From: "Wang, Jian J" <jian.j.wang@intel.com>
To: "Ni, Ray" <ray.ni@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Yao, Jiewen" <jiewen.yao@intel.com>,
"Zhang, Chao B" <chao.b.zhang@intel.com>,
"Kinney, Michael D" <michael.d.kinney@intel.com>,
"Gao, Liming" <liming.gao@intel.com>,
Laszlo Ersek <lersek@redhat.com>,
"Ard Biesheuvel" <ard.biesheuvel@linaro.org>
Subject: Re: [PATCH] SecurityPkg/RngLibNull: add null version of RngLib
Date: Tue, 12 Nov 2019 07:31:04 +0000 [thread overview]
Message-ID: <D827630B58408649ACB04F44C5100036259AD84E@SHSMSX107.ccr.corp.intel.com> (raw)
In-Reply-To: <734D49CCEBEEF84792F5B80ED585239D5C35A54E@SHSMSX104.ccr.corp.intel.com>
Yes, currently only those doing encryption/hash (like TLS, HddPassword) needs
random number explicitly. But sometimes it's hard to tell because random might
be needed deeply inside other operations. The ASSERT will help to find out that
situation.
Maybe I should use "link" instead of "use".
Regards,
Jian
> -----Original Message-----
> From: Ni, Ray <ray.ni@intel.com>
> Sent: Tuesday, November 12, 2019 3:20 PM
> To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zhang, Chao B
> <chao.b.zhang@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>;
> Gao, Liming <liming.gao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Ard
> Biesheuvel <ard.biesheuvel@linaro.org>
> Subject: RE: [PATCH] SecurityPkg/RngLibNull: add null version of RngLib
>
> Does a real platform that requires no random number exist?
> If it doesn't, I agree with this implementation but please adjust the commit
> message
> to say it's just for pass build.
>
> If it does, I prefer to remove the "ASSERT".
>
> Either way, I just feel the commit message may mislead platforms to use
> this instance but they will hit assertion.
>
> Thanks,
> Ray
>
>
> > -----Original Message-----
> > From: Wang, Jian J <jian.j.wang@intel.com>
> > Sent: Tuesday, November 12, 2019 3:16 PM
> > To: Ni, Ray <ray.ni@intel.com>; devel@edk2.groups.io
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zhang, Chao B
> > <chao.b.zhang@intel.com>; Kinney, Michael D
> > <michael.d.kinney@intel.com>; Gao, Liming <liming.gao@intel.com>; Laszlo
> > Ersek <lersek@redhat.com>; Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > Subject: RE: [PATCH] SecurityPkg/RngLibNull: add null version of RngLib
> >
> > Since OpensslLib will depend on RngLib, we should give an instance of it
> > anyway, even for those who don't need it. Otherwise the build will fail.
> > What's your suggestion for the message?
> >
> > Regards,
> > Jian
> >
> > > -----Original Message-----
> > > From: Ni, Ray <ray.ni@intel.com>
> > > Sent: Tuesday, November 12, 2019 3:05 PM
> > > To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io
> > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zhang, Chao B
> > > <chao.b.zhang@intel.com>; Kinney, Michael D
> > > <michael.d.kinney@intel.com>; Gao, Liming <liming.gao@intel.com>;
> > > Laszlo Ersek <lersek@redhat.com>; Ard Biesheuvel
> > > <ard.biesheuvel@linaro.org>
> > > Subject: RE: [PATCH] SecurityPkg/RngLibNull: add null version of
> > > RngLib
> > >
> > > Jian,
> > > But the commit message is:
> > > "This is null version of RngLib which is used for those platforms or
> > > components which don't need random number."
