 > - // >=20 > - // Chose an arbitrary key and zero the feed_forward_value (FFV) >=20 > - // >=20 > - for (Index =3D 0; Index < 16; Index++) { >=20 > - Key[Index] =3D (UINT8) Index; >=20 > - Ffv[Index] =3D 0; >=20 > - } >=20 > - >=20 > - AES_set_encrypt_key (Key, 16 * 8, &AESKey); >=20 > - >=20 > - // >=20 > - // Perform CBC_MAC over 32 * 128 bit values, with 10us gaps between 12= 8 bit > value >=20 > - // The 10us gaps will ensure multiple reseeds within the system time w= ith a > large >=20 > - // design margin. >=20 > - // >=20 > - for (Index =3D 0; Index < 32; Index++) { >=20 > - MicroSecondDelay (10); >=20 > - Ret =3D RandGetBytes (16, RandByte); >=20 > - if (!Ret) { >=20 > - return Ret; >=20 > - } >=20 > - >=20 > - // >=20 > - // Perform XOR operations on two 128-bit value. >=20 > - // >=20 > - for (Index2 =3D 0; Index2 < 16; Index2++) { >=20 > - Xored[Index2] =3D RandByte[Index2] ^ Ffv[Index2]; >=20 > - } >=20 > - >=20 > - AES_encrypt (Xored, Ffv, &AESKey); >=20 > - } >=20 > - >=20 > - for (Index =3D 0; Index < 16; Index++) { >=20 > - SeedBuffer[Index] =3D Ffv[Index]; >=20 > - } >=20 > - >=20 > - return Ret; >=20 > -} >=20 > - >=20 > -/** >=20 > - Generate high-quality entropy source. >=20 > - >=20 > - @param[in] Length Size of the buffer, in bytes, to fill with. >=20 > - @param[out] Entropy Pointer to the buffer to store the entropy = data. >=20 > - >=20 > - @retval EFI_SUCCESS Entropy generation succeeded. >=20 > - @retval EFI_NOT_READY Failed to request random data. >=20 > - >=20 > -**/ >=20 > -STATIC >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -RandGenerateEntropy ( >=20 > - IN UINTN Length, >=20 > - OUT UINT8 *Entropy >=20 > - ) >=20 > -{ >=20 > - BOOLEAN Ret; >=20 > - UINTN BlockCount; >=20 > - UINT8 Seed[16]; >=20 > - UINT8 *Ptr; >=20 > - >=20 > - BlockCount =3D Length / 16; >=20 > - Ptr =3D (UINT8 *) Entropy; >=20 > - >=20 > - // >=20 > - // Generate high-quality seed for DRBG Entropy >=20 > - // >=20 > - while (BlockCount > 0) { >=20 > - Ret =3D RandGetSeed128 (Seed); >=20 > - if (!Ret) { >=20 > - return Ret; >=20 > - } >=20 > - CopyMem (Ptr, Seed, 16); >=20 > - >=20 > - BlockCount--; >=20 > - Ptr =3D Ptr + 16; >=20 > - } >=20 > - >=20 > - // >=20 > - // Populate the remained data as request. >=20 > - // >=20 > - Ret =3D RandGetSeed128 (Seed); >=20 > - if (!Ret) { >=20 > - return Ret; >=20 > - } >=20 > - CopyMem (Ptr, Seed, (Length % 16)); >=20 > - >=20 > - return Ret; >=20 > -} >=20 > - >=20 > /* >=20 > * Add random bytes to the pool to acquire requested amount of entropy >=20 > * >=20 > @@ -238,7 +84,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) > buffer =3D rand_pool_add_begin(pool, bytes_needed); >=20 >=20 >=20 > if (buffer !