From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web11.7557.1597361218064217486 for ; Thu, 13 Aug 2020 16:26:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=Uvk5s6d/; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: jiewen.yao@intel.com) IronPort-SDR: AKxiRSVKZXXvCSil+DY0BsUgqMjNShEatIt/qC62Z+nuxCwHwqwKeXUz/43LHdLmzn6fW6Qr5e LpW2B95sZDaA== X-IronPort-AV: E=McAfee;i="6000,8403,9712"; a="134394508" X-IronPort-AV: E=Sophos;i="5.76,310,1592895600"; d="scan'208";a="134394508" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Aug 2020 16:26:57 -0700 IronPort-SDR: 6tn4nBogCUsRZB1ccc/las+yoSHylJRqc62cJpX2RETVMYbO2CWIhM/9ZSenw18PL6EgQdEdVF iA/gxvAV3QdQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,310,1592895600"; d="scan'208";a="327719456" Received: from orsmsx602-2.jf.intel.com (HELO ORSMSX602.amr.corp.intel.com) ([10.22.229.82]) by fmsmga002.fm.intel.com with ESMTP; 13 Aug 2020 16:26:56 -0700 Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Thu, 13 Aug 2020 16:26:56 -0700 Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Thu, 13 Aug 2020 16:26:55 -0700 Received: from ORSEDG001.ED.cps.intel.com (10.7.248.4) by orsmsx612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Thu, 13 Aug 2020 16:26:55 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.172) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 13 Aug 2020 16:26:54 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SK3wk+qg/5U5fdjabf6bLC+81B94lAw45PgtPQVKkOC2hxrfN9JxZf8KfVu2n2nOLt4TOwElLaVgTEtTCBeTHt94FgHcH6xjgLr0OK3X5C9XmKiDGdV2dFeMQLNweKTHZ0/eJ81ccbTM+1+EIPRGNH5CmV+Wv/6J7wW0BEINGowfC+uzjZm4MuWpmz+L5djGZWpTnutHkxpVcLzXd4gAxinmIsniZZFJNMpqQ38wjPeiqpvo50/FNZkQK/orzirZv4ndbWYbkRNACKWdzI0APSBqgXAW9oofsROefW5H33APioYpjdlgm8CTlj0sDaMGkH/kOqdipkSGrB/Ja2A8uA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jd/ew7cXURFFdRRrmQcR2PKg7wBCruGaoiMjtUH2zyE=; b=cMRIMIL4a7BwfgGTJk7O1d6A4xp8VYlkfKTELP+W7Ah3+ZaNy2GJNFUDqejaG3a4X8uuxnI4qGGuiFpi5MwEJHzh2I6YJQ/Ss0AYNbHM+bs4pz04BvuWSJMMkk6FhF04iTlAlChflOX1ohHc5IKckk97DY1oOjxmGRCyE7uvRt6z1SlRoNSGiBk9ISULp5hpmCIK9K8paaYAVgemGHm6hsIo0xkeErcJHks/WzUZm6E5ryiy/NDRjvCZlGnAJTm+pnJ8BRfn9nZl92d/QS/C4tdyDHJVMCTB8T2KXTn4MGSFtGlxHAiQh77C1thrnLPEVR9Wf3521+jguQaDH2T73Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jd/ew7cXURFFdRRrmQcR2PKg7wBCruGaoiMjtUH2zyE=; b=Uvk5s6d/OhDIorE8vFtE+YCSxUQYj5oTyXnqZQ3REsCa7QaWBYyhcDcfzVuoYsDhivPHinHC74NXEaVLdG6tSZeqaZ9fIopwB7xPLmsMDrMcCC4cX4Esx4Qgt8xffsb1LL6YMds3Y031C23R1reAL8nK5wjY7loIOTxkmrP9hYk= Received: from CY4PR11MB1288.namprd11.prod.outlook.com (2603:10b6:903:23::8) by CY4PR1101MB2166.namprd11.prod.outlook.com (2603:10b6:910:1e::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.19; Thu, 13 Aug 2020 23:26:52 +0000 Received: from CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::163:9209:a92d:812]) by CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::163:9209:a92d:812%6]) with mapi id 15.20.3283.018; Thu, 13 Aug 2020 23:26:52 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "matthewfcarlson@gmail.com" CC: Ard Biesheuvel , "Wang, Jian