> > >
> > > Thanks,
> > > Ray
> > >
> > > > -----Original Message-----
> > > > From: Wang, Jian J <jian.j.wang@intel.com>
> > > > Sent: Tuesday, November 12, 2019 2:58 PM
> > > > To: Ni, Ray <ray.ni@intel.com>; devel@edk2.groups.io
> > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zhang, Chao B
> > > > <chao.b.zhang@intel.com>; Kinney, Michael D
> > > > <michael.d.kinney@intel.com>; Gao, Liming <liming.gao@intel.com>;
> > > > Laszlo Ersek <lersek@redhat.com>; Ard Biesheuvel
> > > > <ard.biesheuvel@linaro.org>
> > > > Subject: RE: [PATCH] SecurityPkg/RngLibNull: add null version of
> > > > RngLib
> > > >
> > > > Ray,
> > > >
> > > > It's for build only but not supposed to be *used* in a platform. If
> > > > a platform really wants a RngLib, the owners need to change the
> > > > instance to a proper one. ASSERT will tell them that. Otherwise, the
> > > > RngLib interface should not be called.
> > > >
> > > > Regards,
> > > > Jian
> > > >
> > > > > -----Original Message-----
> > > > > From: Ni, Ray <ray.ni@intel.com>
> > > > > Sent: Tuesday, November 12, 2019 2:30 PM
> > > > > To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io
> > > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zhang, Chao B
> > > > > <chao.b.zhang@intel.com>; Kinney, Michael D
> > > > > <michael.d.kinney@intel.com>; Gao, Liming <liming.gao@intel.com>;
> > > > > Laszlo Ersek <lersek@redhat.com>; Ard Biesheuvel
> > > > > <ard.biesheuvel@linaro.org>
> > > > > Subject: RE: [PATCH] SecurityPkg/RngLibNull: add null version of
> > > > > RngLib
> > > > >
> > > > > Jian,
> > > > > If we expect platform to use this library, probably
> > > > > "ASSERT(FALSE)" is not
> > > > proper.
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Wang, Jian J <jian.j.wang@intel.com>
> > > > > > Sent: Tuesday, November 12, 2019 1:56 PM
> > > > > > To: devel@edk2.groups.io
> > > > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zhang, Chao B
> > > > > > <chao.b.zhang@intel.com>; Kinney, Michael D
> > > > > > <michael.d.kinney@intel.com>; Gao, Liming
> > > > > > <liming.gao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Ard
> > > > > > Biesheuvel <ard.biesheuvel@linaro.org>; Ni, Ray
> > > > > > <ray.ni@intel.com>
> > > > > > Subject: [PATCH] SecurityPkg/RngLibNull: add null version of
> > > > > > RngLib
> > > > > >
> > > > > > This is null version of RngLib which is used for those platforms
> > > > > > or components which don't need random number.
> > > > > >
> > > > > > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1871
> > > > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > > > Cc: Chao Zhang <chao.b.zhang@intel.com>
> > > > > > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > > > > > Cc: Liming Gao <liming.gao@intel.com>
> > > > > > Cc: Laszlo Ersek <lersek@redhat.com>
> > > > > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > > > > > Cc: Ray Ni <ray.ni@intel.com>
> > > > > > Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> > > > > > ---
> > > > > > .../RngLibNull/RngLibNull.c | 95 +++++++++++++++++++
> > > > > > .../RngLibNull/RngLibNull.inf | 31 ++++++
> > > > > > .../RngLibNull/RngLibNull.uni | 14 +++
> > > > > > 3 files changed, 140 insertions(+) create mode 100644
> > > > > > SecurityPkg/RandomNumberGenerator/RngLibNull/RngLibNull.c
> > > > > > create mode 100644
> > > > > > SecurityPkg/RandomNumberGenerator/RngLibNull/RngLibNull.inf
> > > > > > create mode 100644
> > > > > > SecurityPkg/RandomNumberGenerator/RngLibNull/RngLibNull.uni
> > > > > >
> > > > > > diff --git
> > > > > > a/SecurityPkg/RandomNumberGenerator/RngLibNull/RngLibNull.c
> > > > > > b/SecurityPkg/RandomNumberGenerator/RngLibNull/RngLibNull.c
> > > > > > new file mode 100644
> > > > > > index 0000000000..13677abc84
> > > > > > --- /dev/null
> > > > > > +++
> > b/SecurityPkg/RandomNumberGenerator/RngLibNull/RngLibNull.c
> > > > > > @@ -0,0 +1,95 @@
> > > > > > +/** @file
> > > > > > + Null version of Random number generator services.
> > > > > > +
> > > > > > +Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> > > > > > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > > +
> > > > > > +**/
> > > > > > +
> > > > > > +#include <Library/BaseLib.h>
> > > > > > +#include <Library/DebugLib.h>
> > > > > > +#include <Library/RngLib.h>
> > > > > > +
> > > > > > +/**
> > > > > > + Generates a 16-bit random number.
> > > > > > +
> > > > > > + if Rand is NULL, then ASSERT().
> > > > > > +
> > > > > > + @param[out] Rand Buffer pointer to store the 16-bit random
> > value.
> > > > > > +
> > > > > > + @retval TRUE Random number generated successfully.
> > > > > > + @retval FALSE Failed to generate the random number.
> > > > > > +
> > > > > > +**/
> > > > > > +BOOLEAN
> > > > > > +EFIAPI
> > > > > > +GetRandomNumber16 (
> > > > > > + OUT UINT16 *Rand
> > > > > > + )
> > > > > > +{
> > > > > > + ASSERT (FALSE);
> > > > > > + return FALSE;
> > > > > > +}
> > > > > > +
> > > > > > +/**
> > > > > > + Generates a 32-bit random number.
> > > > > > +
> > > > > > + if Rand is NULL, then ASSERT().
> > > > > > +
> > > > > > + @param[out] Rand Buffer pointer to store the 32-bit random
> > value.
> > > > > > +
> > > > > > + @retval TRUE Random number generated successfully.
> > > > > > + @retval FALSE Failed to generate the random number.
> > > > > > +
> > > > > > +**/
> > > > > > +BOOLEAN
> > > > > > +EFIAPI
> > > > > > +GetRandomNumber32 (
> > > > > > + OUT UINT32 *Rand
> > > > > > + )
> > > > > > +{
> > > > > > + ASSERT (FALSE);
> > > > > > + return FALSE;
> > > > > > +}
> > > > > > +
> > > > > > +/**
> > > > > > + Generates a 64-bit random number.
> > > > > > +
> > > > > > + if Rand is NULL, then ASSERT().
> > > > > > +
> > > > > > + @param[out] Rand Buffer pointer to store the 64-bit random
> > value.
> > > > > > +
> > > > > > + @retval TRUE Random number generated successfully.
> > > > > > + @retval FALSE Failed to generate the random number.
> > > > > > +
> > > > > > +**/
> > > > > > +BOOLEAN
> > > > > > +EFIAPI
> > > > > > +GetRandomNumber64 (
> > > > > > + OUT UINT64 *Rand
> > > > > > + )
> > > > > > +{
> > > > > > + ASSERT (FALSE);
> > > > > > + return FALSE;
> > > > > > +}
> > > > > > +
> > > > > > +/**
> > > > > > + Generates a 128-bit random number.
> > > > > > +
> > > > > > + if Rand is NULL, then ASSERT().
> > > > > > +
> > > > > > + @param[out] Rand Buffer pointer to store the 128-bit random
> > value.
> > > > > > +
> > > > > > + @retval TRUE Random number generated successfully.
> > > > > > + @retval FALSE Failed to generate the random number.
