From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web11.11527.1597329866751371915 for ; Thu, 13 Aug 2020 07:44:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=WyPGpjWf; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: jiewen.yao@intel.com) IronPort-SDR: Vu25JkTvhuj7hJ87BOgTT2pDJ2tiD5ErH8JA3RYv0+P/BeHhrG49fg6KvJYAh+etuOBg2x8fyR rkiq7ndD1oBQ== X-IronPort-AV: E=McAfee;i="6000,8403,9712"; a="134283572" X-IronPort-AV: E=Sophos;i="5.76,308,1592895600"; d="scan'208";a="134283572" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Aug 2020 07:44:17 -0700 IronPort-SDR: kYgAiAtzGU9ap0laZtGFUJWN0BEYmVjhHnm3KGdnAmEixrcvPa6GeUbXVsVUHXjAdMS2YJNFGi SocxnSBOXEqA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,308,1592895600"; d="scan'208";a="495412815" Received: from orsmsx603-2.jf.intel.com (HELO ORSMSX603.amr.corp.intel.com) ([10.22.229.83]) by fmsmga006.fm.intel.com with ESMTP; 13 Aug 2020 07:44:17 -0700 Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Thu, 13 Aug 2020 07:44:16 -0700 Received: from orsmsx111.amr.corp.intel.com (10.22.240.12) by orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Thu, 13 Aug 2020 07:44:16 -0700 Received: from ORSEDG001.ED.cps.intel.com (10.7.248.4) by ORSMSX111.amr.corp.intel.com (10.22.240.12) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 13 Aug 2020 07:44:16 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.177) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 13 Aug 2020 07:44:14 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VvFQCp8Ev6KJMBN3r+xxnL9J8wmc2+CjFCPshfF9lkh0xBylQoQa7YOOOM/8BjKYdC5+Hprq1/XMDlDWHs0d7Xb4o7zSd3ZEzUbHr/rj/iPyggAXtcwUhYaoNumf9yLce5aZIUS2w6Cuppt9uJffq1c9Jzkq9u049if09XcoSGrGpzDB+CbR8jEaX+OjRD/96cFgBwfuK1CM93EmN4jXem+KuUNFEuwqt/1+PRK9lAUwKv2NE+KLuieJVMvmhpxaaWcLgrPC7GcgQIDUQj0tSOZosQuX4mQ9r7ST6ePNEW2O9KBKLA/b4H8w+KSKHE++47ePemJ9dwv+0UBE/NeX7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tYaKMHEWbb3jqnzDqCIJltxAeBPyshYe3dYPrve9uHs=; b=CLFF7OKZnKOUM0MnonLMT3BM8v4o0sTsmCRU8BbAeBUifwG8Iym9atqM4EMgbZHNhgB5NO7n0x5jzMyKIvx7whjUIEG98EQiRNRJnNpY9Vh7owa4hoH9WnnhnS30asrA0fgEhj3UvAvP4qE6pUtPDT9pApAcm+pq118N8vYLip15z22SBGAdH+LsdXFkh1GfCHVI2nW1JwCNrubewX7D3rl58ixSg9LKJhCVDU/8Zs9iA70E526J8SnMVG6/Y+TtgZKSZmcxLdsUitjyJn5WViHOUGHjWxuvFzbUeaaM0FcGxzfWhE89m9MMs219oTlS9sc9pXimI2+g9hwl7N2gOg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tYaKMHEWbb3jqnzDqCIJltxAeBPyshYe3dYPrve9uHs=; b=WyPGpjWf6d6GjMU4sJFReg+Pp6PfJ9OFxPcis1IqCLgKQIp2ffkqRYTLbdcb3Ys/HR1B9wZ8FhnIN+hZzimSXIYTT6KI594ayLLKcHO5zrCS2x5Kedibo9pohpRg8MF31wTvVGsO3tRg8iDBfkz8VRQLy6+92BZ6HiDsznDfKqw= Received: from CY4PR11MB1288.namprd11.prod.outlook.com (2603:10b6:903:23::8) by CY4PR11MB1736.namprd11.prod.outlook.com (2603:10b6:903:120::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.16; Thu, 13 Aug 2020 14:44:13 +0000 Received: from CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::163:9209:a92d:812]) by CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::163:9209:a92d:812%6]) with mapi id 15.20.3283.018; Thu, 13 Aug 2020 14:44:13 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "Yao, Jiewen" , "matthewfcarlson@gmail.com" CC: "Wang, Jian J" , "Lu, XiaoyuX" Subject: Re: [edk2-devel] [PATCH v3 1/3] CryptoPkg: OpensslLib: Use RngLib to generate entropy in rand_pool Thread-Topic: [edk2-devel] [PATCH v3 1/3] CryptoPkg: OpensslLib: Use RngLib to generate entropy in rand_pool Thread-Index: AQHWZ3kC7dwdaE0ZDE+rL1AOazqpBakiYOKwgBPQNAA= Date: Thu, 13 Aug 2020 14:44:13 +0000 Message-ID: References: <20200731202712.1759-1-matthewfcarlson@gmail.com> <20200731202712.1759-2-matthewfcarlson@gmail.com> <1626FD395A4E4B04.26980@groups.io> In-Reply-To: <1626FD395A4E4B04.26980@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiM2E0ZWNjMWMtNDJiNi00OGIwLWEwOTItMjNmMjA0NzkyZjUyIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiUzFUNVR2V0dUZXJTeFlGcGt3T3JMSG1ScHphS2FHVlNGOStuMENLVFwvTGVONEhkd3JqUHFtNGUrNytMT2NhSnIifQ== x-ctpclassification: CTP_NT dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.198] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f961ca31-d41c-4eb9-fda2-08d83f9758bd x-ms-traffictypediagnostic: CY4PR11MB1736: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4941; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: OLHR6g8jYQ02Z8GIJPOp6Rwc7I08WrxL5egl/8EmZYzIn8kr8wX5uoanVZt4G3coI3fyfYbgD9osP1hEpyQJEV+C5nCRshd8Wsr4ZE2Be5VYiJT+SYYQgiXkQOaqWU6S1dkDC8504fsdsZmEFLyfN6+hrM6LDtqw4Whpzr5q3P3hiz5qNegqvOdgriq+2omEn9wdCrYKPuO/yH37qplscaBfOt8f8oKWZrr9g8pSNbeSY3E11lF9vh7Gu8RQQTifcwaPvbO7E+Fg7oSi/lx7+H9dl4rXnXUUNSibOKd8XuRhiFAkWgWNCQauJc16vj2mGxRovo0rv2SLQDB02Fwd8vUyY4THwP3RHPIV2Q/k09cZ9I/+kWpzKT0K+ZZJaSFc9BwAl39iHorqe28o3S8Bpw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR11MB1288.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(396003)(39860400002)(376002)(346002)(366004)(136003)(71200400001)(52536014)(83380400001)(9686003)(33656002)(30864003)(55016002)(5660300002)(186003)(19627235002)(478600001)(26005)(66946007)(76116006)(54906003)(107886003)(110136005)(4326008)(7696005)(66446008)(64756008)(66556008)(86362001)(966005)(8936002)(316002)(8676002)(53546011)(6506007)(2906002)(66476007);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: PYyWIbKLiFl/vPGyX9bh+rEkddEkJGmbCueAp3gb0sWe/vJVCXFEpPymUGT9Ya6iP7epGug23qflpNDUocpL0SB/DIkYwkmB3AlAykQeZauzKqfeHNw+2CTwnhpR5FSAzcDjs20W4tJ743aAg94oigYOHtduBfLFvHnHY+ID67lnkosdduJUTFEL3lszqeliIRf5EHKJFZpkDXh+3hkA9aPub5FcafOfuUq6KbzFN4Qz+2j1JvchucPhixoaqL9b3dGaWaayWJpQ75GIuF6PNittRGqyVsV9JwJkpaVQd8QMrbG22CYp/SR9U5FxR58B5RIka1J6hTt7/rbjF9xuZeXdvgU/yEoMUFbdEMWpTJSn0WePQJucL1uDBBrrhGLKp4QcBXVR6HSZinbXv0WRoA0I6ujV3pxTeSh3VbXnSaUVhxpqQNax2QCHomuQRYiOqs30MdhS3DpLFJyIthW3sHrB7/1LmABS4rLFgk+Y03Xb3b1k/gIeIqm63IpFvGA+cw1FARSG4bZB9ZzFxLK7BfFfXaF5fiDB+BM8puz7dYp5OzLjj4igI6STDo5gIt/WggXv8t9eDAPTgSbGQgeN/951qxMS8oAQB6ulm9xk5PD5hBerTQ/xL1lJSaSCb1Nv4jKKSlRopyt76V3D6QOBBA== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1288.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f961ca31-d41c-4eb9-fda2-08d83f9758bd X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Aug 2020 14:44:13.2703 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Wf9qsDzNW1HRkfKly9H4p91wW+TVj1aq641Q3IXAexpiamEA1rhnBFSa0LJoOKLFOGfS/n1JPiURaSHMQYS76w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1736 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Matthew Carlson Do you have any thought on the feedback below? Do you make any update in your patch V6? > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Yao, Jiew= en > Sent: Saturday, August 1, 2020 8:26 AM > To: matthewfcarlson@gmail.com; devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX > Subject: Re: [edk2-devel] [PATCH v3 1/3] CryptoPkg: OpensslLib: Use RngL= ib to > generate entropy in rand_pool >=20 > Hi > I have read https://bugzilla.tianocore.org/show_bug.cgi?id=3D1871 > I would like to give R-B, because the code matches what described in Bug= zilla. >=20 > Before that, I would like double confirm on the randomness requirement. > According to > https://software.intel.com/content/www/us/en/develop/blogs/the-differenc= e- > between-rdrand-and-rdseed.html, the RDSEED is a "Non-deterministic rando= m > bit generator", while RDRAND is a "Cryptographically secure pseudorandom > number generator" >=20 > Before this patch: > rand_pool_acquire_entropy()-> RandGetSeed128()- > >MicroSecondDelay()+RandGetBytes()->GetRandomNoise64()- > >AsmReadTsc()+MicroSecondDelay(). > rand_pool_add_nonce_data()->GetPerformanceCounter()+RandGetBytes() > It seems return TSC and TimerCounter. >=20 > After this patch: > rand_pool_acquire_entropy()->RandGetBytes()->GetRandomNumber64()- > >AsmRdRand64(). > rand_pool_add_nonce_data()->RandGetBytes() > It becomes pseudorandom. >=20 > So the meaning of the function seems changed. > I have not checked the randomness requirement for those two functions ye= t. > But could anyone confirm that a pseudorandom value returned is OK? >=20 > Or should we use RDSEED for non-deterministic value? >=20 > Thank you > Yao Jiewen >=20 >=20 > > -----Original Message----- > > From: matthewfcarlson@gmail.com > > Sent: Saturday, August 1, 2020 4:27 AM > > To: devel@edk2.groups.io > > Cc: Yao, Jiewen ; Wang, Jian J > ; > > Lu, XiaoyuX ; Matthew Carlson > > > > Subject: [PATCH v3 1/3] CryptoPkg: OpensslLib: Use RngLib to generate > entropy > > in rand_pool > > > > From: Matthew Carlson > > > > Changes OpenSSL to no longer depend on TimerLib and instead use RngLib= . > > This allows platforms to decide for themsevles what sort of entropy so= urce > > they provide to OpenSSL and TlsLib. > > > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Xiaoyu Lu > > Signed-off-by: Matthew Carlson > > --- > > CryptoPkg/Library/OpensslLib/rand_pool.c | 203 ++----------= -------- > > CryptoPkg/Library/OpensslLib/rand_pool_noise.c | 29 --- > > CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c | 43 ----- > > CryptoPkg/CryptoPkg.dsc | 1 + > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 15 +- > > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 15 +- > > CryptoPkg/Library/OpensslLib/rand_pool_noise.h | 29 --- > > 7 files changed, 22 insertions(+), 313 deletions(-) > > > > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c > > b/CryptoPkg/Library/OpensslLib/rand_pool.c > > index 9e0179b03490..b3ff03b2aa13 100644 > > --- a/CryptoPkg/Library/OpensslLib/rand_pool.c > > +++ b/CryptoPkg/Library/OpensslLib/rand_pool.c > > @@ -11,53 +11,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > #include > > > > > > > > #include > > > > -#include > > > > - > > > > -#include "rand_pool_noise.h" > > > > - > > > > -/** > > > > - Get some randomness from low-order bits of GetPerformanceCounter > results. > > > > - And combine them to the 64-bit value > > > > - > > > > - @param[out] Rand Buffer pointer to store the 64-bit random value= . > > > > - > > > > - @retval TRUE Random number generated successfully. > > > > - @retval FALSE Failed to generate. > > > > -**/ > > > > -STATIC > > > > -BOOLEAN > > > > -EFIAPI > > > > -GetRandNoise64FromPerformanceCounter( > > > > - OUT UINT64 *Rand > > > > - ) > > > > -{ > > > > - UINT32 Index; > > > > - UINT32 *RandPtr; > > > > - > > > > - if (NULL =3D=3D Rand) { > > > > - return FALSE; > > > > - } > > > > - > > > > - RandPtr =3D (UINT32 *) Rand; > > > > - > > > > - for (Index =3D 0; Index < 2; Index ++) { > > > > - *RandPtr =3D (UINT32) (GetPerformanceCounter () & 0xFF); > > > > - MicroSecondDelay (10); > > > > - RandPtr++; > > > > - } > > > > - > > > > - return TRUE; > > > > -} > > > > +#include > > > > > > > > /** > > > > Calls RandomNumber64 to fill > > > > a buffer of arbitrary size with random bytes. > > > > + This is a shim layer to RngLib. > > > > > > > > @param[in] Length Size of the buffer, in bytes, to fill w= ith. > > > > @param[out] RandBuffer Pointer to the buffer to store the rando= m result. > > > > > > > > - @retval EFI_SUCCESS Random bytes generation succeeded. > > > > - @retval EFI_NOT_READY Failed to request random bytes. > > > > + @retval True Random bytes generation succeeded. > > > > + @retval False Failed to request random bytes. > > > > > > > > **/ > > > > STATIC > > > > @@ -73,17 +38,17 @@ RandGetBytes ( > > > > > > Ret =3D FALSE; > > > > > > > > + if (RandBuffer =3D=3D NULL) { > > > > + DEBUG((DEBUG_ERROR, "[OPENSSL_RAND_POOL] NULL RandBuffer. No > > random numbers are generated and your system is not secure\n")); > > > > + ASSERT(FALSE); // Since we can't generate random numbers, we shou= ld > > assert. Otherwise we will just blow up later. > > > > + return Ret; > > > > + } > > > > + > > > > + > > > > while (Length > 0) { > > > > - // > > > > - // Get random noise from platform. > > > > - // If it failed, fallback to PerformanceCounter > > > > - // If you really care about security, you must override > > > > - // GetRandomNoise64FromPlatform. > > > > - // > > > > - Ret =3D GetRandomNoise64 (&TempRand); > > > > - if (Ret =3D=3D FALSE) { > > > > - Ret =3D GetRandNoise64FromPerformanceCounter (&TempRand); > > > > - } > > > > + // Use RngLib to get random number > > > > + Ret =3D GetRandomNumber64(&TempRand); > > > > + > > > > if (!Ret) { > > > > return Ret; > > > > } > > > > @@ -100,125 +65,6 @@ RandGetBytes ( > > return Ret; > > > > } > > > > > > > > -/** > > > > - Creates a 128bit random value that is fully forward and backward pr= ediction > > resistant, > > > > - suitable for seeding a NIST SP800-90 Compliant. > > > > - This function takes multiple random numbers from PerformanceCounter= to > > ensure reseeding > > > > - and performs AES-CBC-MAC over the data to compute the seed value. > > > > - > > > > - @param[out] SeedBuffer Pointer to a 128bit buffer to store the = random > > seed. > > > > - > > > > - @retval TRUE Random seed generation succeeded. > > > > - @retval FALSE Failed to request random bytes. > > > > - > > > > -**/ > > > > -STATIC > > > > -BOOLEAN > > > > -EFIAPI > > > > -RandGetSeed128 ( > > > > - OUT UINT8 *SeedBuffer > > > > - ) > > > > -{ > > > > - BOOLEAN Ret; > > > > - UINT8 RandByte[16]; > > > > - UINT8 Key[16]; > > > > - UINT8 Ffv[16]; > > > > - UINT8 Xored[16]; > > > > - UINT32 Index; > > > > - UINT32 Index2; > > > > - AES_KEY AESKey; > > > > - > > > > - // > > > > - // Chose an arbitrary key and zero the feed_forward_value (FFV) > > > > - // > > > > - for (Index =3D 0; Index < 16; Index++) { > > > > - Key[Index] =3D (UINT8) Index; > > > > - Ffv[Index] =3D 0; > > > > - } > > > > - > > > > - AES_set_encrypt_key (Key, 16 * 8, &AESKey); > > > > - > > > > - // > > > > - // Perform CBC_MAC over 32 * 128 bit values, with 10us gaps between= 128 > bit > > value > > > > - // The 10us gaps will ensure multiple reseeds within the system tim= e with a > > large > > > > - // design margin. > > > > - // > > > > - for (Index =3D 0; Index < 32; Index++) { > > > > - MicroSecondDelay (10); > > > > - Ret =3D RandGetBytes (16, RandByte); > > > > - if (!Ret) { > > > > - return Ret; > > > > - } > > > > - > > > > - // > > > > - // Perform XOR operations on two 128-bit value. > > > > - // > > > > - for (Index2 =3D 0; Index2 < 16; Index2++) { > > > > - Xored[Index2] =3D RandByte[Index2] ^ Ffv[Index2]; > > > > - } > > > > - > > > > - AES_encrypt (Xored, Ffv, &AESKey); > > > > - } > > > > - > > > > - for (Index =3D 0; Index < 16; Index++) { > > > > - SeedBuffer[Index] =3D Ffv[Index]; > > > > - } > > > > - > > > > - return Ret; > > > > -} > > > > - > > > > -/** > > > > - Generate high-quality entropy source. > > > > - > > > > - @param[in] Length Size of the buffer, in bytes, to fill wi= th. > > > > - @param[out] Entropy Pointer to the buffer to store the entro= py data. > > > > - > > > > - @retval EFI_SUCCESS Entropy generation succeeded. > > > > - @retval EFI_NOT_READY Failed to request random data. > > > > - > > > > -**/ > > > > -STATIC > > > > -BOOLEAN > > > > -EFIAPI > > > > -RandGenerateEntropy ( > > > > - IN UINTN Length, > > > > - OUT UINT8 *Entropy > > > > - ) > > > > -{ > > > > - BOOLEAN Ret; > > > > - UINTN BlockCount; > > > > - UINT8 Seed[16]; > > > > - UINT8 *Ptr; > > > > - > > > > - BlockCount =3D Length / 16; > > > > - Ptr =3D (UINT8 *) Entropy; > > > > - > > > > - // > > > > - // Generate high-quality seed for DRBG Entropy > > > > - // > > > > - while (BlockCount > 0) { > > > > - Ret =3D RandGetSeed128 (Seed); > > > > - if (!Ret) { > > > > - return Ret; > > > > - } > > > > - CopyMem (Ptr, Seed, 16); > > > > - > > > > - BlockCount--; > > > > - Ptr =3D Ptr + 16; > > > > - } > > > > - > > > > - // > > > > - // Populate the remained data as request. > > > > - // > > > > - Ret =3D RandGetSeed128 (Seed); > > > > - if (!Ret) { > > > > - return Ret; > > > > - } > > > > - CopyMem (Ptr, Seed, (Length % 16)); > > > > - > > > > - return Ret; > > > > -} > > > > - > > > > /* > > > > * Add random bytes to the pool to acquire requested amount of entrop= y > > > > * > > > > @@ -238,7 +84,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) > > buffer =3D rand_pool_add_begin(pool, bytes_needed); > > > > > > > > if (buffer !=3D NULL) { > > > > - Ret =3D RandGenerateEntropy(bytes_needed, buffer); > > > > + Ret =3D RandGetBytes(bytes_needed, buffer); > > > > if (FALSE =3D=3D Ret) { > > > > rand_pool_add_end(pool, 0, 0); > > > > } else { > > > > @@ -257,13 +103,8 @@ size_t rand_pool_acquire_entropy(RAND_POOL > *pool) > > */ > > > > int rand_pool_add_nonce_data(RAND_POOL *pool) > > > > { > > > > - struct { > > > > - UINT64 Rand; > > > > - UINT64 TimerValue; > > > > - } data =3D { 0 }; > > > > - > > > > - RandGetBytes(8, (UINT8 *)&(data.Rand)); > > > > - data.TimerValue =3D GetPerformanceCounter(); > > > > + UINT8 data[16]; > > > > + RandGetBytes(sizeof(data), data); > > > > > > > > return rand_pool_add(pool, (unsigned char*)&data, sizeof(data), 0); > > > > } > > > > @@ -275,13 +116,8 @@ int rand_pool_add_nonce_data(RAND_POOL *pool) > > */ > > > > int rand_pool_add_additional_data(RAND_POOL *pool) > > > > { > > > > - struct { > > > > - UINT64 Rand; > > > > - UINT64 TimerValue; > > > > - } data =3D { 0 }; > > > > - > > > > - RandGetBytes(8, (UINT8 *)&(data.Rand)); > > > > - data.TimerValue =3D GetPerformanceCounter(); > > > > + UINT8 data[16]; > > > > + RandGetBytes(sizeof(data), data); > > > > > > > > return rand_pool_add(pool, (unsigned char*)&data, sizeof(data), 0); > > > > } > > > > @@ -313,4 +149,3 @@ void rand_pool_cleanup(void) > > void rand_pool_keep_random_devices_open(int keep) > > > > { > > > > } > > > > - > > > > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool_noise.c > > b/CryptoPkg/Library/OpensslLib/rand_pool_noise.c > > deleted file mode 100644 > > index 212834e27acc..000000000000 > > --- a/CryptoPkg/Library/OpensslLib/rand_pool_noise.c > > +++ /dev/null > > @@ -1,29 +0,0 @@ > > -/** @file > > > > - Provide rand noise source. > > > > - > > > > -Copyright (c) 2019, Intel Corporation. All rights reserved.
> > > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > > > - > > > > -**/ > > > > - > > > > -#include > > > > - > > > > -/** > > > > - Get 64-bit noise source > > > > - > > > > - @param[out] Rand Buffer pointer to store 64-bit noise sourc= e > > > > - > > > > - @retval FALSE Failed to generate > > > > -**/ > > > > -BOOLEAN > > > > -EFIAPI > > > > -GetRandomNoise64 ( > > > > - OUT UINT64 *Rand > > > > - ) > > > > -{ > > > > - // > > > > - // Return FALSE will fallback to use PerformanceCounter to > > > > - // generate noise. > > > > - // > > > > - return FALSE; > > > > -} > > > > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > > b/CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > > deleted file mode 100644 > > index 4158106231fd..000000000000 > > --- a/CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > > +++ /dev/null > > @@ -1,43 +0,0 @@ > > -/** @file > > > > - Provide rand noise source. > > > > - > > > > -Copyright (c) 2019, Intel Corporation. All rights reserved.
> > > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > > > - > > > > -**/ > > > > - > > > > -#include > > > > -#include > > > > -#include > > > > - > > > > -/** > > > > - Get 64-bit noise source > > > > - > > > > - @param[out] Rand Buffer pointer to store 64-bit noise sourc= e > > > > - > > > > - @retval TRUE Get randomness successfully. > > > > - @retval FALSE Failed to generate > > > > -**/ > > > > -BOOLEAN > > > > -EFIAPI > > > > -GetRandomNoise64 ( > > > > - OUT UINT64 *Rand > > > > - ) > > > > -{ > > > > - UINT32 Index; > > > > - UINT32 *RandPtr; > > > > - > > > > - if (NULL =3D=3D Rand) { > > > > - return FALSE; > > > > - } > > > > - > > > > - RandPtr =3D (UINT32 *)Rand; > > > > - > > > > - for (Index =3D 0; Index < 2; Index ++) { > > > > - *RandPtr =3D (UINT32) ((AsmReadTsc ()) & 0xFF); > > > > - RandPtr++; > > > > - MicroSecondDelay (10); > > > > - } > > > > - > > > > - return TRUE; > > > > -} > > > > diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc > > index 1af78468a19c..0490eeb7e22f 100644 > > --- a/CryptoPkg/CryptoPkg.dsc > > +++ b/CryptoPkg/CryptoPkg.dsc > > @@ -60,6 +60,7 @@ > > BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.in= f > > > > TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf > > > > HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf > > > > + RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf > > > > > > > > [LibraryClasses.ARM, LibraryClasses.AARCH64] > > > > # > > > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > index dbbe5386a10c..4baad565564c 100644 > > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > @@ -571,22 +571,9 @@ > > $(OPENSSL_PATH)/ssl/statem/statem_local.h > > > > # Autogenerated files list ends here > > > > buildinf.h > > > > - rand_pool_noise.h > > > > ossl_store.c > > > > rand_pool.c > > > > > > > > -[Sources.Ia32] > > > > - rand_pool_noise_tsc.c > > > > - > > > > -[Sources.X64] > > > > - rand_pool_noise_tsc.c > > > > - > > > > -[Sources.ARM] > > > > - rand_pool_noise.c > > > > - > > > > -[Sources.AARCH64] > > > > - rand_pool_noise.c > > > > - > > > > [Packages] > > > > MdePkg/MdePkg.dec > > > > CryptoPkg/CryptoPkg.dec > > > > @@ -594,7 +581,7 @@ > > [LibraryClasses] > > > > BaseLib > > > > DebugLib > > > > - TimerLib > > > > + RngLib > > > > PrintLib > > > > > > > > [LibraryClasses.ARM] > > > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > index 616ccd9f62d1..3557711bd85a 100644 > > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > @@ -520,22 +520,9 @@ > > $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h > > > > # Autogenerated files list ends here > > > > buildinf.h > > > > - rand_pool_noise.h > > > > ossl_store.c > > > > rand_pool.c > > > > > > > > -[Sources.Ia32] > > > > - rand_pool_noise_tsc.c > > > > - > > > > -[Sources.X64] > > > > - rand_pool_noise_tsc.c > > > > - > > > > -[Sources.ARM] > > > > - rand_pool_noise.c > > > > - > > > > -[Sources.AARCH64] > > > > - rand_pool_noise.c > > > > - > > > > [Packages] > > > > MdePkg/MdePkg.dec > > > > CryptoPkg/CryptoPkg.dec > > > > @@ -543,7 +530,7 @@ > > [LibraryClasses] > > > > BaseLib > > > > DebugLib > > > > - TimerLib > > > > + RngLib > > > > PrintLib > > > > > > > > [LibraryClasses.ARM] > > > > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool_noise.h > > b/CryptoPkg/Library/OpensslLib/rand_pool_noise.h > > deleted file mode 100644 > > index 75acc686a9f1..000000000000 > > --- a/CryptoPkg/Library/OpensslLib/rand_pool_noise.h > > +++ /dev/null > > @@ -1,29 +0,0 @@ > > -/** @file > > > > - Provide rand noise source. > > > > - > > > > -Copyright (c) 2019, Intel Corporation. All rights reserved.
> > > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > > > - > > > > -**/ > > > > - > > > > -#ifndef __RAND_POOL_NOISE_H__ > > > > -#define __RAND_POOL_NOISE_H__ > > > > - > > > > -#include > > > > - > > > > -/** > > > > - Get 64-bit noise source. > > > > - > > > > - @param[out] Rand Buffer pointer to store 64-bit noise sour= ce > > > > - > > > > - @retval TRUE Get randomness successfully. > > > > - @retval FALSE Failed to generate > > > > -**/ > > > > -BOOLEAN > > > > -EFIAPI > > > > -GetRandomNoise64 ( > > > > - OUT UINT64 *Rand > > > > - ); > > > > - > > > > - > > > > -#endif // __RAND_POOL_NOISE_H__ > > > > -- > > 2.27.0.windows.1 >=20 >=20 >=20