J" , "Lu, XiaoyuX" Subject: Re: [edk2-devel] [PATCH v7 5/5] CryptoPkg: OpensslLib: Use RngLib to generate entropy in rand_pool Thread-Topic: [edk2-devel] [PATCH v7 5/5] CryptoPkg: OpensslLib: Use RngLib to generate entropy in rand_pool Thread-Index: AQHWcapClVfbQWEaf0G/y9JfHhJd7qk2qaqw Date: Thu, 13 Aug 2020 23:26:51 +0000 Message-ID: References: <20200813194441.892-1-matthewfcarlson@gmail.com> <20200813194441.892-6-matthewfcarlson@gmail.com> In-Reply-To: <20200813194441.892-6-matthewfcarlson@gmail.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiODU5ODMzMTEtNmE3Yy00ODlhLTg4NGMtMDIyZGI2Njc0N2M0IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoibDVXXC9vcmxNbmJMV25LbHVENzhTV1lYaGM0eXVaWXRjUmR2dUxDMCtodVRWN21QY2RaZWk0dGU4NEozQWVmeDAifQ== x-ctpclassification: CTP_NT dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.198] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ad7ad4cc-f62e-44e8-6ed9-08d83fe05bf0 x-ms-traffictypediagnostic: CY4PR1101MB2166: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2043; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: TCkbCZxs5Dlyy+19MIb4X76q7P5OigONtSmHSiAPL5QVME159aqnGlYjJaqnVbsVX9VGd9MENPUOyL2sIWUu4xHZ71irmV/e27MlETq53RicHKVCduxBwTBD3R4vulXCfm+yVQSXMF870jXPXrbKqCOi+r86OT49fkdL0wVbzSonJWcSNfU0jmDCdm3VZiqVhb1m+OXmc3jAPGWXbjTCdfYx0DCpUUwcGWaHOKn+Zzp+BJAuy1PS1asTNGgI30lRD1eDOLiWOUxy/XGPIwk263E56Cud3VISsusXBMkcpdLn1iazcf6jYJcJj0umEoQ62S3684b0cV5DrsqGbDOiDvBJGNjR+a6ZoJTh3+tnxGvil4XlmLBfRCJQRF15Cr1gCEno1t1RLWdbbqUUMLGFXg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR11MB1288.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(396003)(346002)(376002)(366004)(136003)(39860400002)(110136005)(4326008)(53546011)(52536014)(66946007)(66476007)(66556008)(33656002)(64756008)(66446008)(186003)(316002)(76116006)(54906003)(6506007)(8676002)(478600001)(7696005)(26005)(9686003)(8936002)(71200400001)(966005)(107886003)(5660300002)(55016002)(2906002)(19627235002)(83380400001)(30864003)(86362001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: yaG+Uzof9ix4w7Sedbp6TrEdhwhxA2N2mxVrAcIMoqRF49HttPZXvfhLJJSHsRi9HHbA8B6Ig5uxvZtOP6p1hgXVGZ08eZb1NCujy/eiNBwFfii+r+VMBWmWlaFmo5F4Ckv67k/HmX4AgUyBQljyidWirCk5fWHNaZdNPBbzS1C9tsdo/lh1uCsB7C6oUF6p2ExQDdMomjncPqWsR+nbrGPx8g7G2ZpSNSDY2bk1NhXVBm56lijx00FcNFqhsQTL1QAQMC0BH1vmN1EiYaFPoOcG7DYM1r0wRLeOwW1zM6qbYZ13JvderObv3UP0RUfDASwG/HMBw/pPqosFhGcIYvWZbgo0wQh41fHk4FEFTuS5xXonneRj/uZA5mVYvL1YSj/h8MDCfhVzsS8H1SfY75BtIq99g0PlXfM1ThZiaf42lduiGxicQaeq/FNwrOZOCkyo78jJZdMSfnL2u9UQULlzYJ1opjxK0W7kicBbLUnqiXpPbmXL4LkhtWObk7nqddvz9P7CTRWGCVFkO/L3DUp0jR3xU3Xn9hUXcsATIXb4hhKodvkhN1BtTb518Eva5Zz14bjTmks7WkZknbnUiUoRkNiRndLlXcpXMARddOZu/ciI5dEtq7/kgMn3Xw9inRFg/bArG/1rC1U+GE+1uQ== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1288.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ad7ad4cc-f62e-44e8-6ed9-08d83fe05bf0 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Aug 2020 23:26:51.9163 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 4lBoq6K73M8zPXD9wq1PgCas/x9PHQ2XQRTwI7Jq1z/8kp1zpPyJpsNxTh+eFUtPDsP3xW8VHUPHKj+STOPjWw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1101MB2166 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen Yao > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Matthew > Carlson > Sent: Friday, August 14, 2020 3:45 AM > To: devel@edk2.groups.io > Cc: Ard Biesheuvel ; Yao, Jiewen > ; Wang, Jian J ; Lu, XiaoyuX > ; Matthew Carlson > Subject: [edk2-devel] [PATCH v7 5/5] CryptoPkg: OpensslLib: Use RngLib to > generate entropy in rand_pool >=20 > From: Matthew Carlson >=20 > Ref: https://github.com/tianocore/edk2/pull/845 > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1871 >=20 > Changes OpenSSL to no longer depend on TimerLib and instead use RngLib. > This allows platforms to decide for themsevles what sort of entropy sourc= e > they provide to OpenSSL and TlsLib. >=20 > Cc: Ard Biesheuvel > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Xiaoyu Lu >=20 > Acked-by: Ard Biesheuvel > Signed-off-by: Matthew Carlson > --- > CryptoPkg/Library/OpensslLib/rand_pool.c | 265 +++++----------= ----- > CryptoPkg/Library/OpensslLib/rand_pool_noise.c | 29 --- > CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c | 43 ---- > CryptoPkg/CryptoPkg.dsc | 1 + > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 15 +- > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 15 +- > CryptoPkg/Library/OpensslLib/rand_pool_noise.h | 29 --- > 7 files changed, 63 insertions(+), 334 deletions(-) >=20 > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c > b/CryptoPkg/Library/OpensslLib/rand_pool.c > index 9e0179b03490..806549af81c1 100644 > --- a/CryptoPkg/Library/OpensslLib/rand_pool.c > +++ b/CryptoPkg/Library/OpensslLib/rand_pool.c > @@ -2,8 +2,8 @@ > OpenSSL_1_1_1b doesn't implement rand_pool_* functions for UEFI. >=20 > The file implement these functions. >=20 >=20 >=20 > -Copyright (c) 2019, Intel Corporation. All rights reserved.
>=20 > -SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > + Copyright (c) 2019, Intel Corporation. All rights reserved.
>=20 > + SPDX-License-Identifier: BSD-2-Clause-Patent >=20 >=20 >=20 > **/ >=20 >=20 >=20 > @@ -11,53 +11,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include >=20 >=20 >=20 > #include >=20 > -#include >=20 > - >=20 > -#include "rand_pool_noise.h" >=20 > - >=20 > -/** >=20 > - Get some randomness from low-order bits of GetPerformanceCounter resul= ts. >=20 > - And combine them to the 64-bit value >=20 > - >=20 > - @param[out] Rand Buffer pointer to store the 64-bit random value. >=20 > - >=20 > - @retval TRUE Random number generated successfully. >=20 > - @retval FALSE Failed to generate. >=20 > -**/ >=20 > -STATIC >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -GetRandNoise64FromPerformanceCounter( >=20 > - OUT UINT64 *Rand >=20 > - ) >=20 > -{ >=20 > - UINT32 Index; >=20 > - UINT32 *RandPtr; >=20 > - >=20 > - if (NULL =3D=3D Rand) { >=20 > - return FALSE; >=20 > - } >=20 > - >=20 > - RandPtr =3D (UINT32 *) Rand; >=20 > - >=20 > - for (Index =3D 0; Index < 2; Index ++) { >=20 > - *RandPtr =3D (UINT32) (GetPerformanceCounter () & 0xFF); >=20 > - MicroSecondDelay (10); >=20 > - RandPtr++; >=20 > - } >=20 > - >=20 > - return TRUE; >=20 > -} >=20 > +#include >=20 >=20 >=20 > /** >=20 > Calls RandomNumber64 to fill >=20 > a buffer of arbitrary size with random bytes. >=20 > + This is a shim layer to RngLib. >=20 >=20 >=20 > @param[in] Length Size of the buffer, in bytes, to fill with= . >=20 > @param[out] RandBuffer Pointer to the buffer to store the random r= esult. >=20 >=20 >=20 > - @retval EFI_SUCCESS Random bytes generation succeeded. >=20 > - @retval EFI_NOT_READY Failed to request random bytes. >=20 > + @retval TRUE Random bytes generation succeeded. >=20 > + @retval FALSE Failed to request random bytes. >=20 >=20 >=20 > **/ >=20 > STATIC >=20 > @@ -65,7 +30,7 @@ BOOLEAN > EFIAPI >=20 > RandGetBytes ( >=20 > IN UINTN Length, >=20 > - OUT UINT8 *RandBuffer >=20 > + OUT UINT8 *RandBuffer >=20 > ) >=20 > { >=20 > BOOLEAN Ret; >=20 > @@ -73,17 +38,17 @@ RandGetBytes ( >=20 >=20 > Ret =3D FALSE; >=20 >=20 >=20 > + if (RandBuffer =3D=3D NULL) { >=20 > + DEBUG((DEBUG_ERROR, "[OPENSSL_RAND_POOL] NULL RandBuffer. No > random numbers are generated and your system is not secure\n")); >=20 > + ASSERT (RandBuffer !=3D NULL); // Since we can't generate random num= bers, > we should assert. Otherwise we will just blow up later. >=20 > + return Ret; >=20 > + } >=20 > + >=20 > + >=20 > while (Length > 0) { >=20 > - // >=20 > - // Get random noise from platform. >=20 > - // If it failed, fallback to PerformanceCounter >=20 > - // If you really care about security, you must override >=20 > - // GetRandomNoise64FromPlatform. >=20 > - // >=20 > - Ret =3D GetRandomNoise64 (&TempRand); >=20 > - if (Ret =3D=3D FALSE) { >=20 > - Ret =3D GetRandNoise64FromPerformanceCounter (&TempRand); >=20 > - } >=20 > + // Use RngLib to get random number >=20 > + Ret =3D GetRandomNumber64 (&TempRand); >=20 > + >=20 > if (!Ret) { >=20 > return Ret; >=20 > } >=20 > @@ -91,7 +56,8 @@ RandGetBytes ( > *((UINT64*) RandBuffer) =3D TempRand; >=20 > RandBuffer +=3D sizeof (UINT64); >=20 > Length -=3D sizeof (TempRand); >=20 > - } else { >=20 > + } >=20 > + else { >=20 > CopyMem (RandBuffer, &TempRand, Length); >=20 > Length =3D 0; >=20 > } >=20 > @@ -100,125 +66,6 @@ RandGetBytes ( > return Ret; >=20 > } >=20 >=20 >=20 > -/** >=20 > - Creates a 128bit random value that is fully forward and backward predi= ction > resistant, >=20 > - suitable for seeding a NIST SP800-90 Compliant. >=20 > - This function takes multiple random numbers from PerformanceCounter to > ensure reseeding >=20 > - and performs AES-CBC-MAC over the data to compute the seed value. >=20 > - >=20 > - @param[out] SeedBuffer Pointer to a 128bit buffer to store the ran= dom > seed. >=20 > - >=20 > - @retval TRUE Random seed generation succeeded. >=20 > - @retval FALSE Failed to request random bytes. >=20 > - >=20 > -**/ >=20 > -STATIC >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -RandGetSeed128 ( >=20 > - OUT UINT8 *SeedBuffer >=20 > - ) >=20 > -{ >=20 > - BOOLEAN Ret; >=20 > - UINT8 RandByte[16]; >=20 > - UINT8 