From: "Wang, Jian J" <jian.j.wang@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"lersek@redhat.com" <lersek@redhat.com>,
"Lu, XiaoyuX" <xiaoyux.lu@intel.com>
Cc: "Ye, Ting" <ting.ye@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Date: Fri, 10 May 2019 10:26:35 +0000 [thread overview]
Message-ID: <D827630B58408649ACB04F44C5100036258F7F64@SHSMSX107.ccr.corp.intel.com> (raw)
In-Reply-To: <38ff9c2f-1d16-4719-18f6-07e84e4d8bf8@redhat.com>
Hi Laszlo,
rand_* is needed by openssl itself. BaseCryptLib also provide RandomSeed()
and RandomBytes() interface to wrap openssl rand functionality. We can't
just drop them. From platform independent perspective, using performance
counter is the best choice we have. If we want to achieve the uttermost
secure mechanism, only hardware seed/rand generator can meet it. Do you
agree to add cpu specific instruction to do that? For those processors
which don't support seed/rand generation, we have to fall back to performance
counter.
Another option is that we could make use of EFI_RNG_PROTOCOL. According
to UEFI spec (see below), it can be used to get entropy.
"This protocol is used to provide random numbers for use in applications,
or entropy for seeding other random number generators."
Again, we could use performance counter as a fall back if EFI_RNG_PROTOCOL
is not provided by a platform. So if a platform really care about the security,
it should provide a EFI_RNG_PROTOCOL. This can also help to hide the
hardware/platform dependency.
Regards,
Jian
> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> Laszlo Ersek
> Sent: Friday, May 10, 2019 1:30 AM
> To: devel@edk2.groups.io; Lu, XiaoyuX <xiaoyux.lu@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting <ting.ye@intel.com>
> Subject: Re: [edk2-devel] [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b
>
> On 05/09/19 19:15, Laszlo Ersek wrote:
>
> > How about the following:
> >
> > - It seems like we cannot convince OpenSSL to *never* call these
> > functions, under UEFI.
> >
> > - We also cannot provide an implementation that is *guaranteed* to be
> > secure enough, IMO.
> >
> > - It seems like these functions *should* never be called in the edk2
> > build however, given that we're not trying to do anything "new" with
> > OpenSSL in edk2 -- we just want to use the new OpenSSL release for the
> > same old things.
> >
> > - So why not just ensure that these functions *never return*?
> >
> > (1) Basically implement all of the functions like this:
> >
> > ASSERT (FALSE);
> > CpuDeadLoop ();
> > //
> > // if a return value is needed
> > //
> > return 0;
> >
> > What do you think about this approach?
>
> I notice that "rand" is another module in OpenSSL.
>
> Can we try adding "no-rand" to our Configure invocation? Perhaps the
> need for all of the rand_* functions goes away then.
>
> Thanks
> Laszlo
>
>
next prev parent reply other threads:[~2019-05-10 10:26 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-09 5:23 [PATCH v2 1/6] CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL Xiaoyu lu
2019-05-09 5:23 ` [PATCH v2 2/6] CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl Xiaoyu lu
2019-05-09 13:42 ` [edk2-devel] " Laszlo Ersek
2019-05-10 8:51 ` Xiaoyu lu
2019-05-13 15:12 ` Laszlo Ersek
2019-05-14 12:41 ` Xiaoyu lu
2019-05-14 15:11 ` Laszlo Ersek
2019-05-09 5:23 ` [PATCH v2 3/6] CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue Xiaoyu lu
2019-05-09 17:16 ` [edk2-devel] " Laszlo Ersek
2019-05-09 5:23 ` [PATCH v2 4/6] CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL Xiaoyu lu
2019-05-09 13:48 ` [edk2-devel] " Laszlo Ersek
2019-05-09 5:23 ` [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b Xiaoyu lu
2019-05-09 17:15 ` [edk2-devel] " Laszlo Ersek
2019-05-09 17:30 ` Laszlo Ersek
2019-05-10 10:26 ` Wang, Jian J [this message]
2019-05-13 16:14 ` Laszlo Ersek
2019-05-14 7:03 ` Wang, Jian J
2019-05-14 10:58 ` Laszlo Ersek
2019-05-14 13:25 ` Wang, Jian J
2019-05-14 15:08 ` Laszlo Ersek
2019-05-09 20:58 ` Laszlo Ersek
2019-05-10 8:51 ` Xiaoyu lu
2019-05-09 5:23 ` [PATCH v2 6/6] CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible Xiaoyu lu
2019-05-09 14:01 ` [edk2-devel] " Laszlo Ersek
2019-05-09 14:20 ` Wang, Jian J
2019-05-09 21:34 ` Laszlo Ersek
2019-05-09 11:32 ` [edk2-devel] [PATCH v2 1/6] CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D827630B58408649ACB04F44C5100036258F7F64@SHSMSX107.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox