From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web10.3425.1595984944922624246 for ; Tue, 28 Jul 2020 18:09:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=M57S74hT; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: guomin.jiang@intel.com) IronPort-SDR: Yaqi+SwWSVqP8GVYGpd4aix3Nr5bm8yqJiMdSgd2oYHaDoL1R0rLj2nHt9XOBcP/cp9QMFQ8BI QxZNmogQ7UpQ== X-IronPort-AV: E=McAfee;i="6000,8403,9696"; a="130899824" X-IronPort-AV: E=Sophos;i="5.75,408,1589266800"; d="scan'208";a="130899824" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Jul 2020 18:09:03 -0700 IronPort-SDR: EbBEtxNpDGyqfp28jIX3T3XR1u+sgAXr/QoceQR/SzOGYero2oIka6TDEzsAtI6R3kKcFDUXCQ hmEvaCiEaWLQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,408,1589266800"; d="scan'208";a="490578328" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by fmsmga005.fm.intel.com with ESMTP; 28 Jul 2020 18:09:03 -0700 Received: from fmsmsx154.amr.corp.intel.com (10.18.116.70) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 28 Jul 2020 18:09:03 -0700 Received: from FMSEDG001.ED.cps.intel.com (10.1.192.133) by FMSMSX154.amr.corp.intel.com (10.18.116.70) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 28 Jul 2020 18:09:03 -0700 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.48) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 28 Jul 2020 18:08:54 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g9cTH61kvQHaH378AZm1YKTvX468z0MqtpGBWXnP6Xa9ZDVp9o+4zbiAVRuOFn3UsoDVFo1APJWEulnGr92aCGvTRxfV+M41l0DeaSiIo9ondcjOQnOE2RLgB/e2bQUA37Dh3CWJGoCj83atSAmbn7e7/ksxf5WB8PaQM0tlLpJ99HRfJEgZYMcyESsr7THgwISMqQ1ZaGGYZerDy4Ve9OfILjKkXL39tIqNf4qLvk2/ovK3+9vQyiai2TviX+U/dQqBYDYHEQVoqzbDx/4cGixaREThwh0wcdO3YISVOXzTzPwqqhcVoMRa2WcLoEQQB90DfVoFZsyuhtZJ37EqEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rmaOLodVcPHe40ubD/IP9s7pdtyIwkTswKu5R3gENDk=; b=cK4CSUYTW0VxH/oz9IhNUDICmhJqEeTqevCTDM10b4zWga6Zl6nR//PWEyiCx0bIXqNzGIde0dcsLOYRl7jTzC0mWgsKCY5dykUncDabu51u0nxleLwJMmrzApVg9KCAwA5re7fXR7ZqfAYIgoUbb1ZOmpC+EMx09SmARMIv/XrhyPtiE6JZ5Hs02/chy+B01Q46MV6mo9OztsYhdIVa2p+zZbmiT5UTr6dM6m3B+eEiTcLTbydTyUq63fJg/1XWMlnbojGTMol921kElQcWD9BcxHu1amZIlLdnGx6OWzAvU8qsKG6tHEiXsx3WU0PvrrliKf+Z0H8sHVbklMx3rA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rmaOLodVcPHe40ubD/IP9s7pdtyIwkTswKu5R3gENDk=; b=M57S74hTBHLoyFkmApPcv9+THeImHjgYGo5scz1EroOK4b0ZguROY8oZlsIhSUHa7lFXs1jO1JGNeFgLcEOvFbG4WLJE9/DP8vXdmXGyye+ye60wkrEVYDxI+WA9dvtkAd3/OdS9g9oGe21enoqcxxsFA8GFFRj1RaF3PlUbTXY= Received: from DM6PR11MB2955.namprd11.prod.outlook.com (2603:10b6:5:65::31) by DM6PR11MB3386.namprd11.prod.outlook.com (2603:10b6:5:5c::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.22; Wed, 29 Jul 2020 01:08:53 +0000 Received: from DM6PR11MB2955.namprd11.prod.outlook.com ([fe80::5c54:5012:5e60:c338]) by DM6PR11MB2955.namprd11.prod.outlook.com ([fe80::5c54:5012:5e60:c338%3]) with mapi id 15.20.3216.033; Wed, 29 Jul 2020 01:08:53 +0000 From: "Guomin Jiang" To: "devel@edk2.groups.io" , "matthewfcarlson@gmail.com" CC: "Yao, Jiewen" , "Wang, Jian J" , "Lu, XiaoyuX" Subject: Re: [edk2-devel] [PATCH v1 1/2] CryptoPkg: OpensslLib: Use RngLib to generate entropy in rand_pool Thread-Topic: [edk2-devel] [PATCH v1 1/2] CryptoPkg: OpensslLib: Use RngLib to generate entropy in rand_pool Thread-Index: AQHWZIHnrwNMbyPRbUCyVR6t8KCu1akdv3pg Date: Wed, 29 Jul 2020 01:08:53 +0000 Message-ID: References: <20200728015312.1023-1-matthewfcarlson@gmail.com> <20200728015312.1023-2-matthewfcarlson@gmail.com> In-Reply-To: <20200728015312.1023-2-matthewfcarlson@gmail.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.2.0.6 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.203] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a160ee18-b2c0-4b84-8aa1-08d8335bf621 x-ms-traffictypediagnostic: DM6PR11MB3386: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3173; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: zFWljBNpstd/jUJPvF0r2HTWO1qzYiorctJaoe/+IVsAMkevhBYXzCSw/6dI5uiUyTQGj6W8S3wFTvJ761YMREg5CqTiL4LOwT+4EdwHzSmnAzt9fWGnPLLzT7HVIjr4immbNhyYy5RwnkIgBjzWEHs0/a2T0Jl3R54aC8DuCevK78ZqSeJJUmmegCqdfBA5W0i6rh3GOQoJKajNK2maPgaCc8o5tARoHlcT1+8N1w/K1fFr+/PGWOereyESh1m04CwbP5R+K9UX5vQR7md3aWmsQYsPWGkxGNwYP4pmI7bcEW2+DFXwtSlgWlu5O5k1ZeO8zLIkw5JhNaq/9i5w/2F/yscLpsB7J6+u8jXu2TD8rCakj8plrXLMmZ/vV52deC33HtzDd89Fj22/N7vU2A== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR11MB2955.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(39860400002)(396003)(376002)(346002)(366004)(136003)(54906003)(86362001)(7696005)(5660300002)(26005)(8936002)(83380400001)(33656002)(9686003)(52536014)(110136005)(186003)(30864003)(76116006)(53546011)(55016002)(6506007)(19627235002)(966005)(66946007)(316002)(478600001)(8676002)(2906002)(66446008)(66476007)(64756008)(66556008)(71200400001)(4326008)(107886003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: nhmxzlCu6RXg7Krw34H3onzswGaZKvw1pntyqfbzf8X2jTcdup0iwLwOATkT+UYJmKZUpLiQLC3WUa/upkmWDz/4wlR0THNhDKnYlPJH5+KqaHV82T8em0SnyqpegVrXxzNkaZ+lSoKu9zLukbYK1DwG0Lsh3jJr9+89n6EiZ0oaRh+hgGypqWLc46RUqTUDhbNbFFOfvLqVNV/uQ8AxZVeGGQIjDhhY4TFPUIj1OMl749KfRxXXNtc6yuwH1u0MUHEAA6WKAbEhdolnmFJr8qYMNMV9IIyUh9gzaNTZb0TWumIPnlOT5+KnV+Apt0QAZpmONz3vOZPf1XXy4dD2CpxyIcwvtQCfitbMbzW/UrwChlMkDunaNf4kYzzGKKNKg4L2ZdzCslQiBMyODPLIr3jL9FWRSGKB5DArwAZnpYFu3fYBNN2BBIXIPW9fjEb6eVWfdWq2S1JOCH1EIzwaapFGvgIMjn2qK9uvibENxTVTSq4LVEtj6IXxTGrOJYxX MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB2955.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: a160ee18-b2c0-4b84-8aa1-08d8335bf621 X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jul 2020 01:08:53.5270 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: JwkkJSIIPNwKlVBaX7K+DKHEV01ltlsX9mxxNXmRHTrwIB14vkHn6n1hePOwm9iRYBA51Wv6/ZDBxm7z3X0Fqw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3386 Return-Path: guomin.jiang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Add comments inline > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of > Matthew Carlson > Sent: Tuesday, July 28, 2020 9:53 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J > ; Lu, XiaoyuX ; Matthew > Carlson > Subject: [edk2-devel] [PATCH v1 1/2] CryptoPkg: OpensslLib: Use RngLib to > generate entropy in rand_pool >=20 > From: Matthew Carlson >=20 > Changes OpenSSL to no longer depend on TimerLib and instead use RngLib. > This allows platforms to decide for themsevles what sort of entropy sourc= e > they provide to OpenSSL and TlsLib. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Xiaoyu Lu > Signed-off-by: Matthew Carlson > --- > CryptoPkg/Library/OpensslLib/rand_pool.c | 200 ++-------------= ----- > CryptoPkg/Library/OpensslLib/rand_pool_noise.c | 29 --- > CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c | 43 ----- > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 15 +- > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 15 +- > CryptoPkg/Library/OpensslLib/rand_pool_noise.h | 29 --- > 6 files changed, 20 insertions(+), 311 deletions(-) >=20 > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c > b/CryptoPkg/Library/OpensslLib/rand_pool.c > index 9e0179b03490..55bf6c9c6950 100644 > --- a/CryptoPkg/Library/OpensslLib/rand_pool.c > +++ b/CryptoPkg/Library/OpensslLib/rand_pool.c > @@ -11,44 +11,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include >=20 >=20 >=20 > #include >=20 > -#include >=20 > +#include >=20 >=20 >=20 > #include "rand_pool_noise.h" It seem that you delete the rand_pool_noise.h file, but forget to remove th= e header? >=20 >=20 >=20 > -/** >=20 > - Get some randomness from low-order bits of GetPerformanceCounter > results. >=20 > - And combine them to the 64-bit value >=20 > - >=20 > - @param[out] Rand Buffer pointer to store the 64-bit random value. >=20 > - >=20 > - @retval TRUE Random number generated successfully. >=20 > - @retval FALSE Failed to generate. >=20 > -**/ >=20 > -STATIC >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -GetRandNoise64FromPerformanceCounter( >=20 > - OUT UINT64 *Rand >=20 > - ) >=20 > -{ >=20 > - UINT32 Index; >=20 > - UINT32 *RandPtr; >=20 > - >=20 > - if (NULL =3D=3D Rand) { >=20 > - return FALSE; >=20 > - } >=20 > - >=20 > - RandPtr =3D (UINT32 *) Rand; >=20 > - >=20 > - for (Index =3D 0; Index < 2; Index ++) { >=20 > - *RandPtr =3D (UINT32) (GetPerformanceCounter () & 0xFF); >=20 > - MicroSecondDelay (10); >=20 > - RandPtr++; >=20 > - } >=20 > - >=20 > - return TRUE; >=20 > -} >=20 > - >=20 > /** >=20 > Calls RandomNumber64 to fill >=20 > a buffer of arbitrary size with random bytes. >=20 > @@ -56,8 +22,8 @@ GetRandNoise64FromPerformanceCounter( > @param[in] Length Size of the buffer, in bytes, to fill with= . >=20 > @param[out] RandBuffer Pointer to the buffer to store the random > result. >=20 >=20 >=20 > - @retval EFI_SUCCESS Random bytes generation succeeded. >=20 > - @retval EFI_NOT_READY Failed to request random bytes. >=20 > + @retval True Random bytes generation succeeded. >=20 > + @retval False Failed to request random bytes. >=20 >=20 >=20 > **/ >=20 > STATIC >=20 > @@ -73,17 +39,17 @@ RandGetBytes ( >=20 >=20 > Ret =3D FALSE; >=20 >=20 >=20 > + if (RandBuffer =3D=3D NULL) { >=20 > + DEBUG((DEBUG_ERROR, "[OPENSSL_RAND_POOL] NULL RandBuffer. No > random numbers are generated and your system is not secure\n")); >=20 > + ASSERT(FALSE); // Since we can't generate random numbers, we should > assert. Otherwise we will just blow up later. >=20 > + return Ret; >=20 > + } >=20 > + >=20 > + >=20 > while (Length > 0) { >=20 > - // >=20 > - // Get random noise from platform. >=20 > - // If it failed, fallback to PerformanceCounter >=20 > - // If you really care about security, you must override >=20 > - // GetRandomNoise64FromPlatform. >=20 > - // >=20 > - Ret =3D GetRandomNoise64 (&TempRand); >=20 > - if (Ret =3D=3D FALSE) { >=20 > - Ret =3D GetRandNoise64FromPerformanceCounter (&TempRand); >=20 > - } >=20 > + // Use RngLib to get random number >=20 > + Ret =3D GetRandomNumber64(&TempRand); >=20 > + >=20 > if (!Ret) { >=20 > return Ret; >=20 > } >=20 > @@ -100,125 +66,6 @@ RandGetBytes ( > return Ret; >=20 > } >=20 >=20 >=20 > -/** >=20 > - Creates a 128bit random value that is fully forward and backward predi= ction > resistant, >=20 > - suitable for seeding a NIST SP800-90 Compliant. >=20 > - This function takes multiple random numbers from PerformanceCounter to > ensure reseeding >=20 > - and performs AES-CBC-MAC over the data to compute the seed value. >=20 > - >=20 > - @param[out] SeedBuffer Pointer to a 128bit buffer to store the ran= dom > seed. >=20 > - >=20 > - @retval TRUE Random seed generation succeeded. >=20 > - @retval FALSE Failed to request random bytes. >=20 > - >=20 > -**/ >=20 > -STATIC >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -RandGetSeed128 ( >=20 > - OUT UINT8 *SeedBuffer >=20 > - ) >=20 > -{ >=20 > - BOOLEAN Ret; >=20 > - UINT8 RandByte[16]; >=20 > - UINT8 Key[16]; >=20 > - UINT8 Ffv[16]; >=20 > - UINT8 Xored[16]; >=20 > - UINT32 Index; >=20 > - UINT32 Index2; >=20 > - AES_KEY AESKey; >=20 > - >=20 > - // >=20 > - // Chose an arbitrary key and zero the feed_forward_value (FFV) >=20 > - // >=20 > - for (Index =3D 0; Index < 16; Index++) { >=20 > - Key[Index] =3D (UINT8) Index; >=20 > - Ffv[Index] =3D 0; >=20 > - } >=20 > - >=20 > - AES_set_encrypt_key (Key, 16 * 8, &AESKey); >=20 > - >=20 > - // >=20 > - // Perform CBC_MAC over 32 * 128 bit values, with 10us gaps between 12= 8 > bit value >=20 > - // The 10us gaps will ensure multiple reseeds within the system time w= ith a > large >=20 > - // design margin. >=20 > - // >=20 > - for (Index =3D 0; Index < 32; Index++) { >=20 > - MicroSecondDelay (10); >=20 > - Ret =3D RandGetBytes (16, RandByte); >=20 > - if (!Ret) { >=20 > - return Ret; >=20 > - } >=20 > - >=20 > - // >=20 > - // Perform XOR operations on two 128-bit value. >=20 > - // >=20 > - for (Index2 =3D 0; Index2 < 16; Index2++) { >=20 > - Xored[Index2] =3D RandByte[Index2] ^ Ffv[Index2]; >=20 > - } >=20 > - >=20 > - AES_encrypt (Xored, Ffv, &AESKey); >=20 > - } >=20 > - >=20 > - for (Index =3D 0; Index < 16; Index++) { >=20 > - SeedBuffer[Index] =3D Ffv[Index]; >=20 > - } >=20 > - >=20 > - return Ret; >=20 > -} >=20 > - >=20 > -/** >=20 > - Generate high-quality entropy source. >=20 > - >=20 > - @param[in] Length Size of the buffer, in bytes, to fill with. >=20 > - @param[out] Entropy Pointer to the buffer to store the entropy = data. >=20 > - >=20 > - @retval EFI_SUCCESS Entropy generation succeeded. >=20 > - @retval EFI_NOT_READY Failed to request random data. >=20 > - >=20 > -**/ >=20 > -STATIC >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -RandGenerateEntropy ( >=20 > - IN UINTN Length, >=20 > - OUT UINT8 *Entropy >=20 > - ) >=20 > -{ >=20 > - BOOLEAN Ret; >=20 > - UINTN BlockCount; >=20 > - UINT8 Seed[16]; >=20 > - UINT8 *Ptr; >=20 > - >=20 > - BlockCount =3D Length / 16; >=20 > - Ptr =3D (UINT8 *) Entropy; >=20 > - >=20 > - // >=20 > - // Generate high-quality seed for DRBG Entropy >=20 > - // >=20 > - while (BlockCount > 0) { >=20 > - Ret =3D RandGetSeed128 (Seed); >=20 > - if (!Ret) { >=20 > - return Ret; >=20 > - } >=20 > - CopyMem (Ptr, Seed, 16); >=20 > - >=20 > - BlockCount--; >=20 > - Ptr =3D Ptr + 16; >=20 > - } >=20 > - >=20 > - // >=20 > - // Populate the remained data as request. >=20 > - // >=20 > - Ret =3D RandGetSeed128 (Seed); >=20 > - if (!Ret) { >=20 > - return Ret; >=20 > - } >=20 > - CopyMem (Ptr, Seed, (Length % 16)); >=20 > - >=20 > - return Ret; >=20 > -} >=20 > - >=20 > /* >=20 > * Add random bytes to the pool to acquire requested amount of entropy >=20 > * >=20 > @@ -238,7 +85,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL > *pool) > buffer =3D rand_pool_add_begin(pool, bytes_needed); >=20 >=20 >=20 > if (buffer !=3D NULL) { >=20 > - Ret =3D RandGenerateEntropy(bytes_needed, buffer); >=20 > + Ret =3D RandGetBytes(bytes_needed, buffer); >=20 > if (FALSE =3D=3D Ret) { >=20 > rand_pool_add_end(pool, 0, 0); >=20 > } else { >=20 > @@ -257,13 +104,8 @@ size_t rand_pool_acquire_entropy(RAND_POOL > *pool) > */ >=20 > int rand_pool_add_nonce_data(RAND_POOL *pool) >=20 > { >=20 > - struct { >=20 > - UINT64 Rand; >=20 > - UINT64 TimerValue; >=20 > - } data =3D { 0 }; >=20 > - >=20 > - RandGetBytes(8, (UINT8 *)&(data.Rand)); >=20 > - data.TimerValue =3D GetPerformanceCounter(); >=20 > + UINT8 data[16]; >=20 > + RandGetBytes(sizeof(data), data); >=20 >=20 >=20 > return rand_pool_add(pool, (unsigned char*)&data, sizeof(data), 0); >=20 > } >=20 > @@ -275,13 +117,8 @@ int rand_pool_add_nonce_data(RAND_POOL *pool) > */ >=20 > int rand_pool_add_additional_data(RAND_POOL *pool) >=20 > { >=20 > - struct { >=20 > - UINT64 Rand; >=20 > - UINT64 TimerValue; >=20 > - } data =3D { 0 }; >=20 > - >=20 > - RandGetBytes(8, (UINT8 *)&(data.Rand)); >=20 > - data.TimerValue =3D GetPerformanceCounter(); >=20 > + UINT8 data[16]; >=20 > + RandGetBytes(sizeof(data), data); >=20 >=20 >=20 > return rand_pool_add(pool, (unsigned char*)&data, sizeof(data), 0); >=20 > } >=20 > @@ -313,4 +150,3 @@ void rand_pool_cleanup(void) > void rand_pool_keep_random_devices_open(int keep) >=20 > { >=20 > } >=20 > - >=20 > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool_noise.c > b/CryptoPkg/Library/OpensslLib/rand_pool_noise.c > deleted file mode 100644 > index 212834e27acc..000000000000 > --- a/CryptoPkg/Library/OpensslLib/rand_pool_noise.c > +++ /dev/null > @@ -1,29 +0,0 @@ > -/** @file >=20 > - Provide rand noise source. >=20 > - >=20 > -Copyright (c) 2019, Intel Corporation. All rights reserved.
>=20 > -SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > - >=20 > -**/ >=20 > - >=20 > -#include >=20 > - >=20 > -/** >=20 > - Get 64-bit noise source >=20 > - >=20 > - @param[out] Rand Buffer pointer to store 64-bit noise source >=20 > - >=20 > - @retval FALSE Failed to generate >=20 > -**/ >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -GetRandomNoise64 ( >=20 > - OUT UINT64 *Rand >=20 > - ) >=20 > -{ >=20 > - // >=20 > - // Return FALSE will fallback to use PerformanceCounter to >=20 > - // generate noise. >=20 > - // >=20 > - return FALSE; >=20 > -} >=20 > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > b/CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > deleted file mode 100644 > index 4158106231fd..000000000000 > --- a/CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > +++ /dev/null > @@ -1,43 +0,0 @@ > -/** @file >=20 > - Provide rand noise source. >=20 > - >=20 > -Copyright (c) 2019, Intel Corporation. All rights reserved.
>=20 > -SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > - >=20 > -**/ >=20 > - >=20 > -#include >=20 > -#include >=20 > -#include >=20 > - >=20 > -/** >=20 > - Get 64-bit noise source >=20 > - >=20 > - @param[out] Rand Buffer pointer to store 64-bit noise source >=20 > - >=20 > - @retval TRUE Get randomness successfully. >=20 > - @retval FALSE Failed to generate >=20 > -**/ >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -GetRandomNoise64 ( >=20 > - OUT UINT64 *Rand >=20 > - ) >=20 > -{ >=20 > - UINT32 Index; >=20 > - UINT32 *RandPtr; >=20 > - >=20 > - if (NULL =3D=3D Rand) { >=20 > - return FALSE; >=20 > - } >=20 > - >=20 > - RandPtr =3D (UINT32 *)Rand; >=20 > - >=20 > - for (Index =3D 0; Index < 2; Index ++) { >=20 > - *RandPtr =3D (UINT32) ((AsmReadTsc ()) & 0xFF); >=20 > - RandPtr++; >=20 > - MicroSecondDelay (10); >=20 > - } >=20 > - >=20 > - return TRUE; >=20 > -} >=20 > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > index dbbe5386a10c..4baad565564c 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > @@ -571,22 +571,9 @@ > $(OPENSSL_PATH)/ssl/statem/statem_local.h >=20 > # Autogenerated files list ends here >=20 > buildinf.h >=20 > - rand_pool_noise.h >=20 > ossl_store.c >=20 > rand_pool.c >=20 >=20 >=20 > -[Sources.Ia32] >=20 > - rand_pool_noise_tsc.c >=20 > - >=20 > -[Sources.X64] >=20 > - rand_pool_noise_tsc.c >=20 > - >=20 > -[Sources.ARM] >=20 > - rand_pool_noise.c >=20 > - >=20 > -[Sources.AARCH64] >=20 > - rand_pool_noise.c >=20 > - >=20 > [Packages] >=20 > MdePkg/MdePkg.dec >=20 > CryptoPkg/CryptoPkg.dec >=20 > @@ -594,7 +581,7 @@ > [LibraryClasses] >=20 > BaseLib >=20 > DebugLib >=20 > - TimerLib >=20 > + RngLib >=20 > PrintLib >=20 >=20 >=20 > [LibraryClasses.ARM] >=20 > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > index 616ccd9f62d1..3557711bd85a 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > @@ -520,22 +520,9 @@ > $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h >=20 > # Autogenerated files list ends here >=20 > buildinf.h >=20 > - rand_pool_noise.h >=20 > ossl_store.c >=20 > rand_pool.c >=20 >=20 >=20 > -[Sources.Ia32] >=20 > - rand_pool_noise_tsc.c >=20 > - >=20 > -[Sources.X64] >=20 > - rand_pool_noise_tsc.c >=20 > - >=20 > -[Sources.ARM] >=20 > - rand_pool_noise.c >=20 > - >=20 > -[Sources.AARCH64] >=20 > - rand_pool_noise.c >=20 > - >=20 > [Packages] >=20 > MdePkg/MdePkg.dec >=20 > CryptoPkg/CryptoPkg.dec >=20 > @@ -543,7 +530,7 @@ > [LibraryClasses] >=20 > BaseLib >=20 > DebugLib >=20 > - TimerLib >=20 > + RngLib >=20 > PrintLib >=20 >=20 >=20 > [LibraryClasses.ARM] >=20 > diff --git a/CryptoPkg/Library/OpensslLib/rand_pool_noise.h > b/CryptoPkg/Library/OpensslLib/rand_pool_noise.h > deleted file mode 100644 > index 75acc686a9f1..000000000000 > --- a/CryptoPkg/Library/OpensslLib/rand_pool_noise.h > +++ /dev/null > @@ -1,29 +0,0 @@ > -/** @file >=20 > - Provide rand noise source. >=20 > - >=20 > -Copyright (c) 2019, Intel Corporation. All rights reserved.
>=20 > -SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > - >=20 > -**/ >=20 > - >=20 > -#ifndef __RAND_POOL_NOISE_H__ >=20 > -#define __RAND_POOL_NOISE_H__ >=20 > - >=20 > -#include >=20 > - >=20 > -/** >=20 > - Get 64-bit noise source. >=20 > - >=20 > - @param[out] Rand Buffer pointer to store 64-bit noise source >=20 > - >=20 > - @retval TRUE Get randomness successfully. >=20 > - @retval FALSE Failed to generate >=20 > -**/ >=20 > -BOOLEAN >=20 > -EFIAPI >=20 > -GetRandomNoise64 ( >=20 > - OUT UINT64 *Rand >=20 > - ); >=20 > - >=20 > - >=20 > -#endif // __RAND_POOL_NOISE_H__ >=20 > -- > 2.27.0.windows.1 >=20 >=20 > -=3D-=3D-=3D-=3D-=3D-=3D > Groups.io Links: You receive all messages sent to this group. >=20 > View/Reply Online (#63372): https://edk2.groups.io/g/devel/message/63372 > Mute This Topic: https://groups.io/mt/75836597/4399222 > Group Owner: devel+owner@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub > [guomin.jiang@intel.com] > -=3D-=3D-=3D-=3D-=3D-=3D