Hi and many thanks to all of you, I'm not entirely sure if it's running in a XIP environment, but I think not. Our application executed on UEFI interactive shell and it was put in an USB device(as the FS0 showed in the screenshot). And here's another question as well, because I found that the drbg implementation counld not be fetched in our case, and I discovered that our package did not include "OpensslLibCrypto.inf." Could it be connected to our problem? [image: 430.png] BR, Eddie Wang Li, Yi 於 2024年2月20日 週二 上午9:49寫道: > Hi Eddie, > > > the API in CryptPkg "RandomSeed()"(X64, in CryptRandTsc.c) always > returned false > > Does your code run in a XIP environment? Such like PreMemory stage or > other cases. > The setup of Randlib in OpenSsl 3.0 relies on global variables, so there > may be an error if the global variables are read-only. > > Regards, > Yi > > > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Yao, Jiewen > Sent: Tuesday, February 20, 2024 9:11 AM > To: devel@edk2.groups.io; lersek@redhat.com; eddie wang < > qw1562435@gmail.com> > Subject: Re: [edk2-devel] The API in BaseCryptLib can't seed the > pseudorandom number generator properly > > Thanks Laslo and Eddie. > > I am just back from Chinese New Year vocation, still checking email. > > If you can file a Bugzilla (https://bugzilla.tianocore.org/) with source > code of your app, that would be very helpful for us to investigate this > issue. > > > > -----Original Message----- > > From: devel@edk2.groups.io On Behalf Of Laszlo > > Ersek > > Sent: Tuesday, February 20, 2024 4:18 AM > > To: eddie wang > > Cc: devel@edk2.groups.io > > Subject: Re: [edk2-devel] The API in BaseCryptLib can't seed the > > pseudorandom number generator properly > > > > On 2/17/24 10:17, eddie wang wrote: > > > Hi Laszlo, > > > After digging dipper, we found that the *EVP_RAND_fetch *in > > > "rand_new_seed" and "rand_new_drbg" both got NULL in our case. It's > > > meant the DRBG implementation could not be fetched. We also compared > > > it to the case on Linux, and they could both fetched DRBG > > > implementation correctly. Is it possible that the opensslLib 3.0.9 > > > caused any compatibility issues with edk2? Or has anyone else > > > encountered the same problem with these openssl services? > > > > Sorry, I can't say. > > > > If you have a small reproducer UEFI application that works fine when > > built with edk2-stable202305, but does not work when built against > > either edk2-stable202308 or current master, then filing a TianoCore BZ > > (regression) seems justified. (AFAICT it was edk2-stable202308 that > > incorporated the OpenSSL 3.0.9 upgrade, from 1.1.1u.) Attaching the > > source code of the small repro application to the ticket would likely > > be helpful. > > > > Laszlo > > > > > Laszlo Ersek > 於 > > > 2024年2月 > > > 15日 週四 下午7:48寫道: > > > > > > On 2/15/24 12:09, eddie wang wrote: > > > > Hi Laszlo, > > > > Thanks for your reply. How can I enable the DEBUGs at > RandomSeed() > > > ? Or > > > > any suggesting information that I can provide? > > > > > > Sorry, upon a closer look, I see you had already narrowed it down > to > > > RAND_seed() and RAND_status(), which are direct OpenSSL APIs. So my > > > suggestion would amount to adding DEBUGs to OpenSSL, such as to > > > RAND_seed() in > > > "CryptoPkg/Library/OpensslLib/openssl/crypto/rand/rand_lib.c". > > > > > > But, I think you may be able to do just that. > > > "CryptoPkg/Library/Include/CrtLibSupport.h" already includes > > > , and DebugLib is listed under [LibraryClasses] in each > > > instance of OpensslLib. So if you modify your > > > "CryptoPkg/Library/OpensslLib/openssl" submodule directory tree > locally, > > > with the following patch: > > > > > > | diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c > > > | index 0fcf4fe3bc1e..e5f105268f52 100644 > > > | --- a/crypto/rand/rand_lib.c > > > | +++ b/crypto/rand/rand_lib.c > > > | @@ -257,6 +257,8 @@ void RAND_seed(const void *buf, int num) > > > | drbg = RAND_get0_primary(NULL); > > > | if (drbg != NULL && num > 0) > > > | EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num); > > > | + > > > | + DEBUG ((DEBUG_INFO, "%a: hello\n", __func__)); > > > | } > > > | > > > | void RAND_add(const void *buf, int num, double randomness) > > > > > > then you should get usable debug messages -- at least it builds > for me. > > > > > > Inserting DEBUGs like this (over multiple rounds of testing / > narrowing) > > > should lead you to the exact location that is responsible for the > > > initialization failure. > > > > > > You mention you have encountered the problem with a UEFI > application. > > > That is relevant for choosing your DebugLib instance. If you > already > > > have a function DebugLib instance for your platform (logging to the > > > serial port, for example), then just use that. > > > > > > Otherwise, consider building your UEFI application with a module > scope > > > override in the DSC file, one that resolves DebugLib to > > > > > > MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf > > > > > > or > > > > > > MdePkg/Library/UefiDebugLibStdErr/UefiDebugLibStdErr.inf > > > > > > These will send DEBUG messages to the UEFI console or standard > error > > > devices, respectively. > > > > > > hth > > > Laszlo > > > > > > > Laszlo Ersek > > > >> 於 2024年2月 > > > > 8日 週四 上午5:03寫道: > > > > > > > > On 2/6/24 08:00, eddie wang wrote: > > > > > Hi all, > > > > > We had an UEFI application that used the EDK2(2023/12/05), > > > and we > > > > would > > > > > like to take advantage of the services in BaseCryptLib > .However, > > > > the API > > > > > in CryptPkg "*RandomSeed()*"(X64, in CryptRandTsc.c) always > > > returned > > > > > false because of the pseudorandom number generator set up > > > failed. > > > > I am > > > > > not sure this issue is from the *openssl configuration in > > > > OpensslLib(we > > > > > use the default configuration)* or is from the *openssl > 3.0.9*. > > > > > > > > > > Is there any comments about this issue? > > > > > > > > Can you narrow it down by inserting DEBUGs starting at > > > RandomSeed() > > > > [CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c], and > then > > > digging > > > > down as necessary? > > > > > > > > Laszlo > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116156): https://edk2.groups.io/g/devel/message/116156 Mute This Topic: https://groups.io/mt/104198931/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-