1. Patchew
  2. EDK2
  3. View series

[edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b

Xiaoyu lu posted 7 patches 4 years, 11 months ago
Failed in applying to current master (apply log)
CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf    |   4 +-
CryptoPkg/Library/OpensslLib/OpensslLib.inf        |  76 ++++-
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf  |  67 ++++-
CryptoPkg/Library/Include/CrtLibSupport.h          |  13 +-
CryptoPkg/Library/Include/openssl/opensslconf.h    |  54 +++-
CryptoPkg/Library/Include/sys/syscall.h            |  11 +
CryptoPkg/Library/OpensslLib/buildinf.h            |   2 +
CryptoPkg/Library/OpensslLib/rand_pool_noise.h     |  29 ++
CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c |   8 +-
.../Library/BaseCryptLib/Hmac/CryptHmacSha1.c      |   9 +-
.../Library/BaseCryptLib/Hmac/CryptHmacSha256.c    |   8 +-
CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c     |  22 ++
CryptoPkg/Library/OpensslLib/ossl_store.c          |  17 ++
CryptoPkg/Library/OpensslLib/rand_pool.c           | 316 +++++++++++++++++++++
CryptoPkg/Library/OpensslLib/rand_pool_noise.c     |  29 ++
CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c |  43 +++
CryptoPkg/Library/OpensslLib/openssl               |   2 +-
CryptoPkg/Library/OpensslLib/process_files.pl      |  11 +-
18 files changed, 669 insertions(+), 52 deletions(-)
create mode 100644 CryptoPkg/Library/Include/sys/syscall.h
create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h
create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c
create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c
create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c
create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c
create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c
[edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Posted by Xiaoyu lu 4 years, 11 months ago 
This series is also available at:
https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_1b_v4

Changes:

(1) CryptoPkgOpensslLib: Modify process_files.pl for  upgrading OpenSSL

(2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
    crypto/store/* are excluded.
    crypto/rand/randfile.c is excluded.

(3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue

(4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
    Disable warnings for buiding OpenSSL_1_1_1b

(5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64

(6) CryptoPkg: Upgrade OpenSSL to 1.1.1b
    The biggest change is use TSC as entropy source
    If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter).

(7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible


Verification done for this series:
* Https boot in OvmfPkg.
* BaseCrypt Library test. (Ovmf, EmulatorPkg)

Important notice:
Nt32Pkg doesn't support TimerLib
> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
So it will failed in Nt32Pkg.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>

Laszlo Ersek (1):
  CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64

Xiaoyu Lu (6):
  CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL
  CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
  CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
  CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
  CryptoPkg: Upgrade OpenSSL to 1.1.1b
  CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible

 CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf    |   4 +-
 CryptoPkg/Library/OpensslLib/OpensslLib.inf        |  76 ++++-
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf  |  67 ++++-
 CryptoPkg/Library/Include/CrtLibSupport.h          |  13 +-
 CryptoPkg/Library/Include/openssl/opensslconf.h    |  54 +++-
 CryptoPkg/Library/Include/sys/syscall.h            |  11 +
 CryptoPkg/Library/OpensslLib/buildinf.h            |   2 +
 CryptoPkg/Library/OpensslLib/rand_pool_noise.h     |  29 ++
 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c |   8 +-
 .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c      |   9 +-
 .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c    |   8 +-
 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c     |  22 ++
 CryptoPkg/Library/OpensslLib/ossl_store.c          |  17 ++
 CryptoPkg/Library/OpensslLib/rand_pool.c           | 316 +++++++++++++++++++++
 CryptoPkg/Library/OpensslLib/rand_pool_noise.c     |  29 ++
 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c |  43 +++
 CryptoPkg/Library/OpensslLib/openssl               |   2 +-
 CryptoPkg/Library/OpensslLib/process_files.pl      |  11 +-
 18 files changed, 669 insertions(+), 52 deletions(-)
 create mode 100644 CryptoPkg/Library/Include/sys/syscall.h
 create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h
 create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c
 create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c
 create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c
 create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c
 create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c

-- 
2.7.4


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#40761): https://edk2.groups.io/g/devel/message/40761
Mute This Topic: https://groups.io/mt/31638503/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Posted by Laszlo Ersek 4 years, 11 months ago 
On 05/16/19 09:54, Xiaoyu Lu wrote:
> This series is also available at:
> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_1b_v4
> 
> Changes:
> 
> (1) CryptoPkgOpensslLib: Modify process_files.pl for  upgrading OpenSSL
> 
> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>     crypto/store/* are excluded.
>     crypto/rand/randfile.c is excluded.
> 
> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
> 
> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>     Disable warnings for buiding OpenSSL_1_1_1b
> 
> (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
> 
> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b
>     The biggest change is use TSC as entropy source
>     If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter).
> 
> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
> 
> 
> Verification done for this series:
> * Https boot in OvmfPkg.
> * BaseCrypt Library test. (Ovmf, EmulatorPkg)
> 
> Important notice:
> Nt32Pkg doesn't support TimerLib
>> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
> So it will failed in Nt32Pkg.

I did some minimal functional testing, as follows:

- built OvmfPkgIa32X64.dsc with -D SMM_REQUIRE -D SECURE_BOOT_ENABLE

- with SB pre-enabled in an existing VM, the firmware continued to
  reject an unsigned UEFI app
- in the same config, the firmware continued to accept a correctly
  signed UEFI boot loader (the Fedora OS was booted OK)

- with SB disabled afresh (deleting PK through SecureBootConfigDxe),
  both of the above binaries were accepted
- in the same SB-disabled state, OvmfPkg/EnrollDefaultKeys was possible
  to invoke from the UEFI shell, and it successfully re-enabled SB (with
  the effects described in the prior section).

So this part looks good.

Thanks
Laszlo

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#40824): https://edk2.groups.io/g/devel/message/40824
Mute This Topic: https://groups.io/mt/31638503/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Posted by Wang, Jian J 4 years, 11 months ago 
Laszlo,

Thanks for the test.