=3D NULL) { >=20 > - Ret =3D RandGenerateEntropy(bytes_needed, buffer); >=20 > + Ret =3D RandGetBytes(bytes_needed, buffer); >=20 > if (FALSE =3D=3D Ret) { >=20 > rand_pool_add_end(pool, 0, 0); >=20 > } else { >=20 > @@ -257,13 +103,8 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) > */ >=20 > int rand_pool_add_nonce_data(RAND_POOL *pool) >=20 > { >=20 > - struct { >=20 > - UINT64 Rand; >=20 > - UINT64 TimerValue; >=20 > - } data =3D { 0 }; >=20 > - >=20 > - RandGetBytes(8, (UINT8 *)&(data.Rand)); >=20 > - data.TimerValue =3D GetPerformanceCounter(); >=20 > + UINT8 data[16]; >=20 > + RandGetBytes(sizeof(data), data); >=20 >=20 >=20 > return rand_pool_add(pool, (unsigned char*)&data, sizeof(data), 0); >=20 > } >=20 > @@ -275,13 +116,8 @@ int rand_pool_add_nonce_data(RAND_POOL *pool) > */ >=20 > int rand_pool_add_additional_data(RAND_POOL *pool) >=20 > { >=20 > - struct { >=20 > - UINT64 Rand; >=20 > - UINT64 TimerValue; >=20 > - } data =3D { 0 }; >=20 > - >=20 > - RandGetBytes(8, (UINT8 *)&(data.Rand)); >=20 > - data.TimerValue =3D GetPerformanceCounter(); >=20 > + UINT8 data[16]; >=20 > + RandGetBytes(sizeof(data), data); >=20 >=20 >=20 > return rand_pool_add(pool, (unsigned char*)&data, sizeof(data), 0); >=20 > } >=20 > @@ -313,4 +149,3 @@ void rand_pool_cleanup(void) > void rand_pool_keep_random_devices_open(int keep) >=20 > { >=20 > } >=20 > - >=20 > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool_noise.c > b/CryptoPkg/Library/OpensslLib/rand_pool_noise.c > deleted file mode 100644 > index 212834e27acc..000000000000 > --- a/CryptoPkg/Library/OpensslLib/rand_pool_noise.c > +++ /dev/null > @@ -1,29 +0,0 @@ > -/** @file >=20 > - Provide rand noise source. >=20 > - >=20 > -Copyright (c) 2019, Intel Corporation. All rights reserved.
>=20 > -SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > - >=20 > -**/ >=20 > - >=20 > -#include >=20 > - >=20 > -/** >=20 > - Get 64-bit noise source >=20 > - >=20 > - @param[out] Rand Buffer pointer to store 64-bit noise source >=20 > - >=20 > - @retval FALSE Failed to generate >=20 > -**/ >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -GetRandomNoise64 ( >=20 > - OUT UINT64 *Rand >=20 > - ) >=20 > -{ >=20 > - // >=20 > - // Return FALSE will fallback to use PerformanceCounter to >=20 > - // generate noise. >=20 > - // >=20 > - return FALSE; >=20 > -} >=20 > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > b/CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > deleted file mode 100644 > index 4158106231fd..000000000000 > --- a/CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > +++ /dev/null > @@ -1,43 +0,0 @@ > -/** @file >=20 > - Provide rand noise source. >=20 > - >=20 > -Copyright (c) 2019, Intel Corporation. All rights reserved.
