From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web11.12141.1597331425502657935 for ; Thu, 13 Aug 2020 08:10:25 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=CqSioXMO; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: jiewen.yao@intel.com) IronPort-SDR: EgThuSca3ZITZGmU8yjWPGKq9oWlqNDNCL4hAHkmUqNhw/n0S4wGmx44Ykhc6XXMBCM1aji8QC ABgUNgGrwU9g== X-IronPort-AV: E=McAfee;i="6000,8403,9712"; a="133761738" X-IronPort-AV: E=Sophos;i="5.76,308,1592895600"; d="scan'208";a="133761738" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Aug 2020 08:10:22 -0700 IronPort-SDR: /diz2Wa/KvOSm9nXxs9lcTFWv3WK3/nDSoRFAxRvvM1Dha1G/j0V7pAIZMTWTfA+JW5dOoguO4 YnZXKnvEV8kw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,308,1592895600"; d="scan'208";a="325440754" Received: from fmsmsx601-2.cps.intel.com (HELO fmsmsx601.amr.corp.intel.com) ([10.18.84.211]) by orsmga008.jf.intel.com with ESMTP; 13 Aug 2020 08:10:21 -0700 Received: from fmsmsx601.amr.corp.intel.com (10.18.126.81) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Thu, 13 Aug 2020 08:10:20 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Thu, 13 Aug 2020 08:10:20 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.176) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Thu, 13 Aug 2020 08:10:18 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OqtKJ95VV6g77YkP/vs9lJMJ+uvTD/3L9RZ7pj8MVWTLrIx3YyQQI8UlaVChad051fjYtnQXT2X9bb9JBo7VnYXazj1g5XWsXtEPXkpFyQKXrjpoTyi3PR4e1MrFoiaUNJWI8mmCTK3L8+pKe7NV14CUcMbosLW7/fHZkAeMJR9idqP1kacexEWlpIDnU6d8H1VFQUO4ZeVJwlFEkOmf+hVZUhE7vFkFIJRULesY9UnPq+IkPUdvJg1RTJAZPNbiYl2sG3tw7q91BH3FgeAqElZ05JY3h+3/Cj3XoIdToCaam/H+EbY1XxsuctpohC1/h/vz7ai7o7bBbPWAAM4TAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=skeAsowE0E6gSDVHLYvhzLuLymw39GXU9rfH5PQFXsk=; b=i0Ty3zvs4mM9vcuM2km9zsVPMoWyNaXw/7u8ZDKtAaxE3T8u19ErbnN5w/QviZIsc3DFH65uXO7GznRBzEcvFKDqfs/tnV24/38eHtu87QAL8FUpwCNCJszMXcCvALp9e1sUOXfGVHWmH+Yls8jW9W3wXOeAVQJeaTCJOqxG8BnwGRi6p2VNGcJmHsUdwgFic18xH4/J+1urr96er4iVIFA0cnaViFeT2L8t01rOrTke0GWx1L4ZDP5/D9Wa2mykH8UhYf4VHlKmrJ+2ild8IRwfs1Zpezqc6uB9zPZf1E+z16g4DgLn6KMnodFHXfOx09To+9FSKXwCA52mz/xDuA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=skeAsowE0E6gSDVHLYvhzLuLymw39GXU9rfH5PQFXsk=; b=CqSioXMOeXyeamwLaJa3CLteEJmOdOZ/iKZ9Hr8fGbj1uzAN2V3IO4fStVc8dz88Xvia/mxYFkA5a7MNLAt89xzxzki1YPtYL0RiyTuLIIHAFpNxm/cikINBKqRnXaPJbbkN9hnBwHCGODqgVarj+IZANXncCltfxePBpMePBdo= Received: from CY4PR11MB1288.namprd11.prod.outlook.com (2603:10b6:903:23::8) by CY4PR11MB0007.namprd11.prod.outlook.com (2603:10b6:910:79::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.20; Thu, 13 Aug 2020 15:10:16 +0000 Received: from CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::163:9209:a92d:812]) by CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::163:9209:a92d:812%6]) with mapi id 15.20.3283.018; Thu, 13 Aug 2020 15:10:16 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "Yao, Jiewen" , "matthewfcarlson@gmail.com" CC: "Wang, Jian J" , "Lu, XiaoyuX" Subject: Re: [edk2-devel] [PATCH v3 1/3] CryptoPkg: OpensslLib: Use RngLib to generate entropy in rand_pool Thread-Topic: [edk2-devel] [PATCH v3 1/3] CryptoPkg: OpensslLib: Use RngLib to generate entropy in