From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web12.99806.1597879797012151254 for ; Wed, 19 Aug 2020 16:29:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=xcd/9cFH; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: jiewen.yao@intel.com) IronPort-SDR: +JmF4sOyW3uz1LEHUNidONNoferSuGn/SxZairspNcym5bJqzWaYeC8eOAp+GhLy/z+QKrlj+W 3YFbI1wJDyZg== X-IronPort-AV: E=McAfee;i="6000,8403,9718"; a="155184195" X-IronPort-AV: E=Sophos;i="5.76,332,1592895600"; d="scan'208";a="155184195" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Aug 2020 16:29:55 -0700 IronPort-SDR: K2ojt1uE4lx9e3MfQqah2L0lM5drPQZD+Amd/aOiq6gT2Onfvbhuosp9vmyw6DYLXb03jZVB9c K8BKombSNwzA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,332,1592895600"; d="scan'208";a="320656904" Received: from orsmsx602-2.jf.intel.com (HELO ORSMSX602.amr.corp.intel.com) ([10.22.229.82]) by fmsmga004.fm.intel.com with ESMTP; 19 Aug 2020 16:29:55 -0700 Received: from orsmsx602.amr.corp.intel.com (10.22.229.15) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Wed, 19 Aug 2020 16:29:54 -0700 Received: from orsmsx101.amr.corp.intel.com (10.22.225.128) by orsmsx602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Wed, 19 Aug 2020 16:29:54 -0700 Received: from ORSEDG002.ED.cps.intel.com (10.7.248.5) by ORSMSX101.amr.corp.intel.com (10.22.225.128) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 19 Aug 2020 16:29:53 -0700 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.175) by edgegateway.intel.com (134.134.137.101) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 19 Aug 2020 16:29:53 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Pc87XzQteSwayk98/j9GMOPBuOaZnS0gwy22IOrlj8GX7capNsRAp7pQLmdJM0ZNJl1U6VRuQYW0JpDQJrjCI9tisZUMrF9vAauIZiTNmowhgGDwwgNvvyi4CMg00gqqC+t/hcG82dPefGYTr+xdPsuEjt19HvgrGvncJcIxvEyU3dWhCOU07WNOj8zChdw/2Rg3yiXfDvPiCEA/ZmVNgRtwtSlU/BFrxp39nOkRxVzh1USIwOtk1l6nad4hyPMBRf21DmXpnIHPPzhajngnk2e2nuChYVUH3R0om6DmHciQw4ipSn3VC0b2RVd/ZvHx4ZUxbkwYX/6OB9asiRLyJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bRpEtEkfi75Q3vaKwv7Jn2a6DAu/crHTiH6CbOe7up8=; b=F92fcPUUqAfyBKsrxz/AfThGnmHDdC537mA7p08gdcsGw7yLWZUayKCgQDWU1x9S6xJ/CaLwT0rhFYa4XtOCwz9x6dF7729IlSld2A2iF698tBFraT5YyaMlXVhaFgBJB6slqLUbrTbQu5hGn52gTVcfbRymWLG23qAf1MP8YVfBuaJ4T2LMFsm7/XrnTXpLlw5mNYWgQug5m3xVQJicE399R3FmLU/pqCSLcfHTqTW9Ganc2qinbubOl3QMvd3p3FII+kiq1fearoRSkTZcsaE7aWFxluCwOFSKTgGQXDeEDVv5hPtSAEJPkQBhUXdo8WyzH0J5iyPaYqT5rV3sLg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bRpEtEkfi75Q3vaKwv7Jn2a6DAu/crHTiH6CbOe7up8=; b=xcd/9cFHEeb2G6BT735xvSzVAIqJQkiqAathNlhUxDu+ZIQxinbojct5N1PTwBNb65ZzKLD0k1cri5Obd/kxCZ/1ivxQp0U23ihkTBiRbQ1SSqXB3R+tbHA6hBIMTzj6j4B7e7/7TOb0CnqRUyIB+ELnr4gnGhdHH5u0O2bPD/0= Received: from CY4PR11MB1288.namprd11.prod.outlook.com (2603:10b6:903:23::8) by CY4PR1101MB2230.namprd11.prod.outlook.com (2603:10b6:910:1c::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3305.24; Wed, 19 Aug 2020 23:29:51 +0000 Received: from CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::163:9209:a92d:812]) by CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::163:9209:a92d:812%6]) with