>=20 > -SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > - >=20 > -**/ >=20 > - >=20 > -#include >=20 > -#include >=20 > -#include >=20 > - >=20 > -/** >=20 > - Get 64-bit noise source >=20 > - >=20 > - @param[out] Rand Buffer pointer to store 64-bit noise source >=20 > - >=20 > - @retval TRUE Get randomness successfully. >=20 > - @retval FALSE Failed to generate >=20 > -**/ >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -GetRandomNoise64 ( >=20 > - OUT UINT64 *Rand >=20 > - ) >=20 > -{ >=20 > - UINT32 Index; >=20 > - UINT32 *RandPtr; >=20 > - >=20 > - if (NULL =3D=3D Rand) { >=20 > - return FALSE; >=20 > - } >=20 > - >=20 > - RandPtr =3D (UINT32 *)Rand; >=20 > - >=20 > - for (Index =3D 0; Index < 2; Index ++) { >=20 > - *RandPtr =3D (UINT32) ((AsmReadTsc ()) & 0xFF); >=20 > - RandPtr++; >=20 > - MicroSecondDelay (10); >=20 > - } >=20 > - >=20 > - return TRUE; >=20 > -} >=20 > diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc > index 1af78468a19c..0490eeb7e22f 100644 > --- a/CryptoPkg/CryptoPkg.dsc > +++ b/CryptoPkg/CryptoPkg.dsc > @@ -60,6 +60,7 @@ > BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf >=20 > TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf >=20 > HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf >=20 > + RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf >=20 >=20 >=20 > [LibraryClasses.ARM, LibraryClasses.AARCH64] >=20 > # >=20 > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > index dbbe5386a10c..4baad565564c 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > @@ -571,22 +571,9 @@ > $(OPENSSL_PATH)/ssl/statem/statem_local.h >=20 > # Autogenerated files list ends here >=20 > buildinf.h >=20 > - rand_pool_noise.h >=20 > ossl_store.c >=20 > rand_pool.c >=20 >=20 >=20 > -[Sources.Ia32] >=20 > - rand_pool_noise_tsc.c >=20 > - >=20 > -[Sources.X64] >=20 > - rand_pool_noise_tsc.c >=20 > - >=20 > -[Sources.ARM] >=20 > - rand_pool_noise.c >=20 > - >=20 > -[Sources.AARCH64] >=20 > - rand_pool_noise.c >=20 > - >=20 > [Packages] >=20 > MdePkg/MdePkg.dec >=20 > CryptoPkg/CryptoPkg.dec >=20 > @@ -594,7 +581,7 @@ > [LibraryClasses] >=20 > BaseLib >=20 > DebugLib >=20 > - TimerLib >=20 > + RngLib >=20 > PrintLib >=20 >=20 >=20 > [LibraryClasses.ARM] >=20 > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > index 616ccd9f62d1..3557711bd85a 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > @@ -520,22 +520,9 @@ > $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h >=20 > # Autogenerated files list ends here >=20 > buildinf.h >=20 > - rand_pool_noise.h >=20 > ossl_store.c >=20 > rand_pool.c >=20 >=20 >=20 > -[Sources.Ia32] >=20 > - rand_pool_noise_tsc.c >=20 > - >=20 > -[Sources.X64] >=20 > - rand_pool_noise_tsc.c >=20 > - >=20 > -[Sources.ARM] >=20 > - rand_pool_noise.c >=20 > - >=20 > -[Sources.AARCH64] >=20 > - rand_pool_noise.c >=20 > - >=20 > [Packages] >=20 > MdePkg/MdePkg.dec >=20 > CryptoPkg/CryptoPkg.dec >=20 > @@ -543,7 +530,7 @@ > [LibraryClasses] >=20 > BaseLib >=20 > DebugLib >=20 > - TimerLib >=20 > + RngLib >=20 > PrintLib >=20 >=20 >=20 > [LibraryClasses.ARM] >=20 > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool_noise.h > b/CryptoPkg/Library/OpensslLib/rand_pool_noise.h > deleted file mode 100644 > index 75acc686a9f1..000000000000 > --- a/CryptoPkg/Library/OpensslLib/rand_pool_noise.h > +++ /dev/null > @@ -1,29 +0,0 @@ > -/** @file >=20 > - Provide rand noise source. >=20 > - >=20 > -Copyright (c) 2019, Intel Corporation. All rights reserved.
>=20 > -SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > - >=20 > -**/ >=20 > - >=20 > -#ifndef __RAND_POOL_NOISE_H__ >=20 > -#define __RAND_POOL_NOISE_H__ >=20 > - >=20 > -#include >=20 > - >=20 > -/** >=20 > - Get 64-bit noise source. >=20 > - >=20 > - @param[out] Rand Buffer pointer to store 64-bit noise source >=20 > - >=20 > - @retval TRUE Get randomness successfully. >=20 > - @retval FALSE Failed to generate >=20 > -**/ >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -GetRandomNoise64 ( >=20 > - OUT UINT64 *Rand >=20 > - ); >=20 > - >=20 > - >=20 > -#endif // __RAND_POOL_NOISE_H__ >=20 > -- > 2.27.0.windows.1