rand_pool Thread-Index: AQHWZ3kC7dwdaE0ZDE+rL1AOazqpBakiYOKwgBPQNACAAAXcMA== Date: Thu, 13 Aug 2020 15:10:16 +0000 Message-ID: References: <20200731202712.1759-1-matthewfcarlson@gmail.com> <20200731202712.1759-2-matthewfcarlson@gmail.com> <1626FD395A4E4B04.26980@groups.io> <162ADB0D165E4BBB.11996@groups.io> In-Reply-To: <162ADB0D165E4BBB.11996@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiM2E0ZWNjMWMtNDJiNi00OGIwLWEwOTItMjNmMjA0NzkyZjUyIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiUzFUNVR2V0dUZXJTeFlGcGt3T3JMSG1ScHphS2FHVlNGOStuMENLVFwvTGVONEhkd3JqUHFtNGUrNytMT2NhSnIifQ== x-ctpclassification: CTP_NT dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.198] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f6798e36-2497-4dad-320f-08d83f9afc72 x-ms-traffictypediagnostic: CY4PR11MB0007: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5516; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: azij87EmBbb1tm/s2HoVtJIDSnT9w4p0kwfhMccrOAtfZnydhIlMubOzRIeZpsw5XdPW1z/S6wJen+dkH8QuqHqRySWSEDtkw4gt2nlwxucXk1kZES5R+VHmjWD3bVPk8oT/KMHaHzUWBxqpa/zdcOZBer0eVM/jKR4KKh+FrAHa5YUKGMQ67o/KwQ8DZJJQ+29Qyi1ZFgeqbTVa5/sgPTF65CI4pJT+PPQxWsfV/gEwGxKn2oiH65D7VB7LSddY1QxtXpVU2RYUzYSP0ozUVr84JSDbO1K7WEytan6Bz++Lwmf4kVEArTcO3Ajl7GCrPgT4+bDPbOMdoslZ8KoQIIkmscEPidtOQ9KnfHUan2w6E0N81AyZ3E0Kbc2J+D2NCxNp0+W25uCGvMcZ5PDn/w== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR11MB1288.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(39860400002)(346002)(376002)(136003)(396003)(66446008)(107886003)(76116006)(30864003)(86362001)(64756008)(316002)(66946007)(54906003)(66476007)(66556008)(7696005)(110136005)(52536014)(2906002)(5660300002)(8676002)(26005)(186003)(19627235002)(33656002)(6506007)(53546011)(8936002)(71200400001)(966005)(83380400001)(478600001)(55016002)(4326008)(9686003)(579004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: g1i4mee0k/qXEO98z1ygcKQumHFCW8v7p/wDxbvHV1FpsE5j/UgrFeVp+TLlVAUyggnOFeYSSh9ieu3JyYcylKcN+ygDTMtFO5SlNabLkfG0SWycSNab6/W5kNdFyDftcrMNpvQlRwkfm2SpG7jgiI2eCDjPSryfuwOCYopO4JFU656bLIwC5Gfst8xm6QevgZpYqswpow4BPuYSiH0JDCnh8P8PeA43g3WTG/4aegKCey6KRvHlx7mcqPuwtha33nl2u4KcUfI0I7I5/zo2oJlJzNIhRNX+z3/2qWBIBkoBFIZLJToEitkaX335yf//xbME4NfDyYHQmCeLaZQS+wO6p+b3HOHOS7cHjNdjou2l3Dvin/EridXP+wL3jpiThYgVp6zWL8taicPoNRIvMCd6c1O0byAVaEvwOMHhoqZYzsaONmD3pnNq0QomnRTDwvgpvPCiE5DPDBDXqij1hlQX/vLyw4B6dZE8ZmwhjADVJ3Ba/GC9oXmgWnZn91acaFYAwaL86xDRDVgMNkILaEW7p5WztijEGrwEfnCs1PHB1RGS983RDQkdvjkeH9y0wnXW7ExZ97FxuaRt1435oAstqjxJMDtmCQSAiubHfCXftIMAt/YgM2hFYOG4cjs2DV5Yh++jJ3eUZNW9QjxWPw== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1288.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f6798e36-2497-4dad-320f-08d83f9afc72 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Aug 2020 15:10:16.4011 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: m6vS3GNAIpCBLKZiMgj/WQxwsoIsyLzTJqMYd8H7HcWnvJH/J7YT4inWog/pXpjAPqEc+1puRZEhrOZqPinZnw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB0007 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable OK. I just see you describe that in v6 0/5 (not in v6 3/5 or Bugzilla 1871)= . However, 0/5 will not be committed and information might be lost. Would you please add your response