mapi id 15.20.3305.025; Wed, 19 Aug 2020 23:29:51 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "matthewfcarlson@gmail.com" CC: Ard Biesheuvel , "Wang, Jian J" , "Lu, XiaoyuX" Subject: Re: [edk2-devel] [PATCH v8 5/5] CryptoPkg: OpensslLib: Use RngLib to generate entropy in rand_pool Thread-Topic: [edk2-devel] [PATCH v8 5/5] CryptoPkg: OpensslLib: Use RngLib to generate entropy in rand_pool Thread-Index: AQHWdmA8iO6CYHkS1UmBYg/4qhmJrKlAFGxw Date: Wed, 19 Aug 2020 23:29:50 +0000 Message-ID: References: <20200819193712.1629-1-matthewfcarlson@gmail.com> <20200819193712.1629-6-matthewfcarlson@gmail.com> In-Reply-To: <20200819193712.1629-6-matthewfcarlson@gmail.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMWM5ODUzMWItYzk2MC00ZmJmLTgyY2UtNTc3NWE3NGNhOWJiIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoidTdkb3dOMVVDaHlJUnNXOEJ0RzhSMStXM1Ricm8xaUhnNTZ3N0VGMFFkTG9jYlI4WUxBSXordnlSRlJZMGtlZiJ9 x-ctpclassification: CTP_NT dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.208] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ad1a6914-1eda-4d06-9d93-08d84497c558 x-ms-traffictypediagnostic: CY4PR1101MB2230: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2043; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: GerVM8Er6QUTVTpFbMdLakPEO99buDBm3UB/ux54MA6M++2VMYcGvZAU+I67Y4VLjGXAYPKDM0sdvycz/HKVq+ubIfs/sumrE3AzV4pCDPkg9laOYl26G/Fr/TBfdX1wcj53PAoUg+KQsxHzlDCIyTo47U1IPV4Wg7of+MkhjyCbRA8jajYk66FtmzJRXBjsVS3WHEBTpEXn7/vCw1qAxAn6vF+OPSH/doH9M5xd0iB2fE9FUfoC1m6HST510cDrB9t27D5XmzdNWOtj99a2DEDaeO0p9iu9p0pH9PT1UGiNt1slOClp8DKW92g2lrt83JQViyHhBaW+wUOtJjOEPf7mXrXZsDhYmwdzXYpyMuoZXgPE+49xdHf+VRigWcMd90/FRFMEItPmVt8X6xzgyA== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR11MB1288.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(346002)(396003)(366004)(376002)(39860400002)(6506007)(2906002)(186003)(19627235002)(53546011)(33656002)(110136005)(966005)(5660300002)(71200400001)(30864003)(54906003)(8936002)(26005)(4326008)(83380400001)(8676002)(107886003)(9686003)(52536014)(55016002)(7696005)(86362001)(76116006)(478600001)(66946007)(66476007)(66446008)(316002)(66556008)(64756008);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: GLWbF8J+PbD4V1sGxOOXoUxCYy3kWZ6nkx7MeLOF+X7fH7TJjCn0/9dUFzBihiIslnW02bZBafRZBvDwGgpHDZuI8LbBiDSKcy0RBG5/BHbMxdaS020jd0ARuKZzRd0tjeKL7+rGsq/mq9P+WtSbMfLxO8Jx1dfKwC7z6CMH5SCqTObKHA2F/ts7uccVBLG5+8X+JunRyPFPdTJaWiStqmEsYoUEV/IjFoaVWIkrtd2tw9YTvYV/XQEth1i4yIAKd/VfAFmWzemvLd1pLvzsRhRnF+0s271MdxgS1T9izsHwoGJuo7wmU1uYAbkMOTCs8UU98mhtfnI0qO5AQVp+ll03ctX4zGqqvjIcY2AeZuc2fqw7qqnoFPe4M1lnxUOaBjJBut+FyL4JqGQ1aQb+zFmefinxfTvnyYZa+gsCJtC6EoaWX9PAu3on2dlzp7p2wnTb0nypBCVfnULTIXOMzAQv1g80SYhl7K9Bhzsc97Ikw6H8q3Mo0MLpY3d6lN188wKyPQfPXheXkOETNgPhzDGhAdLTGiumm4Fz3per7QH8V+TXWQfrEgnMoeQhv2I+jdf9Dr7RkNhYI1KnOk0kZkig/b4mEQj2F9qN6iQ64x23mL6FZBcwc/RCLrJgrwfN7RBLRoa3/cYwHr3hxq29MA== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1288.