[edk2-devel] [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b

Wang, Jian J jian.j.wang at intel.com
Fri May 10 10:26:35 UTC 2019 

Hi Laszlo,

rand_* is needed by openssl itself. BaseCryptLib also provide RandomSeed()
and RandomBytes() interface to wrap openssl rand functionality. We can't
just drop them. From platform independent perspective, using performance
counter is the best choice we have. If we want to achieve the uttermost
secure mechanism, only hardware seed/rand generator can meet it. Do you
agree to add cpu specific instruction to do that? For those processors
which don't support seed/rand generation, we have to fall back to performance
counter.

Another option is that we could make use of EFI_RNG_PROTOCOL. According
to UEFI spec (see below), it can be used to get entropy.

"This protocol is used to provide random numbers for use in applications,
or entropy for seeding other random number generators."

Again, we could use performance counter as a fall back if EFI_RNG_PROTOCOL
is not provided by a platform. So if a platform really care about the security,
it should provide a EFI_RNG_PROTOCOL. This can also help to hide the
hardware/platform dependency.

Regards,
Jian

> -----Original Message-----
> From: devel at edk2.groups.io [mailto:devel at edk2.groups.io] On Behalf Of
> Laszlo Ersek
> Sent: Friday, May 10, 2019 1:30 AM
> To: devel at edk2.groups.io; Lu, XiaoyuX <xiaoyux.lu at intel.com>
> Cc: Wang, Jian J <jian.j.wang at intel.com>; Ye, Ting <ting.ye at intel.com>
> Subject: Re: [edk2-devel] [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b
> 
> On 05/09/19 19:15, Laszlo Ersek wrote:
> 
> > How about the following:
> >
> > - It seems like we cannot convince OpenSSL to *never* call these
> >   functions, under UEFI.
> >
> > - We also cannot provide an implementation that is *guaranteed* to be
> >   secure enough, IMO.
> >
> > - It seems like these functions *should* never be called in the edk2
> >   build however, given that we're not trying to do anything "new" with
> >   OpenSSL in edk2 -- we just want to use the new OpenSSL release for the
> >   same old things.
> >
> > - So why not just ensure that these functions *never return*?
> >
> > (1) Basically implement all of the functions like this:
> >
> >   ASSERT (FALSE);
> >   CpuDeadLoop ();
> >   //
> >   // if a return value is needed
> >   //
> >   return 0;
> >
> > What do you think about this approach?
> 
> I notice that "rand" is another module in OpenSSL.
> 
> Can we try adding "no-rand" to our Configure invocation? Perhaps the
> need for all of the rand_* functions goes away then.
> 
> Thanks
> Laszlo
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#40422): https://edk2.groups.io/g/devel/message/40422
Mute This Topic: https://groups.io/mt/31552212/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list