Key[16]; >=20 > - UINT8 Ffv[16]; >=20 > - UINT8 Xored[16]; >=20 > - UINT32 Index; >=20 > - UINT32 Index2; >=20 > - AES_KEY AESKey; >=20 > - >=20 > - // >=20 > - // Chose an arbitrary key and zero the feed_forward_value (FFV) >=20 > - // >=20 > - for (Index =3D 0; Index < 16; Index++) { >=20 > - Key[Index] =3D (UINT8) Index; >=20 > - Ffv[Index] =3D 0; >=20 > - } >=20 > - >=20 > - AES_set_encrypt_key (Key, 16 * 8, &AESKey); >=20 > - >=20 > - // >=20 > - // Perform CBC_MAC over 32 * 128 bit values, with 10us gaps between 12= 8 bit > value >=20 > - // The 10us gaps will ensure multiple reseeds within the system time w= ith a > large >=20 > - // design margin. >=20 > - // >=20 > - for (Index =3D 0; Index < 32; Index++) { >=20 > - MicroSecondDelay (10); >=20 > - Ret =3D RandGetBytes (16, RandByte); >=20 > - if (!Ret) { >=20 > - return Ret; >=20 > - } >=20 > - >=20 > - // >=20 > - // Perform XOR operations on two 128-bit value. >=20 > - // >=20 > - for (Index2 =3D 0; Index2 < 16; Index2++) { >=20 > - Xored[Index2] =3D RandByte[Index2] ^ Ffv[Index2]; >=20 > - } >=20 > - >=20 > - AES_encrypt (Xored, Ffv, &AESKey); >=20 > - } >=20 > - >=20 > - for (Index =3D 0; Index < 16; Index++) { >=20 > - SeedBuffer[Index] =3D Ffv[Index]; >=20 > - } >=20 > - >=20 > - return Ret; >=20 > -} >=20 > - >=20 > -/** >=20 > - Generate high-quality entropy source. >=20 > - >=20 > - @param[in] Length Size of the buffer, in bytes, to fill with. >=20 > - @param[out] Entropy Pointer to the buffer to store the entropy = data. >=20 > - >=20 > - @retval EFI_SUCCESS Entropy generation succeeded. >=20 > - @retval EFI_NOT_READY Failed to request random data. >=20 > - >=20 > -**/ >=20 > -STATIC >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -RandGenerateEntropy ( >=20 > - IN UINTN Length, >=20 > - OUT UINT8 *Entropy >=20 > - ) >=20 > -{ >=20 > - BOOLEAN Ret; >=20 > - UINTN BlockCount; >=20 > - UINT8 Seed[16]; >=20 > - UINT8 *Ptr; >=20 > - >=20 > - BlockCount =3D Length / 16; >=20 > - Ptr =3D (UINT8 *) Entropy; >=20 > - >=20 > - // >=20 > - // Generate high-quality seed for DRBG Entropy >=20 > - // >=20 > - while (BlockCount > 0) { >=20 > - Ret =3D RandGetSeed128 (Seed); >=20 > - if (!Ret) { >=20 > - return Ret; >=20 > - } >=20 > - CopyMem (Ptr, Seed, 16); >=20 > - >=20 > - BlockCount--; >=20 > - Ptr =3D Ptr + 16; >=20 > - } >=20 > - >=20 > - // >=20 > - // Populate the remained data as request. >=20 > - // >=20 > - Ret =3D RandGetSeed128 (Seed); >=20 > - if (!Ret) { >=20 > - return Ret; >=20 > - } >=20 > - CopyMem (Ptr, Seed, (Length % 16)); >=20 > - >=20 > - return Ret; >=20 > -} >=20 > - >=20 > /* >=20 > * Add random bytes to the pool to acquire requested amount of entropy >=20 > * >=20 > @@ -227,27 +74,31 @@ RandGenerateEntropy ( > * >=20 > * This is OpenSSL required interface. >=20 > */ >=20 > -size_t rand_pool_acquire_entropy(RAND_POOL *pool) >=20 > +size_t >=20 > +rand_pool_acquire_entropy ( >=20 > + RAND_POOL *pool >=20 > + ) >=20 > { >=20 > - BOOLEAN Ret; >=20 > - size_t bytes_needed; >=20 > - unsigned char * buffer; >=20 > + BOOLEAN Ret; >=20 > + size_t bytes_needed; >=20 > + unsigned char *buffer; >=20 >=20 >=20 > - bytes_needed =3D rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); >=20 > + bytes_needed =3D rand_pool_bytes_needed (pool, 1 /*entropy_factor*/); >=20 > if (bytes_needed > 0) { >=20 > - buffer =3D rand_pool_add_begin(pool, bytes_needed); >=20 > + buffer =3D rand_pool_add_begin (pool, bytes_needed); >=20 >=20 >=20 > if (buffer !