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ad1a6914-1eda-4d06-9d93-08d84497c558 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2020 23:29:51.0026 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: cTFJN46hP82kYbVyzpXs3alaxAiHEYHtd7ELLYyqnUliF4s6LH1CbTLSzophqlKbmW/mpAkpX/8xvW9YVABppQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1101MB2230 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen Yao > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Matthew > Carlson > Sent: Thursday, August 20, 2020 3:37 AM > To: devel@edk2.groups.io > Cc: Ard Biesheuvel ; Yao, Jiewen > ; Wang, Jian J ; Lu, XiaoyuX > ; Yao, Jiewen ; Matthew > Carlson > Subject: [edk2-devel] [PATCH v8 5/5] CryptoPkg: OpensslLib: Use RngLib to > generate entropy in rand_pool >=20 > From: Matthew Carlson >=20 > Ref: https://github.com/tianocore/edk2/pull/845 > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1871 >=20 > Changes OpenSSL to no longer depend on TimerLib and instead use RngLib. > This allows platforms to decide for themsevles what sort of entropy sourc= e > they provide to OpenSSL and TlsLib. >=20 > Cc: Ard Biesheuvel > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Xiaoyu Lu >=20 > Acked-by: Ard Biesheuvel > Reviewed-by: Jiewen Yao > Signed-off-by: Matthew Carlson > --- > CryptoPkg/Library/OpensslLib/rand_pool.c | 265 +++++----------= ----- > CryptoPkg/Library/OpensslLib/rand_pool_noise.c | 29 --- > CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c | 43 ---- > CryptoPkg/CryptoPkg.dsc | 1 + > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 15 +- > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 15 +- > CryptoPkg/Library/OpensslLib/rand_pool_noise.h | 29 --- > 7 files changed, 63 insertions(+), 334 deletions(-) >=20 > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c > b/CryptoPkg/Library/OpensslLib/rand_pool.c > index 9e0179b03490..490b9e2f4692 100644 > --- a/CryptoPkg/Library/OpensslLib/rand_pool.c > +++ b/CryptoPkg/Library/OpensslLib/rand_pool.c > @@ -2,8 +2,8 @@ > OpenSSL_1_1_1b doesn't implement rand_pool_* functions for UEFI. >=20 > The file implement these functions. >=20 >=20 >=20 > -Copyright (c) 2019, Intel Corporation. All rights reserved.
>=20 > -SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > + Copyright (c) 2019, Intel Corporation. All rights reserved.
>=20 > + SPDX-License-Identifier: BSD-2-Clause-Patent >=20 >=20 >=20 > **/ >=20 >=20 >=20 > @@ -11,53 +11,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include >=20 >=20 >=20 > #include >=20 > -#include >=20 > - >=20 > -#include "rand_pool_noise.h" >=20 > - >=20 > -/** >=20 > - Get some randomness from low-order bits of GetPerformanceCounter resul= ts. >=20 > - And combine them to the 64-bit value >=20 > - >=20 > - @param[out] Rand Buffer pointer to store the 64-bit random value. >=20 > - >=20 > - @retval TRUE Random number generated successfully. >=20 > - @retval FALSE Failed to generate. >=20 > -**/ >=20 > -STATIC >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -GetRandNoise64FromPerformanceCounter( >=20 > - OUT UINT64 *Rand >=20 > - ) >=20 > -{ >=20 > - UINT32 Index; >=20 > - UINT32 *RandPtr; >=20 > - >=20 > - if (NULL =3D=3D Rand) { >=20 > - return FALSE; >=20 > - } >=20 > - >=20 > - RandPtr =3D (UINT32 *) Rand; >=20 > - >=20 > - for (Index =3D 0; Index < 2; Index ++) { >=20 > - *RandPtr =3D (UINT32) (GetPerformanceCounter () & 0xFF); >=20 > - MicroSecondDelay (10); >=20 > - RandPtr++; >=20 > - } >=20 > - >=20 > - return TRUE; >=20 > -} >=20 > +#include >=20 >=20 >=20 > /** >=20 > Calls RandomNumber64 to fill >=20 > a buffer of arbitrary size with random bytes. >=20 > + This is a shim layer to RngLib. >=20 >=20 >=20 > @param[in] Length Size of the buffer, in bytes, to fill with= . >=20 > @param[out] RandBuffer Pointer to the buffer to store the random r= esult. >=20 >=20 >=20 > - @retval EFI_SUCCESS Random bytes generation succeeded. >=20 > - @retval EFI_NOT_READY Failed to request random bytes. >=20 > + @retval TRUE Random bytes generation succeeded. >=20 > + @retval FALSE Failed to request random bytes. >=20 >=20 >=20 > **/ >=20 > STATIC >=20 > @@ -65,7 +30,7 @@ BOOLEAN > EFIAPI >=20 > RandGetBytes ( >=20 > IN UINTN Length, >=20 > - OUT UINT8 *RandBuffer >=20 > + OUT UINT8 *RandBuffer >=20 > ) >=20 > { >=20 > BOOLEAN Ret; >=20 > @@ -73,17 +38,17 @@ RandGetBytes ( >=20 >=20 > Ret =3D FALSE; >=20 >=20 >=20 > + if (RandBuffer =3D=3D NULL) { >=20 > + DEBUG((DEBUG_ERROR, "[OPENSSL_RAND_POOL] NULL RandBuffer. No > random numbers are generated and your system is not secure\n")); >=20 > + ASSERT (RandBuffer !=3D NULL); // Since we can't generate random num= bers, > we should assert. Otherwise we will just blow up later. >=20 > + return Ret; >=20 > + } >=20 > + >=20 > + >=20 > while (Length > 0) { >=20 > - // >=20 > - // Get random noise from platform. >=20 > - // If it failed, fallback to PerformanceCounter >=20 > - // If you really care about security, you must override >=20 > - // GetRandomNoise64FromPlatform. >=20 > - // >=20 > - Ret =3D GetRandomNoise64 (&TempRand); >=20 > - if (Ret =3D=3D FALSE) { >=20 > - Ret =3D GetRandNoise64FromPerformanceCounter (&TempRand); >=20 > - } >=20 > + // Use RngLib to get random number >=20 > + Ret =3D GetRandomNumber64 (&TempRand); >=20 > + >=20 > if (!Ret) { >=20 > return Ret; >=20 > } >=20 > @@ -91,7 +56,8 @@ RandGetBytes ( > *((UINT64*) RandBuffer) =3D TempRand; >=20 > RandBuffer +=3D sizeof (UINT64); >=20 > Length -=3D sizeof (TempRand); >=20 > - } else { >=20 > + } >=20 > + else { >=20 > CopyMem (RandBuffer, &TempRand, Length); >=20 > Length =3D 0; >=20 > } >=20 > @@ -100,125 +66,6 @@ RandGetBytes ( > return Ret; >=20 > } >=20 >=20 >=20 > -/** >=20 > - Creates a 128bit random value that is fully forward and backward predi= ction > resistant, >=20 > - suitable for seeding a NIST SP800-90 Compliant. >=20 > - This function takes multiple random numbers from PerformanceCounter to > ensure reseeding >=20 > - and performs AES-CBC-MAC over the data to compute the seed value. >=20 > - >=20 > - @param[out] SeedBuffer Pointer to a 128bit buffer to store the ran= dom > seed. >=20 > - >=20 > - @retval TRUE Random seed generation succeeded. >=20 > - @retval FALSE Failed to request random bytes. >=20 > - >=20 > -**/ >=20 > -STATIC >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -RandGetSeed128 ( >=20 > - OUT UINT8 *SeedBuffer >=20 > - ) >=20 > -{ >=20 > - BOOLEAN Ret; >=20 > - UINT8 RandByte[16]; >=20 > - UINT8 Key[16]; >=20 > - UINT8 Ffv[16]; >=20 > - UINT8 Xored[16]; >=20 > - UINT32 Index; >=20 > - UINT32 Index2; >=20 > - AES_KEY AESKey; >=20 > - >=20 > - // >=20 > - // Chose an arbitrary key and zero the feed_forward_value (FFV) >=20 > - // >=20 > - for (Index =3D 0; Index < 16; Index++) { >=20 > - Key[Index] =3D (UINT8) Index; >=20 > - Ffv[Index] =3D 0; >=20 > - } >=20 > - >=20 > - AES_set_encrypt_key (Key, 16 * 8, &AESKey); >=20 > - >=20 > - // >=20 > - // Perform CBC_MAC over 32 * 128 bit values, with 10us gaps between 12= 8 bit > value >=20 > - // The 10us gaps will ensure multiple reseeds within the system time w= ith a > large >=20 > - // design margin. >=20 > - // >=20 > - for (Index =3D 0; Index < 32; Index++) { >=20 > - MicroSecondDelay (10); >=20 > - Ret =3D RandGetBytes (16, RandByte); >=20 > - if (!Ret) { >=20 > - return Ret; >=20 > - } >=20 > - >=20 > - // >=20 > - // Perform XOR operations on two 128-bit value. >=20 > - // >=20 > - for (Index2 =3D 0; Index2 < 16; Index2++) { >=20 > - Xored[Index2] =3D RandByte[Index2] ^ Ffv[Index2]; >=20 > - } >=20 > - >=20 > - AES_encrypt (Xored, Ffv, &AESKey); >=20 > - } >=20 > - >=20 > - for (Index =3D 0; Index < 16; Index++) { >=20 > - SeedBuffer[Index] =3D Ffv[Index]; >=20 > - } >=20 > - >=20 > - return Ret; >=20 > -} >=20 > - >=20 > -/** >=20 > - Generate high-quality entropy source. >=20 > - >=20 > - @param[in] Length Size of the buffer, in bytes, to fill with. >=20 > - @param[out] Entropy Pointer to the buffer to store the entropy = data. >=20 > - >=20 > - @retval EFI_SUCCESS Entropy generation succeeded. >=20 > - @retval EFI_NOT_READY Failed to request random data. >=20 > - >=20 > -**/ >=20 > -STATIC >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -RandGenerateEntropy ( >=20 > - IN UINTN Length, >=20 > - OUT UINT8 *Entropy >=20 > - ) >=20 > -{ >=20 > - BOOLEAN Ret; >=20 > - UINTN BlockCount; >=20 > - UINT8 Seed[16]; >=20 > - UINT8 *Ptr; >=20 > - >=20 > - BlockCount =3D Length / 16; >=20 > - Ptr =3D (UINT8 *) Entropy; >=20 > - >=20 > - // >=20 > - // Generate high-quality seed for DRBG Entropy >=20 > - // >=20 > - while (BlockCount > 0) { >=20 > - Ret =3D RandGetSeed128 (Seed); >=20 > - if (!Ret) { >=20 > - return Ret; >=20 > - } >=20 > - CopyMem (Ptr, Seed, 16); >=20 > - >=20 > - BlockCount--; >=20 > - Ptr =3D Ptr + 16; >=20 > - } >=20 > - >=20 > - // >=20 > - // Populate the remained data as request. >=20 > - // >=20 > - Ret =3D RandGetSeed128 (Seed); >=20 > - if (!Ret) { >=20 > - return Ret; >=20 > - } >=20 > - CopyMem (Ptr, Seed, (Length % 16)); >=20 > - >=20 > - return Ret; >=20 > -} >=20 > - >=20 > /* >=20 > * Add random bytes to the pool to acquire requested amount of entropy >=20 > * >=20 > @@ -227,27 +74,31 @@ RandGenerateEntropy ( > * >=20 > * This is OpenSSL required interface. >=20 > */ >=20 > -size_t rand_pool_acquire_entropy(RAND_POOL *pool) >=20 > +size_t >=20 > +rand_pool_acquire_entropy ( >=20 > + RAND_POOL *pool >=20 > + ) >=20 > { >=20 > - BOOLEAN