Regards,
Jian


> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> Laszlo Ersek
> Sent: Friday, May 17, 2019 2:53 AM
> To: Lu, XiaoyuX <xiaoyux.lu@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting <ting.ye@intel.com>
> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
> 
> On 05/16/19 09:54, Xiaoyu Lu wrote:
> > This series is also available at:
> >
> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_1b
> _v4
> >
> > Changes:
> >
> > (1) CryptoPkgOpensslLib: Modify process_files.pl for  upgrading OpenSSL
> >
> > (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
> >     crypto/store/* are excluded.
> >     crypto/rand/randfile.c is excluded.
> >
> > (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
> >
> > (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
> >     Disable warnings for buiding OpenSSL_1_1_1b
> >
> > (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
> >
> > (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b
> >     The biggest change is use TSC as entropy source
> >     If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter).
> >
> > (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
> >
> >
> > Verification done for this series:
> > * Https boot in OvmfPkg.
> > * BaseCrypt Library test. (Ovmf, EmulatorPkg)
> >
> > Important notice:
> > Nt32Pkg doesn't support TimerLib
> >>
> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplat
> e.inf
> > So it will failed in Nt32Pkg.
> 
> I did some minimal functional testing, as follows:
> 
> - built OvmfPkgIa32X64.dsc with -D SMM_REQUIRE -D SECURE_BOOT_ENABLE
> 
> - with SB pre-enabled in an existing VM, the firmware continued to
>   reject an unsigned UEFI app
> - in the same config, the firmware continued to accept a correctly
>   signed UEFI boot loader (the Fedora OS was booted OK)
> 
> - with SB disabled afresh (deleting PK through SecureBootConfigDxe),
>   both of the above binaries were accepted
> - in the same SB-disabled state, OvmfPkg/EnrollDefaultKeys was possible
>   to invoke from the UEFI shell, and it successfully re-enabled SB (with
>   the effects described in the prior section).
> 
> So this part looks good.
> 
> Thanks
> Laszlo
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#40855): https://edk2.groups.io/g/devel/message/40855
Mute This Topic: https://groups.io/mt/31638503/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Posted by Laszlo Ersek 4 years, 11 months ago 
Hi,

(+ Ard and Leif)

On 05/16/19 09:54, Xiaoyu lu wrote:
> This series is also available at:
> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_1b_v4
> 
> Changes:
> 
> (1) CryptoPkgOpensslLib: Modify process_files.pl for  upgrading OpenSSL
> 
> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>     crypto/store/* are excluded.
>     crypto/rand/randfile.c is excluded.
> 
> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
> 
> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>     Disable warnings for buiding OpenSSL_1_1_1b
> 
> (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
> 
> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b
>     The biggest change is use TSC as entropy source
>     If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter).
> 
> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
> 
> 
> Verification done for this series:
> * Https boot in OvmfPkg.
> * BaseCrypt Library test. (Ovmf, EmulatorPkg)
> 
> Important notice:
> Nt32Pkg doesn't support TimerLib
>> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
> So it will failed in Nt32Pkg.
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Ting Ye <ting.ye@intel.com>
> 
> Laszlo Ersek (1):
>   CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
> 
> Xiaoyu Lu (6):
>   CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL
>   CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>   CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
>   CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>   CryptoPkg: Upgrade OpenSSL to 1.1.1b
>   CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
> 
>  CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf    |   4 +-
>  CryptoPkg/Library/OpensslLib/OpensslLib.inf        |  76 ++++-
>  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf  |  67 ++++-
>  CryptoPkg/Library/Include/CrtLibSupport.h          |  13 +-
>  CryptoPkg/Library/Include/openssl/opensslconf.h    |  54 +++-
>  CryptoPkg/Library/Include/sys/syscall.h            |  11 +
>  CryptoPkg/Library/OpensslLib/buildinf.h            |   2 +
>  CryptoPkg/Library/OpensslLib/rand_pool_noise.h     |  29 ++
>  CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c |   8 +-
>  .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c      |   9 +-
>  .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c    |   8 +-
>  CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c     |  22 ++
>  CryptoPkg/Library/OpensslLib/ossl_store.c          |  17 ++
>  CryptoPkg/Library/OpensslLib/rand_pool.c           | 316 +++++++++++++++++++++
>  CryptoPkg/Library/OpensslLib/rand_pool_noise.c     |  29 ++
>  CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c |  43 +++
>  CryptoPkg/Library/OpensslLib/openssl               |   2 +-
>  CryptoPkg/Library/OpensslLib/process_files.pl      |  11 +-
>  18 files changed, 669 insertions(+), 52 deletions(-)
>  create mode 100644 CryptoPkg/Library/Include/sys/syscall.h
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h
>  create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c
> 

Unfortunately, I've found another build issue with this series. (My
apologies that I didn't discover it earlier.) It is reported in the
32-bit (ARM) build of the ArmVirtQemu platform:

  CryptoPkg/Library/OpensslLib/openssl/crypto/rand/drbg_lib.c:1028:
  undefined reference to `__aeabi_ui2d'

The referenced line is from the drbg_add() function:

    if (buflen < seedlen || randomness < (double) seedlen) {

Beyond the failure to resolve the "__aeabi_ui2d" symbol, the edk2 coding
style spec says, "Floating point operations are not recommended in UEFI
firmware." (Even though the UEFI spec describes the required floating
point environment for all architectures.)

So, I'm not sure what we should do here. If we think that floating point
is plain evil in edk2, then we cannot rebase edk2 to OpenSSL-1.1.1b.

... Hmmm, this seems to be the 32-bit ARM variant of [PATCH v4 3/7]!

If we find floating point generally acceptable in edk2, then Ard and
Leif could help us decide please whether this 32-bit ARM issue should be
fixed during the feature freeze (when fixes are still allowed), or if it
justifies postponing OpenSSL 1.1.1b to the next edk2 stable tag.

Again, I'm sorry that I found this only now -- but
"CryptoPkg/CryptoPkg.dsc" is multi-arch:

  SUPPORTED_ARCHITECTURES        = IA32|X64|ARM|AARCH64

thus, preferably, a CryptoPkg patch series should be at least build
tested (if not boot tested) for all arches, before being posted to the
mailing list.

(Yes, CI would help a lot with such issues.)

Thanks
Laszlo

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#40823): https://edk2.groups.io/g/devel/message/40823
Mute This Topic: https://groups.io/mt/31638503/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Posted by Wang, Jian J 4 years, 11 months ago 
Hi Laszlo,

There's already a float library used in OpensslLib.inf. 

[LibraryClasses.ARM]
  ArmSoftFloatLib

The problem is that the below instance doesn't implement __aeabi_ui2d
and __aeabi_d2uiz (I encountered this one as well)

  ArmPkg\Library\ArmSoftFloatLib\ArmSoftFloatLib.inf

I think we can update this library support those two APIs. So what about
we still push the patch and file a BZ to fix this issue?

Regards,
Jian


> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Friday, May 17, 2019 2:26 AM
> To: devel@edk2.groups.io; Lu, XiaoyuX <xiaoyux.lu@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting <ting.ye@intel.com>; Ard
> Biesheuvel <ard.biesheuvel@linaro.org>; Leif Lindholm
> <leif.lindholm@linaro.org>
> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
> 
> Hi,
> 
> (+ Ard and Leif)
> 
> On 05/16/19 09:54, Xiaoyu lu wrote:
> > This series is also available at:
> >
> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_1b
> _v4
> >
> > Changes:
> >
> > (1) CryptoPkgOpensslLib: Modify process_files.pl for  upgrading OpenSSL
> >
> > (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
> >     crypto/store/* are excluded.
> >     crypto/rand/randfile.c is excluded.
> >
> > (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
> >
> > (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
> >     Disable warnings for buiding OpenSSL_1_1_1b
> >
> > (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
> >
> > (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b
> >     The biggest change is use TSC as entropy source
> >     If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter).
> >
> > (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
> >
> >
> > Verification done for this series:
> > * Https boot in OvmfPkg.
> > * BaseCrypt Library test. (Ovmf, EmulatorPkg)
> >
> > Important notice:
> > Nt32Pkg doesn't support TimerLib
> >>
> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplat
> e.inf
> > So it will failed in Nt32Pkg.
> >
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Ting Ye <ting.ye@intel.com>
> >
> > Laszlo Ersek (1):
> >   CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
> >
> > Xiaoyu Lu (6):
> >   CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL
> >   CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
> >   CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
> >   CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
> >   CryptoPkg: Upgrade OpenSSL to 1.1.1b
> >   CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
> >
> >  CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf    |   4 +-
> >  CryptoPkg/Library/OpensslLib/OpensslLib.inf        |  76 ++++-
> >  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf  |  67 ++++-
> >  CryptoPkg/Library/Include/CrtLibSupport.h          |  13 +-
> >  CryptoPkg/Library/Include/openssl/opensslconf.h    |  54 +++-
> >  CryptoPkg/Library/Include/sys/syscall.h            |  11 +
> >  CryptoPkg/Library/OpensslLib/buildinf.h            |   2 +
> >  CryptoPkg/Library/OpensslLib/rand_pool_noise.h     |  29 ++
> >  CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c |   8 +-
> >  .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c      |   9 +-
> >  .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c    |   8 +-
> >  CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c     |  22 ++
> >  CryptoPkg/Library/OpensslLib/ossl_store.c          |  17 ++
> >  CryptoPkg/Library/OpensslLib/rand_pool.c           | 316
> +++++++++++++++++++++
> >  CryptoPkg/Library/OpensslLib/rand_pool_noise.c     |  29 ++
> >  CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c |  43 +++
> >  CryptoPkg/Library/OpensslLib/openssl               |   2 +-
> >  CryptoPkg/Library/OpensslLib/process_files.pl      |  11 +-
> >  18 files changed, 669 insertions(+), 52 deletions(-)
> >  create mode 100644 CryptoPkg/Library/Include/sys/syscall.h
> >  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h
> >  create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c
> >  create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c
> >  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c
> >  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c
> >  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c
> >
> 
> Unfortunately, I've found another build issue with this series. (My
> apologies that I didn't discover it earlier.) It is reported in the
> 32-bit (ARM) build of the ArmVirtQemu platform:
> 
>   CryptoPkg/Library/OpensslLib/openssl/crypto/rand/drbg_lib.c:1028:
>   undefined reference to `__aeabi_ui2d'
> 
> The referenced line is from the drbg_add() function:
> 
>     if (buflen < seedlen || randomness < (double) seedlen) {
> 
> Beyond the failure to resolve the "__aeabi_ui2d" symbol, the edk2 coding
> style spec says, "Floating point operations are not recommended in UEFI
> firmware." (Even though the UEFI spec describes the required floating
> point environment for all architectures.)
> 
> So, I'm not sure what we should do here. If we think that floating point
> is plain evil in edk2, then we cannot rebase edk2 to OpenSSL-1.1.1b.
> 
> ... Hmmm, this seems to be the 32-bit ARM variant of [PATCH v4 3/7]!
> 
> If we find floating point generally acceptable in edk2, then Ard and
> Leif could help us decide please whether this 32-bit ARM issue should be
> fixed during the feature freeze (when fixes are still allowed), or if it
> justifies postponing OpenSSL 1.1.1b to the next edk2 stable tag.
> 
> Again, I'm sorry that I found this only now -- but
> "CryptoPkg/CryptoPkg.dsc" is multi-arch:
> 
>   SUPPORTED_ARCHITECTURES        = IA32|X64|ARM|AARCH64
> 
> thus, preferably, a CryptoPkg patch series should be at least build
> tested (if not boot tested) for all arches, before being posted to the
> mailing list.
> 
> (Yes, CI would help a lot with such issues.)
> 
> Thanks
> Laszlo

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#40858): https://edk2.groups.io/g/devel/message/40858
Mute This Topic: https://groups.io/mt/31638503/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Posted by Laszlo Ersek 4 years, 11 months ago 
On 05/17/19 07:11, Wang, Jian J wrote:
> Hi Laszlo,
> 
> There's already a float library used in OpensslLib.inf. 
> 
> [LibraryClasses.ARM]
>   ArmSoftFloatLib
> 
> The problem is that the below instance doesn't implement __aeabi_ui2d
> and __aeabi_d2uiz (I encountered this one as well)
> 
>   ArmPkg\Library\ArmSoftFloatLib\ArmSoftFloatLib.inf
> 
> I think we can update this library support those two APIs. So what about
> we still push the patch and file a BZ to fix this issue?

I'm OK with that, but it will break ARM and AARCH64 platforms that
consume OpensslLib (directly or through BaseCryptLib), so this question
is up to Leif and Ard to decide.

Thanks
Laszlo

>> -----Original Message-----
>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>> Sent: Friday, May 17, 2019 2:26 AM
>> To: devel@edk2.groups.io; Lu, XiaoyuX <xiaoyux.lu@intel.com>
>> Cc: Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting <ting.ye@intel.com>; Ard
>> Biesheuvel <ard.biesheuvel@linaro.org>; Leif Lindholm
>> <leif.lindholm@linaro.org>
>> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
>>
>> Hi,
>>
>> (+ Ard and Leif)
>>
>> On 05/16/19 09:54, Xiaoyu lu wrote:
>>> This series is also available at:
>>>
>> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_1b
>> _v4
>>>
>>> Changes:
>>>
>>> (1) CryptoPkgOpensslLib: Modify process_files.pl for  upgrading OpenSSL
>>>
>>> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>>>     crypto/store/* are excluded.
>>>     crypto/rand/randfile.c is excluded.
>>>
>>> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
>>>
>>> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>>>     Disable warnings for buiding OpenSSL_1_1_1b
>>>
>>> (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
>>>
>>> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b
>>>     The biggest change is use TSC as entropy source
>>>     If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter).
>>>
>>> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
>>>
>>>
>>> Verification done for this series:
>>> * Https boot in OvmfPkg.
>>> * BaseCrypt Library test. (Ovmf, EmulatorPkg)
>>>
>>> Important notice:
>>> Nt32Pkg doesn't support TimerLib
>>>>
>> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplat
>> e.inf
>>> So it will failed in Nt32Pkg.
>>>
>>> Cc: Jian J Wang <jian.j.wang@intel.com>
>>> Cc: Ting Ye <ting.ye@intel.com>
>>>
>>> Laszlo Ersek (1):
>>>   CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
>>>
>>> Xiaoyu Lu (6):
>>>   CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL
>>>   CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>>>   CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
>>>   CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>>>   CryptoPkg: Upgrade OpenSSL to 1.1.1b
>>>   CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
>>>
>>>  CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf    |   4 +-
>>>  CryptoPkg/Library/OpensslLib/OpensslLib.inf        |  76 ++++-
>>>  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf  |  67 ++++-
>>>  CryptoPkg/Library/Include/CrtLibSupport.h          |  13 +-
>>>  CryptoPkg/Library/Include/openssl/opensslconf.h    |  54 +++-
>>>  CryptoPkg/Library/Include/sys/syscall.h            |  11 +
>>>  CryptoPkg/Library/OpensslLib/buildinf.h            |   2 +
>>>  CryptoPkg/Library/OpensslLib/rand_pool_noise.h     |  29 ++
>>>  CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c |   8 +-
>>>  .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c      |   9 +-
>>>  .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c    |   8 +-
>>>  CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c     |  22 ++
>>>  CryptoPkg/Library/OpensslLib/ossl_store.c          |  17 ++
>>>  CryptoPkg/Library/OpensslLib/rand_pool.c           | 316
>> +++++++++++++++++++++
>>>  CryptoPkg/Library/OpensslLib/rand_pool_noise.c     |  29 ++
>>>  CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c |  43 +++
>>>  CryptoPkg/Library/OpensslLib/openssl               |   2 +-
>>>  CryptoPkg/Library/OpensslLib/process_files.pl      |  11 +-
>>>  18 files changed, 669 insertions(+), 52 deletions(-)
>>>  create mode 100644 CryptoPkg/Library/Include/sys/syscall.h
>>>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h
>>>  create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c
>>>  create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c
>>>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c
>>>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c
>>>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c
>>>
>>
>> Unfortunately, I've found another build issue with this series. (My
>> apologies that I didn't discover it earlier.) It is reported in the
>> 32-bit (ARM) build of the ArmVirtQemu platform:
>>
>>   CryptoPkg/Library/OpensslLib/openssl/crypto/rand/drbg_lib.c:1028:
>>   undefined reference to `__aeabi_ui2d'
>>
>> The referenced line is from the drbg_add() function:
>>
>>     if (buflen < seedlen || randomness < (double) seedlen) {
>>
>> Beyond the failure to resolve the "__aeabi_ui2d" symbol, the edk2 coding
>> style spec says, "Floating point operations are not recommended in UEFI
>> firmware." (Even though the UEFI spec describes the required floating
>> point environment for all architectures.)
>>
>> So, I'm not sure what we should do here. If we think that floating point
>> is plain evil in edk2, then we cannot rebase edk2 to OpenSSL-1.1.1b.
>>
>> ... Hmmm, this seems to be the 32-bit ARM variant of [PATCH v4 3/7]!
>>
>> If we find floating point generally acceptable in edk2, then Ard and
>> Leif could help us decide please whether this 32-bit ARM issue should be
>> fixed during the feature freeze (when fixes are still allowed), or if it
>> justifies postponing OpenSSL 1.1.1b to the next edk2 stable tag.
>>
>> Again, I'm sorry that I found this only now -- but
>> "CryptoPkg/CryptoPkg.dsc" is multi-arch:
>>
>>   SUPPORTED_ARCHITECTURES        = IA32|X64|ARM|AARCH64
>>
>> thus, preferably, a CryptoPkg patch series should be at least build
>> tested (if not boot tested) for all arches, before being posted to the
>> mailing list.
>>
>> (Yes, CI would help a lot with such issues.)
>>
>> Thanks
>> Laszlo


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#40915): https://edk2.groups.io/g/devel/message/40915
Mute This Topic: https://groups.io/mt/31638503/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Posted by Laszlo Ersek 4 years, 11 months ago 
On 05/17/19 15:04, Laszlo Ersek wrote:
> On 05/17/19 07:11, Wang, Jian J wrote:
>> Hi Laszlo,
>>
>> There's already a float library used in OpensslLib.inf. 
>>
>> [LibraryClasses.ARM]
>>   ArmSoftFloatLib
>>
>> The problem is that the below instance doesn't implement __aeabi_ui2d
>> and __aeabi_d2uiz (I encountered this one as well)
>>
>>   ArmPkg\Library\ArmSoftFloatLib\ArmSoftFloatLib.inf
>>
>> I think we can update this library support those two APIs. So what about
>> we still push the patch and file a BZ to fix this issue?
> 
> I'm OK with that, but it will break ARM and AARCH64 platforms that
> consume OpensslLib (directly or through BaseCryptLib), so this question
> is up to Leif and Ard to decide.

Correction: break ARM platforms only, not AARCH64.

Laszlo

> Thanks
> Laszlo
> 
>>> -----Original Message-----
>>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>>> Sent: Friday, May 17, 2019 2:26 AM
>>> To: devel@edk2.groups.io; Lu, XiaoyuX <xiaoyux.lu@intel.com>
>>> Cc: Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting <ting.ye@intel.com>; Ard
>>> Biesheuvel <ard.biesheuvel@linaro.org>; Leif Lindholm
>>> <leif.lindholm@linaro.org>
>>> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
>>>
>>> Hi,
>>>
>>> (+ Ard and Leif)
>>>
>>> On 05/16/19 09:54, Xiaoyu lu wrote:
>>>> This series is also available at:
>>>>
>>> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_1b
>>> _v4
>>>>
>>>> Changes:
>>>>
>>>> (1) CryptoPkgOpensslLib: Modify process_files.pl for  upgrading OpenSSL
>>>>
>>>> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>>>>     crypto/store/* are excluded.
>>>>     crypto/rand/randfile.c is excluded.
>>>>
>>>> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
>>>>
>>>> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>>>>     Disable warnings for buiding OpenSSL_1_1_1b
>>>>
>>>> (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
>>>>
>>>> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b
>>>>     The biggest change is use TSC as entropy source
>>>>     If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter).
>>>>
>>>> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
>>>>
>>>>
>>>> Verification done for this series:
>>>> * Https boot in OvmfPkg.
>>>> * BaseCrypt Library test. (Ovmf, EmulatorPkg)
>>>>
>>>> Important notice:
>>>> Nt32Pkg doesn't support TimerLib
>>>>>
>>> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplat
>>> e.inf
>>>> So it will failed in Nt32Pkg.
>>>>
>>>> Cc: Jian J Wang <jian.j.wang@intel.com>
>>>> Cc: Ting Ye <ting.ye@intel.com>
>>>>
>>>> Laszlo Ersek (1):
>>>>   CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
>>>>
>>>> Xiaoyu Lu (6):
>>>>   CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL
>>>>   CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>>>>   CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
>>>>   CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>>>>   CryptoPkg: Upgrade OpenSSL to 1.1.1b
>>>>   CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
>>>>
>>>>  CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf    |   4 +-
>>>>  CryptoPkg/Library/OpensslLib/OpensslLib.inf        |  76 ++++-
>>>>  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf  |  67 ++++-
>>>>  CryptoPkg/Library/Include/CrtLibSupport.h          |  13 +-
>>>>  CryptoPkg/Library/Include/openssl/opensslconf.h    |  54 +++-
>>>>  CryptoPkg/Library/Include/sys/syscall.h            |  11 +
>>>>  CryptoPkg/Library/OpensslLib/buildinf.h            |   2 +
>>>>  CryptoPkg/Library/OpensslLib/rand_pool_noise.h     |  29 ++
>>>>  CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c |   8 +-
>>>>  .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c      |   9 +-
>>>>  .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c    |   8 +-
>>>>  CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c     |  22 ++
>>>>  CryptoPkg/Library/OpensslLib/ossl_store.c          |  17 ++
>>>>  CryptoPkg/Library/OpensslLib/rand_pool.c           | 316
>>> +++++++++++++++++++++
>>>>  CryptoPkg/Library/OpensslLib/rand_pool_noise.c     |  29 ++
>>>>  CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c |  43 +++
>>>>  CryptoPkg/Library/OpensslLib/openssl               |   2 +-
>>>>  CryptoPkg/Library/OpensslLib/process_files.pl      |  11 +-
>>>>  18 files changed, 669 insertions(+), 52 deletions(-)
>>>>  create mode 100644 CryptoPkg/Library/Include/sys/syscall.h
>>>>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h
>>>>  create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c
>>>>  create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c
>>>>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c
>>>>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c
>>>>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c
>>>>
>>>
>>> Unfortunately, I've found another build issue with this series. (My
>>> apologies that I didn't discover it earlier.) It is reported in the
>>> 32-bit (ARM) build of the ArmVirtQemu platform:
>>>
>>>   CryptoPkg/Library/OpensslLib/openssl/crypto/rand/drbg_lib.c:1028:
>>>   undefined reference to `__aeabi_ui2d'
>>>
>>> The referenced line is from the drbg_add() function:
>>>
>>>     if (buflen < seedlen || randomness < (double) seedlen) {
>>>
>>> Beyond the failure to resolve the "__aeabi_ui2d" symbol, the edk2 coding
>>> style spec says, "Floating point operations are not recommended in UEFI
>>> firmware." (Even though the UEFI spec describes the required floating
>>> point environment for all architectures.)
>>>
>>> So, I'm not sure what we should do here. If we think that floating point
>>> is plain evil in edk2, then we cannot rebase edk2 to OpenSSL-1.1.1b.
>>>
>>> ... Hmmm, this seems to be the 32-bit ARM variant of [PATCH v4 3/7]!
>>>
>>> If we find floating point generally acceptable in edk2, then Ard and
>>> Leif could help us decide please whether this 32-bit ARM issue should be
>>> fixed during the feature freeze (when fixes are still allowed), or if it
>>> justifies postponing OpenSSL 1.1.1b to the next edk2 stable tag.
>>>
>>> Again, I'm sorry that I found this only now -- but
>>> "CryptoPkg/CryptoPkg.dsc" is multi-arch:
>>>
>>>   SUPPORTED_ARCHITECTURES        = IA32|X64|ARM|AARCH64
>>>
>>> thus, preferably, a CryptoPkg patch series should be at least build
>>> tested (if not boot tested) for all arches, before being posted to the
>>> mailing list.
>>>
>>> (Yes, CI would help a lot with such issues.)
>>>
>>> Thanks
>>> Laszlo
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#40920): https://edk2.groups.io/g/devel/message/40920
Mute This Topic: https://groups.io/mt/31638503/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Posted by Xiaoyu Lu 4 years, 11 months ago 
Hi, Lerszlo:

(1):

> Unfortunately, I've found another build issue with this series. (My apologies that I didn't discover it earlier.) It is reported in the 32-bit (ARM) build of the ArmVirtQemu platform:
> 
>   CryptoPkg/Library/OpensslLib/openssl/crypto/rand/drbg_lib.c:1028:
>   undefined reference to `__aeabi_ui2d'
> 

OpensslLib[Crypto].inf contains ArmSoftFloatLib as dependent library.

In ArmSoftFloatLib:

 softfloat-for-gcc.h|98| #define uint32_to_float64       __floatunsidf
 softfloat-for-gcc.h|222| #define __floatunsidf       __aeabi_ui2d

 softfloat-for-gcc.h|128| #define float64_to_uint32_round_to_zero     __fixunsdfsi
 softfloat-for-gcc.h|234| #define __fixunsdfsi        __aeabi_d2uiz

But *uint32_to_float64* and *float64_to_uint32_round_to_zero* aren't implemented in softfloat.c

If these two functions implement, the build will pass. (I use dummy functions and try)


(2):

>thus, preferably, a CryptoPkg patch series should be at least build tested (if not boot tested) for all arches, before being posted to the mailing list.

I should test ARM, since IA32 arch has Intrinsic problem(_ftol2). It is very likely that ARM arch does not support it either. 

>(Yes, CI would help a lot with such issues.)

Now I don't have a CI environment here. 
I will setup one for building OvmfPkg, ArmVirtPkg, EmulatorPkg.

Thanks,
Xiaoyu

-----Original Message-----
From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Laszlo Ersek
Sent: Friday, May 17, 2019 2:26 AM
To: devel@edk2.groups.io; Lu, XiaoyuX <xiaoyux.lu@intel.com>
Cc: Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting <ting.ye@intel.com>; Ard Biesheuvel <ard.biesheuvel@linaro.org>; Leif Lindholm <leif.lindholm@linaro.org>
Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b

Hi,

(+ Ard and Leif)

On 05/16/19 09:54, Xiaoyu lu wrote:
> This series is also available at:
> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_
> 1b_v4
> 
> Changes:
> 
> (1) CryptoPkgOpensslLib: Modify process_files.pl for  upgrading 
> OpenSSL
> 
> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>     crypto/store/* are excluded.
>     crypto/rand/randfile.c is excluded.
> 
> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol 
> issue
> 
> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>     Disable warnings for buiding OpenSSL_1_1_1b
> 
> (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
> 
> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b
>     The biggest change is use TSC as entropy source
>     If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter).
> 
> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
> 
> 
> Verification done for this series:
> * Https boot in OvmfPkg.
> * BaseCrypt Library test. (Ovmf, EmulatorPkg)
> 
> Important notice:
> Nt32Pkg doesn't support TimerLib
>> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemp
>> TimerLib|late.inf
> So it will failed in Nt32Pkg.
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Ting Ye <ting.ye@intel.com>
> 
> Laszlo Ersek (1):
>   CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
> 
> Xiaoyu Lu (6):
>   CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL
>   CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>   CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
>   CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>   CryptoPkg: Upgrade OpenSSL to 1.1.1b
>   CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
> 
>  CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf    |   4 +-
>  CryptoPkg/Library/OpensslLib/OpensslLib.inf        |  76 ++++-
>  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf  |  67 ++++-
>  CryptoPkg/Library/Include/CrtLibSupport.h          |  13 +-
>  CryptoPkg/Library/Include/openssl/opensslconf.h    |  54 +++-
>  CryptoPkg/Library/Include/sys/syscall.h            |  11 +
>  CryptoPkg/Library/OpensslLib/buildinf.h            |   2 +
>  CryptoPkg/Library/OpensslLib/rand_pool_noise.h     |  29 ++
>  CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c |   8 +-
>  .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c      |   9 +-
>  .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c    |   8 +-
>  CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c     |  22 ++
>  CryptoPkg/Library/OpensslLib/ossl_store.c          |  17 ++
>  CryptoPkg/Library/OpensslLib/rand_pool.c           | 316 +++++++++++++++++++++
>  CryptoPkg/Library/OpensslLib/rand_pool_noise.c     |  29 ++
>  CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c |  43 +++
>  CryptoPkg/Library/OpensslLib/openssl               |   2 +-
>  CryptoPkg/Library/OpensslLib/process_files.pl      |  11 +-
>  18 files changed, 669 insertions(+), 52 deletions(-)  create mode 
> 100644 CryptoPkg/Library/Include/sys/syscall.h
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h
>  create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c
> 

Unfortunately, I've found another build issue with this series. (My apologies that I didn't discover it earlier.) It is reported in the 32-bit (ARM) build of the ArmVirtQemu platform:

  CryptoPkg/Library/OpensslLib/openssl/crypto/rand/drbg_lib.c:1028:
  undefined reference to `__aeabi_ui2d'

The referenced line is from the drbg_add() function:

    if (buflen < seedlen || randomness < (double) seedlen) {

Beyond the failure to resolve the "__aeabi_ui2d" symbol, the edk2 coding style spec says, "Floating point operations are not recommended in UEFI firmware." (Even though the UEFI spec describes the required floating point environment for all architectures.)

So, I'm not sure what we should do here. If we think that floating point is plain evil in edk2, then we cannot rebase edk2 to OpenSSL-1.1.1b.

... Hmmm, this seems to be the 32-bit ARM variant of [PATCH v4 3/7]!

If we find floating point generally acceptable in edk2, then Ard and Leif could help us decide please whether this 32-bit ARM issue should be fixed during the feature freeze (when fixes are still allowed), or if it justifies postponing OpenSSL 1.1.1b to the next edk2 stable tag.

Again, I'm sorry that I found this only now -- but "CryptoPkg/CryptoPkg.dsc" is multi-arch:

  SUPPORTED_ARCHITECTURES        = IA32|X64|ARM|AARCH64

thus, preferably, a CryptoPkg patch series should be at least build tested (if not boot tested) for all arches, before being posted to the mailing list.

(Yes, CI would help a lot with such issues.)

Thanks
Laszlo




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#40902): https://edk2.groups.io/g/devel/message/40902
Mute This Topic: https://groups.io/mt/31638503/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Posted by Laszlo Ersek 4 years, 11 months ago 
On 05/17/19 12:12, Lu, XiaoyuX wrote:
> Hi, Lerszlo:

well... I agree that my first name may not be trivial to spell, but you
can always use the clipboard, whenever in doubt.

For the record, it's "Laszlo".

> 
> (1):
> 
>> Unfortunately, I've found another build issue with this series. (My apologies that I didn't discover it earlier.) It is reported in the 32-bit (ARM) build of the ArmVirtQemu platform:
>>
>>   CryptoPkg/Library/OpensslLib/openssl/crypto/rand/drbg_lib.c:1028:
>>   undefined reference to `__aeabi_ui2d'
>>
> 
> OpensslLib[Crypto].inf contains ArmSoftFloatLib as dependent library.
> 
> In ArmSoftFloatLib:
> 
>  softfloat-for-gcc.h|98| #define uint32_to_float64       __floatunsidf
>  softfloat-for-gcc.h|222| #define __floatunsidf       __aeabi_ui2d
> 
>  softfloat-for-gcc.h|128| #define float64_to_uint32_round_to_zero     __fixunsdfsi
>  softfloat-for-gcc.h|234| #define __fixunsdfsi        __aeabi_d2uiz
> 
> But *uint32_to_float64* and *float64_to_uint32_round_to_zero* aren't implemented in softfloat.c
> 
> If these two functions implement, the build will pass. (I use dummy functions and try)

See my response to Jian on this.

> (2):
> 
>> thus, preferably, a CryptoPkg patch series should be at least build tested (if not boot tested) for all arches, before being posted to the mailing list.
> 
> I should test ARM, since IA32 arch has Intrinsic problem(_ftol2). It is very likely that ARM arch does not support it either. 
> 
>> (Yes, CI would help a lot with such issues.)
> 
> Now I don't have a CI environment here. 
> I will setup one for building OvmfPkg, ArmVirtPkg, EmulatorPkg.

Sorry, I was unclear: I meant a community-level, central CI. Not a
personal one. And, the central CI is undergoing design discussions right
now.

Thanks
Laszlo



> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Laszlo Ersek
> Sent: Friday, May 17, 2019 2:26 AM
> To: devel@edk2.groups.io; Lu, XiaoyuX <xiaoyux.lu@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting <ting.ye@intel.com>; Ard Biesheuvel <ard.biesheuvel@linaro.org>; Leif Lindholm <leif.lindholm@linaro.org>
> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
> 
> Hi,
> 
> (+ Ard and Leif)
> 
> On 05/16/19 09:54, Xiaoyu lu wrote:
>> This series is also available at:
>> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_
>> 1b_v4
>>
>> Changes:
>>
>> (1) CryptoPkgOpensslLib: Modify process_files.pl for  upgrading 
>> OpenSSL
>>
>> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>>     crypto/store/* are excluded.
>>     crypto/rand/randfile.c is excluded.
>>
>> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol 
>> issue
>>
>> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>>     Disable warnings for buiding OpenSSL_1_1_1b
>>
>> (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
>>
>> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b
>>     The biggest change is use TSC as entropy source
>>     If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter).
>>
>> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
>>
>>
>> Verification done for this series:
>> * Https boot in OvmfPkg.
>> * BaseCrypt Library test. (Ovmf, EmulatorPkg)
>>
>> Important notice:
>> Nt32Pkg doesn't support TimerLib
>>> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemp
>>> TimerLib|late.inf
>> So it will failed in Nt32Pkg.
>>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Ting Ye <ting.ye@intel.com>
>>
>> Laszlo Ersek (1):
>>   CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
>>
>> Xiaoyu Lu (6):
>>   CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL
>>   CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>>   CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
>>   CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>>   CryptoPkg: Upgrade OpenSSL to 1.1.1b
>>   CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
>>
>>  CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf    |   4 +-
>>  CryptoPkg/Library/OpensslLib/OpensslLib.inf        |  76 ++++-
>>  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf  |  67 ++++-
>>  CryptoPkg/Library/Include/CrtLibSupport.h          |  13 +-
>>  CryptoPkg/Library/Include/openssl/opensslconf.h    |  54 +++-
>>  CryptoPkg/Library/Include/sys/syscall.h            |  11 +
>>  CryptoPkg/Library/OpensslLib/buildinf.h            |   2 +
>>  CryptoPkg/Library/OpensslLib/rand_pool_noise.h     |  29 ++
>>  CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c |   8 +-
>>  .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c      |   9 +-
>>  .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c    |   8 +-
>>  CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c     |  22 ++
>>  CryptoPkg/Library/OpensslLib/ossl_store.c          |  17 ++
>>  CryptoPkg/Library/OpensslLib/rand_pool.c           | 316 +++++++++++++++++++++
>>  CryptoPkg/Library/OpensslLib/rand_pool_noise.c     |  29 ++
>>  CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c |  43 +++
>>  CryptoPkg/Library/OpensslLib/openssl               |   2 +-
>>  CryptoPkg/Library/OpensslLib/process_files.pl      |  11 +-
>>  18 files changed, 669 insertions(+), 52 deletions(-)  create mode 
>> 100644 CryptoPkg/Library/Include/sys/syscall.h
>>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h
>>  create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c
>>  create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c
>>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c
>>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c
>>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c
>>
> 
> Unfortunately, I've found another build issue with this series. (My apologies that I didn't discover it earlier.) It is reported in the 32-bit (ARM) build of the ArmVirtQemu platform:
> 
>   CryptoPkg/Library/OpensslLib/openssl/crypto/rand/drbg_lib.c:1028:
>   undefined reference to `__aeabi_ui2d'
> 
> The referenced line is from the drbg_add() function:
> 
>     if (buflen < seedlen || randomness < (double) seedlen) {
> 
> Beyond the failure to resolve the "__aeabi_ui2d" symbol, the edk2 coding style spec says, "Floating point operations are not recommended in UEFI firmware." (Even though the UEFI spec describes the required floating point environment for all architectures.)
> 
> So, I'm not sure what we should do here. If we think that floating point is plain evil in edk2, then we cannot rebase edk2 to OpenSSL-1.1.1b.
> 
> ... Hmmm, this seems to be the 32-bit ARM variant of [PATCH v4 3/7]!
> 
> If we find floating point generally acceptable in edk2, then Ard and Leif could help us decide please whether this 32-bit ARM issue should be fixed during the feature freeze (when fixes are still allowed), or if it justifies postponing OpenSSL 1.1.1b to the next edk2 stable tag.
> 
> Again, I'm sorry that I found this only now -- but "CryptoPkg/CryptoPkg.dsc" is multi-arch:
> 
>   SUPPORTED_ARCHITECTURES        = IA32|X64|ARM|AARCH64
> 
> thus, preferably, a CryptoPkg patch series should be at least build tested (if not boot tested) for all arches, before being posted to the mailing list.
> 
> (Yes, CI would help a lot with such issues.)
> 
> Thanks
> Laszlo
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#40916): https://edk2.groups.io/g/devel/message/40916
Mute This Topic: https://groups.io/mt/31638503/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Posted by Xiaoyu Lu 4 years, 11 months ago 
Laszlo,

I'm so sorry that I made a mistake about your name. 

Thanks
Xiaoyu

-----Original Message-----
From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Laszlo Ersek
Sent: Friday, May 17, 2019 9:08 PM
To: Lu, XiaoyuX <xiaoyux.lu@intel.com>; devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting <ting.ye@intel.com>; Ard Biesheuvel <ard.biesheuvel@linaro.org>; Leif Lindholm <leif.lindholm@linaro.org>
Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b

On 05/17/19 12:12, Lu, XiaoyuX wrote:
> Hi, Lerszlo:

well... I agree that my first name may not be trivial to spell, but you can always use the clipboard, whenever in doubt.

For the record, it's "Laszlo".

> 
> (1):
> 
>> Unfortunately, I've found another build issue with this series. (My apologies that I didn't discover it earlier.) It is reported in the 32-bit (ARM) build of the ArmVirtQemu platform:
>>
>>   CryptoPkg/Library/OpensslLib/openssl/crypto/rand/drbg_lib.c:1028:
>>   undefined reference to `__aeabi_ui2d'
>>
> 
> OpensslLib[Crypto].inf contains ArmSoftFloatLib as dependent library.
> 
> In ArmSoftFloatLib:
> 
>  softfloat-for-gcc.h|98| #define uint32_to_float64       __floatunsidf
>  softfloat-for-gcc.h|222| #define __floatunsidf       __aeabi_ui2d
> 
>  softfloat-for-gcc.h|128| #define float64_to_uint32_round_to_zero     __fixunsdfsi
>  softfloat-for-gcc.h|234| #define __fixunsdfsi        __aeabi_d2uiz
> 
> But *uint32_to_float64* and *float64_to_uint32_round_to_zero* aren't 
> implemented in softfloat.c
> 
> If these two functions implement, the build will pass. (I use dummy 
> functions and try)

See my response to Jian on this.

> (2):
> 
>> thus, preferably, a CryptoPkg patch series should be at least build tested (if not boot tested) for all arches, before being posted to the mailing list.
> 
> I should test ARM, since IA32 arch has Intrinsic problem(_ftol2). It is very likely that ARM arch does not support it either. 
> 
>> (Yes, CI would help a lot with such issues.)
> 
> Now I don't have a CI environment here. 
> I will setup one for building OvmfPkg, ArmVirtPkg, EmulatorPkg.