=3D NULL) { >=20 > - Ret =3D RandGenerateEntropy(bytes_needed, buffer); >=20 > + Ret =3D RandGetBytes (bytes_needed, buffer); >=20 > if (FALSE =3D=3D Ret) { >=20 > - rand_pool_add_end(pool, 0, 0); >=20 > - } else { >=20 > - rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed); >=20 > + rand_pool_add_end (pool, 0, 0); >=20 > + } >=20 > + else { >=20 > + rand_pool_add_end (pool, bytes_needed, 8 * bytes_needed); >=20 > } >=20 > } >=20 > } >=20 >=20 >=20 > - return rand_pool_entropy_available(pool); >=20 > + return rand_pool_entropy_available (pool); >=20 > } >=20 >=20 >=20 > /* >=20 > @@ -255,17 +106,15 @@ size_t rand_pool_acquire_entropy(RAND_POOL > *pool) > * >=20 > * This is OpenSSL required interface. >=20 > */ >=20 > -int rand_pool_add_nonce_data(RAND_POOL *pool) >=20 > +int >=20 > +rand_pool_add_nonce_data ( >=20 > + RAND_POOL *pool >=20 > + ) >=20 > { >=20 > - struct { >=20 > - UINT64 Rand; >=20 > - UINT64 TimerValue; >=20 > - } data =3D { 0 }; >=20 > + UINT8 data[16]; >=20 > + RandGetBytes (sizeof(data), data); >=20 >=20 >=20 > - RandGetBytes(8, (UINT8 *)&(data.Rand)); >=20 > - data.TimerValue =3D GetPerformanceCounter(); >=20 > - >=20 > - return rand_pool_add(pool, (unsigned char*)&data, sizeof(data), 0); >=20 > + return rand_pool_add (pool, (unsigned char*)&data, sizeof(data), 0); >=20 > } >=20 >=20 >=20 > /* >=20 > @@ -273,17 +122,15 @@ int rand_pool_add_nonce_data(RAND_POOL *pool) > * >=20 > * This is OpenSSL required interface. >=20 > */ >=20 > -int rand_pool_add_additional_data(RAND_POOL *pool) >=20 > +int >=20 > +rand_pool_add_additional_data ( >=20 > + RAND_POOL *pool >=20 > + ) >=20 > { >=20 > - struct { >=20 > - UINT64 Rand; >=20 > - UINT64 TimerValue; >=20 > - } data =3D { 0 }; >=20 > - >=20 > - RandGetBytes(8, (UINT8 *)&(data.Rand)); >=20 > - data.TimerValue =3D GetPerformanceCounter(); >=20 > + UINT8 data[16]; >=20 > + RandGetBytes (sizeof(data), data); >=20 >=20 >=20 > - return rand_pool_add(pool, (unsigned char*)&data, sizeof(data), 0); >=20 > + return rand_pool_add (pool, (unsigned char*)&data, sizeof(data), 0); >=20 > } >=20 >=20 >=20 > /* >=20 > @@ -291,7 +138,10 @@ int rand_pool_add_additional_data(RAND_POOL *pool) > * >=20 > * This is OpenSSL required interface. >=20 > */ >=20 > -int rand_pool_init(void) >=20 > +int >=20 > +rand_pool_init ( >=20 > + VOID >=20 > + ) >=20 > { >=20 > return 1; >=20 > } >=20 > @@ -301,7 +151,10 @@ int rand_pool_init(void) > * >=20 > * This is OpenSSL required interface. >=20 > */ >=20 > -void rand_pool_cleanup(void) >=20 > +VOID >=20 > +rand_pool_cleanup( >=20 > + VOID >=20 > + ) >=20 > { >=20 > } >=20 >=20 >=20 > @@ -310,7 +163,9 @@ void rand_pool_cleanup(void) > * >=20 > * This is OpenSSL required interface. >=20 > */ >=20 > -void rand_pool_keep_random_devices_open(int keep) >=20 > +VOID >=20 > +rand_pool_keep_random_devices_open ( >=20 > + int keep >=20 > + ) >=20 > { >=20 > } >=20 > - >=20 > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool_noise.c > b/CryptoPkg/Library/OpensslLib/rand_pool_noise.c > deleted file mode 100644 > index 212834e27acc..000000000000 > --- a/CryptoPkg/Library/OpensslLib/rand_pool_noise.c > +++ /dev/null > @@ -1,29 +0,0 @@ > -/** @file >=20 > - Provide rand noise source. >=20 > - >=20 > -Copyright (c) 2019, Intel Corporation. All rights reserved.
>=20 > -SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > - >=20 > -**/ >=20 > - >=20 > -#include >=20 > - >=20 > -/** >=20 > - Get 64-bit noise source >=20 > - >=20 > - @param[out] Rand Buffer pointer to store 64-bit noise source >=20 > - >=20 > - @retval FALSE Failed to generate >=20 > -**/ >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -GetRandomNoise64 ( >=20 > - OUT UINT64 *Rand >=20 > - ) >=20 > -{ >=20 > - // >=20 > - // Return FALSE will fallback to use PerformanceCounter to >=20 > - // generate noise. >=20 > - // >=20 > - return FALSE; >=20 > -} >=20 > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > b/CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > deleted file mode 100644 > index 4158106231fd..000000000000 > --- a/CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > +++ /dev/null > @@ -1,43 +0,0 @@ > -/** @file >=20 > - Provide rand noise source. >=20 > - >=20 > -Copyright (c) 2019, Intel Corporation. All rights reserved.
>=20 > -SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > - >=20 > -**/ >=20 > - >=20 > -#include >=20 > -#include >=20 > -#include >=20 > - >=20 > -/** >=20 > - Get 64-bit noise source >=20 > - >=20 > - @param[out] Rand Buffer pointer to store 64-bit noise source >=20 > - >=20 > - @retval TRUE Get randomness successfully. >=20 > - @retval FALSE Failed to generate >=20 > -**/ >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -GetRandomNoise64 ( >=20 > - OUT UINT64 *Rand >=20 > - ) >=20 > -{ >=20 > - UINT32 Index; >=20 > - UINT32 *RandPtr; >=20 > - >=20 > - if (NULL =3D=3D Rand) { >=20 > - return FALSE; >=20 > - } >=20 > - >=20 > - RandPtr =3D (UINT32 *)Rand; >=20 > - >=20 > - for (Index =3D 0; Index < 2; Index ++) { >=20 > - *RandPtr =3D (UINT32) ((AsmReadTsc ()) & 0xFF); >=20 > - RandPtr++; >=20 > - MicroSecondDelay (10); >=20 > - } >=20 > - >=20 > - return TRUE; >=20 > -} >=20 > diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc > index 1af78468a19c..0490eeb7e22f 100644 > --- a/CryptoPkg/CryptoPkg.dsc > +++ b/CryptoPkg/CryptoPkg.dsc > @@ -60,6 +60,7 @@ > BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf >=20 > TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf >=20 > HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf >=20 > + RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf >=20 >=20 >=20 > [LibraryClasses.ARM, LibraryClasses.AARCH64] >=20 > # >=20 > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > index dbbe5386a10c..4baad565564c 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > @@ -571,22 +571,9 @@ > $(OPENSSL_PATH)/ssl/statem/statem_local.h >=20 > # Autogenerated files list ends here >=20 > buildinf.h >=20 > - rand_pool_noise.h >=20 > ossl_store.c >=20 > rand_pool.c >=20 >=20 >=20 > -[Sources.Ia32] >=20 > - rand_pool_noise_tsc.c >=20 > - >=20 > -[Sources.X64] >=20 > - rand_pool_noise_tsc.c >=20 > - >=20 > -[Sources.ARM] >=20 > - rand_pool_noise.c >=20 > - >=20 > -[Sources.AARCH64] >=20 > - rand_pool_noise.c >=20 > - >=20 > [Packages] >=20 > MdePkg/MdePkg.dec >=20 > CryptoPkg/CryptoPkg.dec >=20 > @@ -594,7 +581,7 @@ > [LibraryClasses] >=20 > BaseLib >=20 > DebugLib >=20 > - TimerLib >=20 > + RngLib >=20 > PrintLib >=20 >=20 >=20 > [LibraryClasses.ARM] >=20 > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > index 616ccd9f62d1..3557711bd85a 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > @@ -520,22 +520,9 @@ > $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h >=20 > # Autogenerated files list ends here >=20 > buildinf.h >=20 > - rand_pool_noise.h >=20 > ossl_store.c >=20 > rand_pool.c >=20 >=20 >=20 > -[Sources.Ia32] >=20 > - rand_pool_noise_tsc.c >=20 > - >=20 > -[Sources.X64] >=20 > - rand_pool_noise_tsc.c >=20 > - >=20 > -[Sources.ARM] >=20 > - rand_pool_noise.c >=20 > - >=20 > -[Sources.AARCH64] >=20 > - rand_pool_noise.c >=20 > - >=20 > [Packages] >=20 > MdePkg/MdePkg.dec >=20 > CryptoPkg/CryptoPkg.dec >=20 > @@ -543,7 +530,7 @@ > [LibraryClasses] >=20 > BaseLib >=20 > DebugLib >=20 > - TimerLib >=20 > + RngLib >=20 > PrintLib >=20 >=20 >=20 > [LibraryClasses.ARM] >=20 > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool_noise.h > b/CryptoPkg/Library/OpensslLib/rand_pool_noise.h > deleted file mode 100644 > index 75acc686a9f1..000000000000 > --- a/CryptoPkg/Library/OpensslLib/rand_pool_noise.h > +++ /dev/null > @@ -1,29 +0,0 @@ > -/** @file >=20 > - Provide rand noise source. >=20 > - >=20 > -Copyright (c) 2019, Intel Corporation. All rights reserved.
>=20 > -SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > - >=20 > -**/ >=20 > - >=20 > -#ifndef __RAND_POOL_NOISE_H__ >=20 > -#define __RAND_POOL_NOISE_H__ >=20 > - >=20 > -#include >=20 > - >=20 > -/** >=20 > - Get 64-bit noise source. >=20 > - >=20 > - @param[out] Rand Buffer pointer to store 64-bit noise source >=20 > - >=20 > - @retval TRUE Get randomness successfully. >=20 > - @retval FALSE Failed to generate >=20 > -**/ >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -GetRandomNoise64 ( >=20 > - OUT UINT64 *Rand >=20 > - ); >=20 > - >=20 > - >=20 > -#endif // __RAND_POOL_NOISE_H__ >=20 > -- > 2.27.0.windows.1 >=20 >=20 > -=3D-=3D-=3D-=3D-=3D-=3D > Groups.io Links: You receive all messages sent to this group. >=20 > View/Reply Online (#64253): https://edk2.groups.io/g/devel/message/64253 > Mute This Topic: https://groups.io/mt/76174753/1772286 > Group Owner: devel+owner@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub [jiewen.yao@intel.com] > -=3D-=3D-=3D-=3D-=3D-=3D