Ret; >=20 > - size_t bytes_needed; >=20 > - unsigned char * buffer; >=20 > + BOOLEAN Ret; >=20 > + size_t bytes_needed; >=20 > + unsigned char *buffer; >=20 >=20 >=20 > - bytes_needed =3D rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); >=20 > + bytes_needed =3D rand_pool_bytes_needed (pool, 1 /*entropy_factor*/); >=20 > if (bytes_needed > 0) { >=20 > - buffer =3D rand_pool_add_begin(pool, bytes_needed); >=20 > + buffer =3D rand_pool_add_begin (pool, bytes_needed); >=20 >=20 >=20 > if (buffer !=3D NULL) { >=20 > - Ret =3D RandGenerateEntropy(bytes_needed, buffer); >=20 > + Ret =3D RandGetBytes (bytes_needed, buffer); >=20 > if (FALSE =3D=3D Ret) { >=20 > - rand_pool_add_end(pool, 0, 0); >=20 > - } else { >=20 > - rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed); >=20 > + rand_pool_add_end (pool, 0, 0); >=20 > + } >=20 > + else { >=20 > + rand_pool_add_end (pool, bytes_needed, 8 * bytes_needed); >=20 > } >=20 > } >=20 > } >=20 >=20 >=20 > - return rand_pool_entropy_available(pool); >=20 > + return rand_pool_entropy_available (pool); >=20 > } >=20 >=20 >=20 > /* >=20 > @@ -255,17 +106,15 @@ size_t rand_pool_acquire_entropy(RAND_POOL > *pool) > * >=20 > * This is OpenSSL required interface. >=20 > */ >=20 > -int rand_pool_add_nonce_data(RAND_POOL *pool) >=20 > +int >=20 > +rand_pool_add_nonce_data ( >=20 > + RAND_POOL *pool >=20 > + ) >=20 > { >=20 > - struct { >=20 > - UINT64 Rand; >=20 > - UINT64 TimerValue; >=20 > - } data =3D { 0 }; >=20 > + UINT8 data[16]; >=20 > + RandGetBytes (sizeof(data), data); >=20 >=20 >=20 > - RandGetBytes(8, (UINT8 *)&(data.Rand)); >=20 > - data.TimerValue =3D GetPerformanceCounter(); >=20 > - >=20 > - return rand_pool_add(pool, (unsigned char*)&data, sizeof(data), 0); >=20 > + return rand_pool_add (pool, (unsigned char*)&data, sizeof(data), 0); >=20 > } >=20 >=20 >=20 > /* >=20 > @@ -273,17 +122,15 @@ int rand_pool_add_nonce_data(RAND_POOL *pool) > * >=20 > * This is OpenSSL required interface. >=20 > */ >=20 > -int rand_pool_add_additional_data(RAND_POOL *pool) >=20 > +int >=20 > +rand_pool_add_additional_data ( >=20 > + RAND_POOL *pool >=20 > + ) >=20 > { >=20 > - struct { >=20 > - UINT64 Rand; >=20 > - UINT64 TimerValue; >=20 > - } data =3D { 0 }; >=20 > - >=20 > - RandGetBytes(8, (UINT8 *)&(data.Rand)); >=20 > - data.TimerValue =3D GetPerformanceCounter(); >=20 > + UINT8 data[16]; >=20 > + RandGetBytes (sizeof(data), data); >=20 >=20 >=20 > - return rand_pool_add(pool, (unsigned char*)&data, sizeof(data), 0); >=20 > + return rand_pool_add (pool, (unsigned char*)&data, sizeof(data), 0); >=20 > } >=20 >=20 >=20 > /* >=20 > @@ -291,7 +138,10 @@ int rand_pool_add_additional_data(RAND_POOL *pool) > * >=20 > * This is OpenSSL required interface. >=20 > */ >=20 > -int rand_pool_init(void) >=20 > +int >=20 > +rand_pool_init ( >=20 > + VOID >=20 > + ) >=20 > { >=20 > return 1; >=20 > } >=20 > @@ -301,7 +151,10 @@ int rand_pool_init(void) > * >=20 > * This is OpenSSL required interface. >=20 > */ >=20 > -void rand_pool_cleanup(void) >=20 > +VOID >=20 > +rand_pool_cleanup( >=20 > + VOID >=20 > + ) >=20 > { >=20 > } >=20 >=20 >=20 > @@ -310,7 +163,9 @@ void rand_pool_cleanup(void) > * >=20 > * This is OpenSSL required interface. >=20 > */ >=20 > -void rand_pool_keep_random_devices_open(int keep) >=20 > +VOID >=20 > +rand_pool_keep_random_devices_open ( >=20 > + int keep >=20 > + ) >=20 > { >=20 > } >=20 > - >=20 > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool_noise.c > b/CryptoPkg/Library/OpensslLib/rand_pool_noise.c > deleted file mode 100644 > index 212834e27acc..000000000000 > --- a/CryptoPkg/Library/OpensslLib/rand_pool_noise.c > +++ /dev/null > @@ -1,29 +0,0 @@ > -/** @file >=20 > - Provide rand noise source. >=20 > - >=20 > -Copyright (c) 2019, Intel Corporation. All rights reserved.
>=20 > -SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > - >=20 > -**/ >=20 > - >=20 > -#include >=20 > - >=20 > -/** >=20 > - Get 64-bit noise source >=20 > - >=20 > - @param[out] Rand Buffer pointer to store 64-bit noise source >=20 > - >=20 > - @retval FALSE Failed to generate >=20 > -**/ >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -GetRandomNoise64 ( >=20 > - OUT UINT64 *Rand >=20 > - ) >=20 > -{ >=20 > - // >=20 > - // Return FALSE will fallback to use PerformanceCounter to >=20 > - // generate noise. >=20 > - // >=20 > - return FALSE; >=20 > -} >=20 > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > b/CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > deleted file mode 100644 > index 4158106231fd..000000000000 > --- a/CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > +++ /dev/null > @@ -1,43 +0,0 @@ > -/** @file >=20 > - Provide rand noise source. >=20 > - >=20 > -Copyright (c) 2019, Intel Corporation. All rights reserved.
>=20 > -SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > - >=20 > -**/ >=20 > - >=20 > -#include >=20 > -#include >=20 > -#include >=20 > - >=20 > -/** >=20 > - Get 64-bit noise source >=20 > - >=20 > - @param[out] Rand Buffer pointer to store 64-bit noise source >=20 > - >=20 > - @retval TRUE Get randomness successfully. >=20 > - @retval FALSE Failed to generate >=20 > -**/ >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -GetRandomNoise64 ( >=20 > - OUT UINT64 *Rand >=20 > - ) >=20 > -{ >=20 > - UINT32 Index; >=20 > - UINT32 *RandPtr; >=20 > - >=20 > - if (NULL =3D=3D Rand) { >=20 > - return FALSE; >=20 > - } >=20 > - >=20 > - RandPtr =3D (UINT32 *)Rand; >=20 > - >=20 > - for (Index =3D 0; Index < 2; Index ++) { >=20 > - *RandPtr =3D (UINT32) ((AsmReadTsc ()) & 0xFF); >=20 > - RandPtr++; >=20 > - MicroSecondDelay (10); >=20 > - } >=20 > - >=20 > - return TRUE; >=20 > -} >=20 > diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc > index 1af78468a19c..0490eeb7e22f 100644 > --- a/CryptoPkg/CryptoPkg.dsc > +++ b/CryptoPkg/CryptoPkg.dsc > @@ -60,6 +60,7 @@ > BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf >=20 > TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf >=20 > HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf >=20 > + RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf >=20 >=20 >=20 > [LibraryClasses.ARM, LibraryClasses.AARCH64] >=20 > # >=20 > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > index cc27b8c57cb3..b00bb74ce67e 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > @@ -571,22 +571,9 @@ > $(OPENSSL_PATH)/ssl/statem/statem_local.h >=20 > # Autogenerated files list ends here >=20 > buildinf.h >=20 > - rand_pool_noise.h >=20 > ossl_store.c >=20 > rand_pool.c >=20 >=20 >=20 > -[Sources.Ia32] >=20 > - rand_pool_noise_tsc.c >=20 > - >=20 > -[Sources.X64] >=20 > - rand_pool_noise_tsc.c >=20 > - >=20 > -[Sources.ARM] >=20 > - rand_pool_noise.c >=20 > - >=20 > -[Sources.AARCH64] >=20 > - rand_pool_noise.c >=20 > - >=20 > [Packages] >=20 > MdePkg/MdePkg.dec >=20 > CryptoPkg/CryptoPkg.dec >=20 > @@ -594,7 +581,7 @@ > [LibraryClasses] >=20 > BaseLib >=20 > DebugLib >=20 > - TimerLib >=20 > + RngLib >=20 > PrintLib >=20 >=20 >=20 > [LibraryClasses.ARM] >=20 > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > index 616ccd9f62d1..3557711bd85a 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > @@ -520,22 +520,9 @@ > $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h >=20 > # Autogenerated files list ends here >=20 > buildinf.h >=20 > - rand_pool_noise.h >=20 > ossl_store.c >=20 > rand_pool.c >=20 >=20 >=20 > -[Sources.Ia32] >=20 > - rand_pool_noise_tsc.c >=20 > - >=20 > -[Sources.X64] >=20 > - rand_pool_noise_tsc.c >=20 > - >=20 > -[Sources.ARM] >=20 > - rand_pool_noise.c >=20 > - >=20 > -[Sources.AARCH64] >=20 > - rand_pool_noise.c >=20 > - >=20 > [Packages] >=20 > MdePkg/MdePkg.dec >=20 > CryptoPkg/CryptoPkg.dec >=20 > @@ -543,7 +530,7 @@ > [LibraryClasses] >=20 > BaseLib >=20 > DebugLib >=20 > - TimerLib >=20 > + RngLib >=20 > PrintLib >=20 >=20 >=20 > [LibraryClasses.ARM] >=20 > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool_noise.h > b/CryptoPkg/Library/OpensslLib/rand_pool_noise.h > deleted file mode 100644 > index 75acc686a9f1..000000000000 > --- a/CryptoPkg/Library/OpensslLib/rand_pool_noise.h > +++ /dev/null > @@ -1,29 +0,0 @@ > -/** @file >=20 > - Provide rand noise source. >=20 > - >=20 > -Copyright (c) 2019, Intel Corporation. All rights reserved.
>=20 > -SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > - >=20 > -**/ >=20 > - >=20 > -#ifndef __RAND_POOL_NOISE_H__ >=20 > -#define __RAND_POOL_NOISE_H__ >=20 > - >=20 > -#include >=20 > - >=20 > -/** >=20 > - Get 64-bit noise source. >=20 > - >=20 > - @param[out] Rand Buffer pointer to store 64-bit noise source >=20 > - >=20 > - @retval TRUE Get randomness successfully. >=20 > - @retval FALSE Failed to generate >=20 > -**/ >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -GetRandomNoise64 ( >=20 > - OUT UINT64 *Rand >=20 > - ); >=20 > - >=20 > - >=20 > -#endif // __RAND_POOL_NOISE_H__ >=20 > -- > 2.28.0.windows.1 >=20 >=20 > -=3D-=3D-=3D-=3D-=3D-=3D > Groups.io Links: You receive all messages sent to this group. >=20 > View/Reply Online (#64470): https://edk2.groups.io/g/devel/message/64470 > Mute This Topic: https://groups.io/mt/76294219/1772286 > Group Owner: devel+owner@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub [jiewen.yao@intel.com] > -=3D-=3D-=3D-=3D-=3D-=3D