> > > > > > +
> > > > > > +**/
> > > > > > +BOOLEAN
> > > > > > +EFIAPI
> > > > > > +GetRandomNumber128 (
> > > > > > + OUT UINT64 *Rand
> > > > > > + )
> > > > > > +{
> > > > > > + ASSERT (FALSE);
> > > > > > + return FALSE;
> > > > > > +}
> > > > > > diff --git
> > > > > > a/SecurityPkg/RandomNumberGenerator/RngLibNull/RngLibNull.inf
> > > > > > b/SecurityPkg/RandomNumberGenerator/RngLibNull/RngLibNull.inf
> > > > > > new file mode 100644
> > > > > > index 0000000000..f6494cdb82
> > > > > > --- /dev/null
> > > > > > +++
> > b/SecurityPkg/RandomNumberGenerator/RngLibNull/RngLibNull.in
> > > > > > +++ f
> > > > > > @@ -0,0 +1,31 @@
> > > > > > +## @file
> > > > > > +# Null instance of RNG (Random Number Generator) Library.
> > > > > > +#
> > > > > > +# Copyright (c) 2019, Intel Corporation. All rights
> > > > > > +reserved.<BR> # #
> > > > > > +SPDX-License-Identifier: BSD-2-Clause-Patent # ##
> > > > > > +
> > > > > > +[Defines]
> > > > > > + INF_VERSION = 0x00010005
> > > > > > + BASE_NAME = RngLibNull
> > > > > > + MODULE_UNI_FILE = RngLibNull.uni
> > > > > > + FILE_GUID = CD8991F8-2061-4084-8C9E-9C6F352DC58D
> > > > > > + MODULE_TYPE = BASE
> > > > > > + VERSION_STRING = 1.0
> > > > > > + LIBRARY_CLASS = RngLib
> > > > > > +
> > > > > > +#
> > > > > > +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
> > > > > > +#
> > > > > > +
> > > > > > +[Sources]
> > > > > > + RngLibNull.c
> > > > > > +
> > > > > > +[Packages]
> > > > > > + MdePkg/MdePkg.dec
> > > > > > +
> > > > > > +[LibraryClasses]
> > > > > > + BaseLib
> > > > > > + DebugLib
> > > > > > diff --git
> > > > > > a/SecurityPkg/RandomNumberGenerator/RngLibNull/RngLibNull.uni
> > > > > > b/SecurityPkg/RandomNumberGenerator/RngLibNull/RngLibNull.uni
> > > > > > new file mode 100644
> > > > > > index 0000000000..40b2ec3fe1
> > > > > > --- /dev/null
> > > > > > +++
> > b/SecurityPkg/RandomNumberGenerator/RngLibNull/RngLibNull.un
> > > > > > +++ i
> > > > > > @@ -0,0 +1,14 @@
> > > > > > +// /** @file
> > > > > > +// Null Instance of RNG (Random Number Generator) Library.
> > > > > > +//
> > > > > > +// Copyright (c) 2019, Intel Corporation. All rights
> > > > > > +reserved.<BR> // // SPDX-License-Identifier:
> > > > > > +BSD-2-Clause-Patent // // **/
> > > > > > +
> > > > > > +
> > > > > > +#string STR_MODULE_ABSTRACT #language en-US "Null
> > Instance
> > > > of
> > > > > > RNG Library"
> > > > > > +
> > > > > > +#string STR_MODULE_DESCRIPTION #language en-US "Caution:
> > > > This is
> > > > > > a null version of RNG library and SHOULD NOT be used on any
> > > > > > product
> > > > ever."
> > > > > > +
> > > > > > --
> > > > > > 2.17.1.windows.2
next prev parent reply other threads:[~2019-11-12 7:31 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-12 5:55 [PATCH] SecurityPkg/RngLibNull: add null version of RngLib Wang, Jian J
2019-11-12 6:29 ` Ni, Ray
2019-11-12 6:57 ` Wang, Jian J
2019-11-12 7:05 ` Ni, Ray
2019-11-12 7:15 ` Wang, Jian J
2019-11-12 7:20 ` Ni, Ray
2019-11-12 7:31 ` Wang, Jian J [this message]
2019-11-12 7:50 ` Laszlo Ersek
2019-11-12 7:56 ` [edk2-devel] " Wang, Jian J
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D827630B58408649ACB04F44C5100036259AD84E@SHSMSX107.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox