sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
e8f28b09e63dfdbb4169969a43c65f86c44b035a
system76-edk2/CryptoPkg/Library/OpensslLib/rand_pool.c
Matthew Carlson b5701a4c7a CryptoPkg: OpensslLib: Use RngLib to generate entropy in rand_pool 
Ref: https://github.com/tianocore/edk2/pull/845
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1871

Changes OpenSSL to no longer depend on TimerLib and instead use RngLib.
This allows platforms to decide for themsevles what sort of entropy source
they provide to OpenSSL and TlsLib.

Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>

Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Signed-off-by: Matthew Carlson <matthewfcarlson@gmail.com>
2020-09-18 02:19:21 +00:00

172 lines
3.5 KiB
C
Raw Blame History

/** @file
OpenSSL_1_1_1b doesn't implement rand_pool_* functions for UEFI.
The file implement these functions.
Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "crypto/rand.h"
#include <openssl/aes.h>
#include <Uefi.h>
#include <Library/RngLib.h>
/**
Calls RandomNumber64 to fill
a buffer of arbitrary size with random bytes.
This is a shim layer to RngLib.
@param[in] Length Size of the buffer, in bytes, to fill with.
@param[out] RandBuffer Pointer to the buffer to store the random result.
@retval TRUE Random bytes generation succeeded.
@retval FALSE Failed to request random bytes.
**/
STATIC
BOOLEAN
EFIAPI
RandGetBytes (
IN UINTN Length,
OUT UINT8 *RandBuffer
)
{
BOOLEAN Ret;
UINT64 TempRand;
Ret = FALSE;
if (RandBuffer == NULL) {
DEBUG((DEBUG_ERROR, "[OPENSSL_RAND_POOL] NULL RandBuffer. No random numbers are generated and your system is not secure\n"));
ASSERT (RandBuffer != NULL); // Since we can't generate random numbers, we should assert. Otherwise we will just blow up later.
return Ret;
}
while (Length > 0) {
// Use RngLib to get random number
Ret = GetRandomNumber64 (&TempRand);
if (!Ret) {
return Ret;
}
if (Length >= sizeof (TempRand)) {
*((UINT64*) RandBuffer) = TempRand;
RandBuffer += sizeof (UINT64);
Length -= sizeof (TempRand);
}
else {
CopyMem (RandBuffer, &TempRand, Length);
Length = 0;
}
}
return Ret;
}
/*
* Add random bytes to the pool to acquire requested amount of entropy
*
* This function is platform specific and tries to acquire the requested
* amount of entropy by polling platform specific entropy sources.
*
* This is OpenSSL required interface.
*/
size_t
rand_pool_acquire_entropy (
RAND_POOL *pool
)
{
BOOLEAN Ret;
size_t Bytes_needed;
unsigned char *Buffer;
Bytes_needed = rand_pool_bytes_needed (pool, 1 /*entropy_factor*/);
if (Bytes_needed > 0) {
Buffer = rand_pool_add_begin (pool, Bytes_needed);
if (Buffer != NULL) {
Ret = RandGetBytes (Bytes_needed, Buffer);
if (FALSE == Ret) {
rand_pool_add_end (pool, 0, 0);
}
else {
rand_pool_add_end (pool, Bytes_needed, 8 * Bytes_needed);
}
}
}
return rand_pool_entropy_available (pool);
}
/*
* Implementation for UEFI
*
* This is OpenSSL required interface.
*/
int
rand_pool_add_nonce_data (
RAND_POOL *pool
)
{
UINT8 data[16];
RandGetBytes (sizeof(data), data);
return rand_pool_add (pool, (unsigned char*)&data, sizeof(data), 0);
}
/*
* Implementation for UEFI
*
* This is OpenSSL required interface.
*/
int
rand_pool_add_additional_data (
RAND_POOL *pool
)
{
UINT8 data[16];
RandGetBytes (sizeof(data), data);
return rand_pool_add (pool, (unsigned char*)&data, sizeof(data), 0);
}
/*
* Dummy Implementation for UEFI
*
* This is OpenSSL required interface.
*/
int
rand_pool_init (
VOID
)
{
return 1;
}
/*
* Dummy Implementation for UEFI
*
* This is OpenSSL required interface.
*/
VOID
rand_pool_cleanup(
VOID
)
{
}
/*
* Dummy Implementation for UEFI
*
* This is OpenSSL required interface.
*/
VOID
rand_pool_keep_random_devices_open (
int keep
)
{
}
Reference in New Issue View Git Blame Copy Permalink