in https://bugzilla.tianocore.org/show_= bug.cgi?id=3D1871 ? > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Yao, Jiew= en > Sent: Thursday, August 13, 2020 10:44 PM > To: devel@edk2.groups.io; Yao, Jiewen ; > matthewfcarlson@gmail.com > Cc: Wang, Jian J ; Lu, XiaoyuX > Subject: Re: [edk2-devel] [PATCH v3 1/3] CryptoPkg: OpensslLib: Use RngL= ib to > generate entropy in rand_pool >=20 > Hi Matthew Carlson > Do you have any thought on the feedback below? >=20 > Do you make any update in your patch V6? >=20 >=20 >=20 > > -----Original Message----- > > From: devel@edk2.groups.io On Behalf Of Yao, > Jiewen > > Sent: Saturday, August 1, 2020 8:26 AM > > To: matthewfcarlson@gmail.com; devel@edk2.groups.io > > Cc: Wang, Jian J ; Lu, XiaoyuX > > Subject: Re: [edk2-devel] [PATCH v3 1/3] CryptoPkg: OpensslLib: Use Rn= gLib to > > generate entropy in rand_pool > > > > Hi > > I have read https://bugzilla.tianocore.org/show_bug.cgi?id=3D1871 > > I would like to give R-B, because the code matches what described in B= ugzilla. > > > > Before that, I would like double confirm on the randomness requirement= . > > According to > > https://software.intel.com/content/www/us/en/develop/blogs/the- > difference- > > between-rdrand-and-rdseed.html, the RDSEED is a "Non-deterministic ran= dom > > bit generator", while RDRAND is a "Cryptographically secure pseudorand= om > > number generator" > > > > Before this patch: > > rand_pool_acquire_entropy()-> RandGetSeed128()- > > >MicroSecondDelay()+RandGetBytes()->GetRandomNoise64()- > > >AsmReadTsc()+MicroSecondDelay(). > > rand_pool_add_nonce_data()->GetPerformanceCounter()+RandGetBytes() > > It seems return TSC and TimerCounter. > > > > After this patch: > > rand_pool_acquire_entropy()->RandGetBytes()->GetRandomNumber64()- > > >AsmRdRand64(). > > rand_pool_add_nonce_data()->RandGetBytes() > > It becomes pseudorandom. > > > > So the meaning of the function seems changed. > > I have not checked the randomness requirement for those two functions = yet. > > But could anyone confirm that a pseudorandom value returned is OK? > > > > Or should we use RDSEED for non-deterministic value? > > > > Thank you > > Yao Jiewen > > > > > > > -----Original Message----- > > > From: matthewfcarlson@gmail.com > > > Sent: Saturday, August 1, 2020 4:27 AM > > > To: devel@edk2.groups.io > > > Cc: Yao, Jiewen ; Wang, Jian J > > ; > > > Lu, XiaoyuX ; Matthew Carlson > > > > > > Subject: [PATCH v3 1/3] CryptoPkg: OpensslLib: Use RngLib to generat= e > > entropy > > > in rand_pool > > > > > > From: Matthew Carlson > > > > > > Changes OpenSSL to no longer depend on TimerLib and instead use RngL= ib. > > > This allows platforms to decide for themsevles what sort of entropy = source > > > they provide to OpenSSL and TlsLib. > > > > > > Cc: Jiewen Yao > > > Cc: Jian J Wang > > > Cc: Xiaoyu Lu > > > Signed-off-by: Matthew Carlson > > > --- > > > CryptoPkg/Library/OpensslLib/rand_pool.c | 203 ++--------= ---------- > > > CryptoPkg/Library/OpensslLib/rand_pool_noise.c | 29 --- > > > CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c | 43 ----- > > > CryptoPkg/CryptoPkg.dsc | 1 + > > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 15 +- > > > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 15 +- > > > CryptoPkg/Library/OpensslLib/rand_pool_noise.h | 29 --- > > > 7 files changed, 22 insertions(+), 313 deletions(-) > > > > > > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c > > > b/CryptoPkg/Library/OpensslLib/rand_pool.c > > > index 9e0179b03490..b3ff03b2aa13 100644 > > > --- a/CryptoPkg/Library/OpensslLib/rand_pool.c > > > +++ b/CryptoPkg/Library/OpensslLib/rand_pool.c > > > @@ -11,53 +11,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > #include > > > > > > > > > > > > #include > > > > > > -#include > > > > > > - > > > > > > -#include "rand_pool_noise.h" > > > > > > - > > > > > > -/** > > > > > > - Get some randomness from low-order bits of GetPerformanceCounter > > results. > > > > > > - And combine them to the 64-bit value > > > > > > - > > > > > > - @param[out] Rand Buffer pointer to store the 64-bit random val= ue. > > > > > > - > > > > > > - @retval TRUE Random number generated successfully. > > > > > > - @retval FALSE Failed to generate. > > > > > > -**/ > > > > > > -STATIC > > > > > > -BOOLEAN > > > > > > -EFIAPI > > > > > > -GetRandNoise64FromPerformanceCounter( > > > > > > - OUT UINT64 *Rand > > > > > > - ) > > > > > > -{ > > > > > > - UINT32 Index; > > > > > > - UINT32 *RandPtr; > > > > > > - > > > > > > - if (NULL =3D=3D Rand) { > > > > > > - return FALSE; > > > > > > - } > > > > > > - > > > > > > - RandPtr =3D (UINT32 *) Rand; > > > > > > - > > > > > > - for (Index =3D 0; Index < 2; Index ++) { > > > > > > - *RandPtr =3D (UINT32) (GetPerformanceCounter () & 0xFF); > > > > > > - MicroSecondDelay (10); > > > > > > - RandPtr++; > > > > > > - } > > > > > > - > > > > > > - return TRUE; > > > > > > -} > > > > > > +#include > > > > > > > > > > > > /** > > > > > > Calls RandomNumber64 to fill > > > > > > a buffer of arbitrary size with random bytes. > > > > > > + This is a shim layer to RngLib. > > > > > > > > > > > > @param[in] Length Size of the buffer, in bytes, to fill= with. > > > > > > @param[out] RandBuffer Pointer to the buffer to store the ran= dom > result. > > > > > > > > > > > > - @retval EFI_SUCCESS Random bytes generation succeeded. > > > > > > - @retval EFI_NOT_READY Failed to request random bytes. > > > > > > + @retval True Random bytes generation succeeded. > > > > > > + @retval False Failed to request random bytes. > > > > > > > > > > > > **/ > > > > > > STATIC > > > > > > @@ -73,17 +38,17 @@ RandGetBytes ( > > > > > > > > > Ret =3D FALSE; > > > > > > > > > > > > + if (RandBuffer =3D=3D NULL) { > > > > > > + DEBUG((DEBUG_ERROR, "[OPENSSL_RAND_POOL] NULL RandBuffer. No > > > random numbers are generated and your system is not secure\n")); > > > > > > + ASSERT(FALSE); // Since we can't generate random numbers, we sh= ould > > > assert. Otherwise we will just blow up later. > > > > > > + return Ret; > > > > > > + } > > > > > > + > > > > > > + > > > > > > while (Length > 0) { > > > > > > - // > > > > > > - // Get random noise from platform. > > > > > > - // If it failed, fallback to PerformanceCounter > > > > > > - // If you really care about security, you must override > > > > > > - // GetRandomNoise64FromPlatform. > > > > > > - // > > > > > > - Ret =3D GetRandomNoise64 (&TempRand); > > > > > > - if (Ret =3D=3D FALSE) { > > > > > > - Ret =3D GetRandNoise64FromPerformanceCounter (&TempRand); > > > > > > - } > > > > > > + // Use RngLib to get random number > > > > > > + Ret =3D GetRandomNumber64(&TempRand); > > > > > > + > > > > > > if (!Ret) { > > > > > > return Ret; > > > > > > } > > > > > > @@ -100,125 +65,6 @@ RandGetBytes ( > > > return Ret; > > > > > > } > > > > > > > > > > > > -/** > > > > > > - Creates a 128bit random value that is fully forward and backward > prediction > > > resistant, > > > > > > - suitable for seeding a NIST SP800-90 Compliant. > > > > > > - This function takes multiple random numbers from PerformanceCount= er to > > > ensure reseeding > > > > > > - and performs AES-CBC-MAC over the data to compute the seed value. > > > > > > - > > > > > > - @param[out] SeedBuffer Pointer to a 128bit buffer to store th= e random > > > seed. > > > > > > - > > > > > > - @retval TRUE Random seed generation succeeded. > > > > > > - @retval FALSE Failed to request random bytes. > > > > > > - > > > > > > -**/ > > > > > > -STATIC > > > > > > -BOOLEAN > > > > > > -EFIAPI > > > > > > -RandGetSeed128 ( > > > > > > - OUT UINT8 *SeedBuffer > > > > > > - ) > > > > > > -{ > > > > > > - BOOLEAN Ret; > > > > > > - UINT8 RandByte[16]; > > > > > > - UINT8 Key[16]; > > > > > > - UINT8 Ffv[16]; > > > > > > - UINT8 Xored[16]; > > > > > > - UINT32 Index; > > > > > > - UINT32 Index2; > > > > > > - AES_KEY AESKey; > > > > > > - > > > > > > - // > > > > > > - // Chose an arbitrary key and zero the feed_forward_value (FFV) > > > > > > - // > > > > > > - for (Index =3D 0; Index < 16; Index++) { > > > > > > - Key[Index] =3D (UINT8) Index; > > > > > > - Ffv[Index] =3D 0; > > > > > > - } > > > > > > - > > > > > > - AES_set_encrypt_key (Key, 16 * 8, &AESKey); > > > > > > - > > > > > > - // > > > > > > - // Perform CBC_MAC over 32 * 128 bit values, with 10us gaps betwe= en 128 > > bit > > > value > > > > > > - // The 10us gaps will ensure multiple reseeds within the system t= ime with a > > > large > > > > > > - // design margin. > > > > > > - // > > > > > > - for (Index =3D 0; Index < 32; Index++) { > > > > > > - MicroSecondDelay (10); > > > > > > - Ret =3D RandGetBytes (16, RandByte); > > > > > > - if (!Ret) { > > > > > > - return Ret; > > > > > > - } > > > > > > - > > > > > > - // > > > > > > - // Perform XOR operations on two 128-bit value. > > > > > > - // > > > > > > - for (Index2 =3D 0; Index2 < 16; Index2++) { > > > > > > - Xored[Index2] =3D RandByte[Index2] ^ Ffv[Index2]; > > > > > > - } > > > > > > - > > > > > > - AES_encrypt (Xored, Ffv, &AESKey); > > > > > > - } > > > > > > - > > > > > > - for (Index =3D 0; Index < 16; Index++) { > > > > > > - SeedBuffer[Index] =3D Ffv[Index]; > > > > > > - } > > > > > > - > > > > > > - return Ret; > > > > > > -} > > > > > > - > > > > > > -/** > > > > > > - Generate high-quality entropy source. > > > > > > - > > > > > > - @param[in] Length Size of the buffer, in bytes, to fill = with. > > > > > > - @param[out] Entropy Pointer to the buffer to store the ent= ropy data. > > > > > > - > > > > > > - @retval EFI_SUCCESS Entropy generation succeeded. > > > > > > - @retval EFI_NOT_READY Failed to request random data. > > > > > > - > > > > > > -**/ > > > > > > -STATIC > > > > > > -BOOLEAN > > > > > > -EFIAPI > > > > > > -RandGenerateEntropy ( > > > > > > - IN UINTN Length, > > > > > > - OUT UINT8 *Entropy > > > > > > - ) > > > > > > -{ > > > > > > - BOOLEAN Ret; > > > > > > - UINTN BlockCount; > > > > > > - UINT8 Seed[16]; > > > > > > - UINT8 *Ptr; > > > > > > - > > > > > > - BlockCount =3D Length / 16; > > > > > > - Ptr =3D (UINT8 *) Entropy; > > > > > > - > > > > > > - // > > > > > > - // Generate high-quality seed for DRBG Entropy > > > > > > - // > > > > > > - while (BlockCount > 0) { > > > > > > - Ret =3D RandGetSeed128 (Seed); > > > > > > - if (!Ret) { > > > > > > - return Ret; > > > > > > - } > > > > > > - CopyMem (Ptr, Seed, 16); > > > > > > - > > > > > > - BlockCount--; > > > > > > - Ptr =3D Ptr + 16; > > > > > > - } > > > > > > - > > > > > > - // > > > > > > - // Populate the remained data as request. > > > > > > - // > > > > > > - Ret =3D RandGetSeed128 (Seed); > > > > > > - if (!Ret) { > > > > > > - return Ret; > > > > > > - } > > > > > > - CopyMem (Ptr, Seed, (Length % 16)); > > > > > > - > > > > > > - return Ret; > > > > > > -} > > > > > > - > > > > > > /* > > > > > > * Add random bytes to the pool to acquire requested amount of entr= opy > > > > > > * > > > > > > @@ -238,7 +84,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) > > > buffer =3D rand_pool_add_begin(pool, bytes_needed); > > > > > > > > > > > > if (buffer !=3D NULL) { > > > > > > - Ret =3D RandGenerateEntropy(bytes_needed, buffer); > > > > > > + Ret =3D RandGetBytes(bytes_needed, buffer); > > > > > > if (FALSE =3D=3D Ret) { > > > > > > rand_pool_add_end(pool, 0, 0); > > > > > > } else { > > > > > > @@ -257,13 +103,8 @@ size_t rand_pool_acquire_entropy(RAND_POOL > > *pool) > > > */ > > > > > > int rand_pool_add_nonce_data(RAND_POOL *pool) > > > > > > { > > > > > > - struct { > > > > > > - UINT64 Rand; > > > > > > - UINT64 TimerValue; > > > > > > - } data =3D { 0 }; > > > > > > - > > > > > > - RandGetBytes(8, (UINT8 *)&(data.Rand)); > > > > > > - data.TimerValue =3D GetPerformanceCounter(); > > > > > > + UINT8 data[16]; > > > > > > + RandGetBytes(sizeof(data), data); > > > > > > > > > > > > return rand_pool_add(pool, (unsigned char*)&data, sizeof(data), 0= ); > > > > > > } > > > > > > @@ -275,13 +116,8 @@ int rand_pool_add_nonce_data(RAND_POOL *pool) > > > */ > > > > > > int rand_pool_add_additional_data(RAND_POOL *pool) > > > > > > { > > > > > > - struct { > > > > > > - UINT64 Rand; > > > > > > - UINT64 TimerValue; > > > > > > - } data =3D { 0 }; > > > > > > - > > > > > > - RandGetBytes(8, (UINT8 *)&(data.Rand)); > > > > > > - data.TimerValue =3D GetPerformanceCounter(); > > > > > > + UINT8 data[16]; > > > > > > + RandGetBytes(sizeof(data), data); > > > > > > > > > > > > return rand_pool_add(pool, (unsigned char*)&data, sizeof(data), 0= ); > > > > > > } > > > > > > @@ -313,4 +149,3 @@ void rand_pool_cleanup(void) > > > void rand_pool_keep_random_devices_open(int keep) > > > > > > { > > > > > > } > > > > > > - > > > > > > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool_noise.c > > > b/CryptoPkg/Library/OpensslLib/rand_pool_noise.c > > > deleted file mode 100644 > > > index 212834e27acc..000000000000 > > > --- a/CryptoPkg/Library/OpensslLib/rand_pool_noise.c > > > +++ /dev/null > > > @@ -1,29 +0,0 @@ > > > -/** @file > > > > > > - Provide rand noise source. > > > > > > - > > > > > > -Copyright (c) 2019, Intel Corporation. All rights reserved.
> > > > > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > > > > > - > > > > > > -**/ > > > > > > - > > > > > > -#include > > > > > > - > > > > > > -/** > > > > > > - Get 64-bit noise source > > > > > > - > > > > > > - @param[out] Rand Buffer pointer to store 64-bit noise sou= rce > > > > > > - > > > > > > - @retval FALSE Failed to generate > > > > > > -**/ > > > > > > -BOOLEAN > > > > > > -EFIAPI > > > > > > -GetRandomNoise64 ( > > > > > > - OUT UINT64 *Rand > > > > > > - ) > > > > > > -{ > > > > > > - // > > > > > > - // Return FALSE will fallback to use PerformanceCounter to > > > > > > - // generate noise. > > > > > > - // > > > > > > - return FALSE; > > > > > > -} > > > > > > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > > > b/CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > > > deleted file mode 100644 > > > index 4158106231fd..000000000000 > > > --- a/CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > > > +++ /dev/null > > > @@ -1,43 +0,0 @@ > > > -/** @file > > > > > > - Provide rand noise source. > > > > > > - > > > > > > -Copyright (c) 2019, Intel Corporation. All rights reserved.
> > > > > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > > > > > - > > > > > > -**/ > > > > > > - > > > > > > -#include > > > > > > -#include > > > > > > -#include > > > > > > - > > > > > > -/** > > > > > > - Get 64-bit noise source > > > > > > - > > > > > > - @param[out] Rand Buffer pointer to store 64-bit noise sou= rce > > > > > > - > > > > > > - @retval TRUE Get randomness successfully. > > > > > > - @retval FALSE Failed to generate > > > > > > -**/ > > > > > > -BOOLEAN > > > > > > -EFIAPI > > > > > > -GetRandomNoise64 ( > > > > > > - OUT UINT64 *Rand > > > > > > - ) > > > > > > -{ > > > > > > - UINT32 Index; > > > > > > - UINT32 *RandPtr; > > > > > > - > > > > > > - if (NULL =3D=3D Rand) { > > > > > > - return FALSE; > > > > > > - } > > > > > > - > > > > > > - RandPtr =3D (UINT32 *)Rand; > > > > > > - > > > > > > - for (Index =3D 0; Index < 2; Index ++) { > > > > > > - *RandPtr =3D (UINT32) ((AsmReadTsc ()) & 0xFF); > > > > > > - RandPtr++; > > > > > > - MicroSecondDelay (10); > > > > > > - } > > > > > > - > > > > > > - return TRUE; > > > > > > -} > > > > > > diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc > > > index 1af78468a19c..0490eeb7e22f 100644 > > > --- a/CryptoPkg/CryptoPkg.dsc > > > +++ b/CryptoPkg/CryptoPkg.dsc > > > @@ -60,6 +60,7 @@ > > > BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.= inf > > > > > > TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf > > > > > > HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf > > > > > > + RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf > > > > > > > > > > > > [LibraryClasses.ARM, LibraryClasses.AARCH64] > > > > > > # > > > > > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > > index dbbe5386a10c..4baad565564c 100644 > > > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > > @@ -571,22 +571,9 @@ > > > $(OPENSSL_PATH)/ssl/statem/statem_local.h > > > > > > # Autogenerated files list ends here > > > > > > buildinf.h > > > > > > - rand_pool_noise.h > > > > > > ossl_store.c > > > > > > rand_pool.c > > > > > > > > > > > > -[Sources.Ia32] > > > > > > - rand_pool_noise_tsc.c > > > > > > - > > > > > > -[Sources.X64] > > > > > > - rand_pool_noise_tsc.c > > > > > > - > > > > > > -[Sources.ARM] > > > > > > - rand_pool_noise.c > > > > > > - > > > > > > -[Sources.AARCH64] > > > > > > - rand_pool_noise.c > > > > > > - > > > > > > [Packages] > > > > > > MdePkg/MdePkg.dec > > > > > > CryptoPkg/CryptoPkg.dec > > > > > > @@ -594,7 +581,7 @@ > > > [LibraryClasses] > > > > > > BaseLib > > > > > > DebugLib > > > > > > - TimerLib > > > > > > + RngLib > > > > > > PrintLib > > > > > > > > > > > > [LibraryClasses.ARM] > > > > > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > > index 616ccd9f62d1..3557711bd85a 100644 > > > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > > @@ -520,22 +520,9 @@ > > > $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h > > > > > > # Autogenerated files list ends here > > > > > > buildinf.h > > > > > > - rand_pool_noise.h > > > > > > ossl_store.c > > > > > > rand_pool.c > > > > > > > > > > > > -[Sources.Ia32] > > > > > > - rand_pool_noise_tsc.c > > > > > > - > > > > > > -[Sources.X64] > > > > > > - rand_pool_noise_tsc.c > > > > > > - > > > > > > -[Sources.ARM] > > > > > > - rand_pool_noise.c > > > > > > - > > > > > > -[Sources.AARCH64] > > > > > > - rand_pool_noise.c > > > > > > - > > > > > > [Packages] > > > > > > MdePkg/MdePkg.dec > > > > > > CryptoPkg/CryptoPkg.dec > > > > > > @@ -543,7 +530,7 @@ > > > [LibraryClasses] > > > > > > BaseLib > > > > > > DebugLib > > > > > > - TimerLib > > > > > > + RngLib > > > > > > PrintLib > > > > > > > > > > > > [LibraryClasses.ARM] > > > > > > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool_noise.h > > > b/CryptoPkg/Library/OpensslLib/rand_pool_noise.h > > > deleted file mode 100644 > > > index 75acc686a9f1..000000000000 > > > --- a/CryptoPkg/Library/OpensslLib/rand_pool_noise.h > > > +++ /dev/null > > > @@ -1,29 +0,0 @@ > > > -/** @file > > > > > > - Provide rand noise source. > > > > > > - > > > > > > -Copyright (c) 2019, Intel Corporation. All rights reserved.
> > > > > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > > > > > - > > > > > > -**/ > > > > > > - > > > > > > -#ifndef __RAND_POOL_NOISE_H__ > > > > > > -#define __RAND_POOL_NOISE_H__ > > > > > > - > > > > > > -#include > > > > > > - > > > > > > -/** > > > > > > - Get 64-bit noise source. > > > > > > - > > > > > > - @param[out] Rand Buffer pointer to store 64-bit noise so= urce > > > > > > - > > > > > > - @retval TRUE Get randomness successfully. > > > > > > - @retval FALSE Failed to generate > > > > > > -**/ > > > > > > -BOOLEAN > > > > > > -EFIAPI > > > > > > -GetRandomNoise64 ( > > > > > > - OUT UINT64 *Rand > > > > > > - ); > > > > > > - > > > > > > - > > > > > > -#endif // __RAND_POOL_NOISE_H__ > > > > > > -- > > > 2.27.0.windows.1 > > > > > > >=20 >=20 >=20