CryptoPkg: Use RngLib to get Random number.

[kanagavels97]

REF: #11002

Use RngLib to get the Random number instead of passing the Default seed when the seed value is NULL and Seed size is zero.

Description

Add an implementation to use the RngLib to get the RandomNumber instead of passing the predictable default seed value when the RandomSeed() is called with seed value NULL and Seed size zero.

[pierregondois]

The patch looks good to me. As a side comment, shouldn't we have a valid implementation of RandomSeed() in CryptoPkg/Library/BaseCryptLibMbedTls/Rand ?

BOOLEAN
EFIAPI
RandomSeed (
  IN  CONST  UINT8  *Seed  OPTIONAL,
  IN  UINTN         SeedSize
  )
{
  return TRUE;
}

[kanagavels97]

The patch looks good to me. As a side comment, shouldn't we have a valid implementation of RandomSeed() in CryptoPkg/Library/BaseCryptLibMbedTls/Rand ?

BOOLEAN
EFIAPI
RandomSeed (
  IN  CONST  UINT8  *Seed  OPTIONAL,
  IN  UINTN         SeedSize
  )
{
  return TRUE;
}

Do you want the same implementation for MbedTls library as well?

[pierregondois]

The patch looks good to me. As a side comment, shouldn't we have a valid implementation of RandomSeed() in CryptoPkg/Library/BaseCryptLibMbedTls/Rand ?

BOOLEAN
EFIAPI
RandomSeed (
  IN  CONST  UINT8  *Seed  OPTIONAL,
  IN  UINTN         SeedSize
  )
{
  return TRUE;
}

Do you want the same implementation for MbedTls library as well?

It would be a good think IMO.
Another thing is that adding a dependency of CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf over the RngLib might break some platform builds. For instance:
Platform/Sophgo/SG2042_EVB_Board/SG2042.dsc
will break.

Note that the build seems already failing. I had to to the following to see the unresolved dependency:

diff --git a/Platform/Sophgo/SG2042_EVB_Board/SG2042.dsc b/Platform/Sophgo/SG2042_EVB_Board/SG2042.dsc
index 5f15e3a621a1..03dd084fdb9b 100644
--- a/Platform/Sophgo/SG2042_EVB_Board/SG2042.dsc
+++ b/Platform/Sophgo/SG2042_EVB_Board/SG2042.dsc
@@ -29,7 +29,7 @@
   # Defines for default states.  These can be changed on the command line.
   # -D FLAG=VALUE
   #
-  DEFINE SECURE_BOOT_ENABLE      = FALSE
+  DEFINE SECURE_BOOT_ENABLE      = TRUE
   DEFINE DEBUG_ON_SERIAL_PORT    = TRUE
 
   #
@@ -99,7 +99,7 @@
   SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
   UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
-  FdtLib|EmbeddedPkg/Library/FdtLib/FdtLib.inf
+  FdtLib|MdePkg/Library/BaseFdtLib/BaseFdtLib.inf
   VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
   VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
   ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf
@@ -153,7 +153,7 @@
   RealTimeClockLib|EmbeddedPkg//Library/VirtualRealTimeClockLib/VirtualRealTimeClockLib.inf
 
   # Flattened Device Tree (FDT) access library
-  FdtLib|EmbeddedPkg/Library/FdtLib/FdtLib.inf
+  FdtLib|MdePkg/Library/BaseFdtLib/BaseFdtLib.inf
 
 [LibraryClasses.common.SEC]
 !ifdef $(DEBUG_ON_SERIAL_PORT)

and the command:
build -p Platform/Sophgo/SG2042_EVB_Board/SG2042.dsc -t GCC5 -a RISCV64

[liyi77]

I think we don't need to keep two files with exactly the same content. CryptRanTsc.c can be removed.

[kanagavels97]

@liyi77 You mean we can use CryptRand.c file for IA32, X64, ARM, and AARCH64?

[liyi77]

@liyi77 You mean we can use CryptRand.c file for IA32, X64, ARM, and AARCH64?

Yes, they are same things anyway

[kanagavels97]

Ok @liyi77 , I will remove CryptRandTsc.c file

[liyi77]

It would be a good think IMO. Another thing is that adding a dependency of CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf over the RngLib might break some platform builds. For instance: Platform/Sophgo/SG2042_EVB_Board/SG2042.dsc will break.

Sounds strange, RngLib is a dependency of OpensslLib:

edk2/CryptoPkg/Library/OpensslLib/OpensslLib.inf

Lines 706 to 710 in 92c714f

	[LibraryClasses]
	BaseLib
	DebugLib
	RngLib

Generally as long as you use Openssl CryptoLib, this dependency is already satisfied.

[pierregondois]

Sounds strange, RngLib is a dependency of OpensslLib:

edk2/CryptoPkg/Library/OpensslLib/OpensslLib.inf

Lines 706 to 710 in 92c714f

	[LibraryClasses]
	BaseLib
	DebugLib
	RngLib

Generally as long as you use Openssl CryptoLib, this dependency is already satisfied.

Yes right, the RngLib dependency is already broken for the platform.
While checking some other platforms, it seems that the RngLib is present for all of them. However I didn't try to build all of them.

[kanagavels97]

Sounds strange, RngLib is a dependency of OpensslLib:

edk2/CryptoPkg/Library/OpensslLib/OpensslLib.inf

Lines 706 to 710 in 92c714f

	[LibraryClasses]
	BaseLib
	DebugLib
	RngLib

Generally as long as you use Openssl CryptoLib, this dependency is already satisfied.

Yes right, the RngLib dependency is already broken for the platform. While checking some other platforms, it seems that the RngLib is present for all of them. However I didn't try to build all of them.

@pierregondois

Could you please confirm whether the RngLib dependency is still required for BaseCryptLib?