Sorry, I was unclear: I meant a community-level, central CI. Not a personal one. And, the central CI is undergoing design discussions right now.

Thanks
Laszlo



> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of 
> Laszlo Ersek
> Sent: Friday, May 17, 2019 2:26 AM
> To: devel@edk2.groups.io; Lu, XiaoyuX <xiaoyux.lu@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting 
> <ting.ye@intel.com>; Ard Biesheuvel <ard.biesheuvel@linaro.org>; Leif 
> Lindholm <leif.lindholm@linaro.org>
> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 
> 1.1.1b
> 
> Hi,
> 
> (+ Ard and Leif)
> 
> On 05/16/19 09:54, Xiaoyu lu wrote:
>> This series is also available at:
>> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1
>> _
>> 1b_v4
>>
>> Changes:
>>
>> (1) CryptoPkgOpensslLib: Modify process_files.pl for  upgrading 
>> OpenSSL
>>
>> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>>     crypto/store/* are excluded.
>>     crypto/rand/randfile.c is excluded.
>>
>> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol 
>> issue
>>
>> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>>     Disable warnings for buiding OpenSSL_1_1_1b
>>
>> (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
>>
>> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b
>>     The biggest change is use TSC as entropy source
>>     If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter).
>>
>> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
>>
>>
>> Verification done for this series:
>> * Https boot in OvmfPkg.
>> * BaseCrypt Library test. (Ovmf, EmulatorPkg)
>>
>> Important notice:
>> Nt32Pkg doesn't support TimerLib
>>> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTem
>>> TimerLib|p
>>> TimerLib|late.inf
>> So it will failed in Nt32Pkg.
>>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Ting Ye <ting.ye@intel.com>
>>
>> Laszlo Ersek (1):
>>   CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
>>
>> Xiaoyu Lu (6):
>>   CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL
>>   CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>>   CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
>>   CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>>   CryptoPkg: Upgrade OpenSSL to 1.1.1b
>>   CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
>>
>>  CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf    |   4 +-
>>  CryptoPkg/Library/OpensslLib/OpensslLib.inf        |  76 ++++-
>>  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf  |  67 ++++-
>>  CryptoPkg/Library/Include/CrtLibSupport.h          |  13 +-
>>  CryptoPkg/Library/Include/openssl/opensslconf.h    |  54 +++-
>>  CryptoPkg/Library/Include/sys/syscall.h            |  11 +
>>  CryptoPkg/Library/OpensslLib/buildinf.h            |   2 +
>>  CryptoPkg/Library/OpensslLib/rand_pool_noise.h     |  29 ++
>>  CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c |   8 +-
>>  .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c      |   9 +-
>>  .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c    |   8 +-
>>  CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c     |  22 ++
>>  CryptoPkg/Library/OpensslLib/ossl_store.c          |  17 ++
>>  CryptoPkg/Library/OpensslLib/rand_pool.c           | 316 +++++++++++++++++++++
>>  CryptoPkg/Library/OpensslLib/rand_pool_noise.c     |  29 ++
>>  CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c |  43 +++
>>  CryptoPkg/Library/OpensslLib/openssl               |   2 +-
>>  CryptoPkg/Library/OpensslLib/process_files.pl      |  11 +-
>>  18 files changed, 669 insertions(+), 52 deletions(-)  create mode
>> 100644 CryptoPkg/Library/Include/sys/syscall.h
>>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h
>>  create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c
>>  create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c
>>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c
>>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c
>>  create mode 100644 
>> CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c
>>
> 
> Unfortunately, I've found another build issue with this series. (My apologies that I didn't discover it earlier.) It is reported in the 32-bit (ARM) build of the ArmVirtQemu platform:
> 
>   CryptoPkg/Library/OpensslLib/openssl/crypto/rand/drbg_lib.c:1028:
>   undefined reference to `__aeabi_ui2d'
> 
> The referenced line is from the drbg_add() function:
> 
>     if (buflen < seedlen || randomness < (double) seedlen) {
> 
> Beyond the failure to resolve the "__aeabi_ui2d" symbol, the edk2 
> coding style spec says, "Floating point operations are not recommended 
> in UEFI firmware." (Even though the UEFI spec describes the required 
> floating point environment for all architectures.)
> 
> So, I'm not sure what we should do here. If we think that floating point is plain evil in edk2, then we cannot rebase edk2 to OpenSSL-1.1.1b.
> 
> ... Hmmm, this seems to be the 32-bit ARM variant of [PATCH v4 3/7]!
> 
> If we find floating point generally acceptable in edk2, then Ard and Leif could help us decide please whether this 32-bit ARM issue should be fixed during the feature freeze (when fixes are still allowed), or if it justifies postponing OpenSSL 1.1.1b to the next edk2 stable tag.
> 
> Again, I'm sorry that I found this only now -- but "CryptoPkg/CryptoPkg.dsc" is multi-arch:
> 
>   SUPPORTED_ARCHITECTURES        = IA32|X64|ARM|AARCH64
> 
> thus, preferably, a CryptoPkg patch series should be at least build tested (if not boot tested) for all arches, before being posted to the mailing list.
> 
> (Yes, CI would help a lot with such issues.)
> 
> Thanks
> Laszlo
> 
> 
> 





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#40978): https://edk2.groups.io/g/devel/message/40978
Mute This Topic: https://groups.io/mt/31638503/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Posted by Laszlo Ersek 4 years, 11 months ago 
On 05/16/19 09:54, Xiaoyu lu wrote:
> This series is also available at:
> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_1b_v4
> 
> Changes:
> 
> (1) CryptoPkgOpensslLib: Modify process_files.pl for  upgrading OpenSSL
> 
> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>     crypto/store/* are excluded.
>     crypto/rand/randfile.c is excluded.
> 
> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
> 
> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>     Disable warnings for buiding OpenSSL_1_1_1b
> 
> (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
> 
> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b
>     The biggest change is use TSC as entropy source
>     If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter).
> 
> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
> 
> 
> Verification done for this series:
> * Https boot in OvmfPkg.
> * BaseCrypt Library test. (Ovmf, EmulatorPkg)
> 
> Important notice:
> Nt32Pkg doesn't support TimerLib
>> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
> So it will failed in Nt32Pkg.
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Ting Ye <ting.ye@intel.com>

This feature has missed edk2-stable201905.

Please postpone the following BZ reference:

  https://bugzilla.tianocore.org/show_bug.cgi?id=1089

from

  https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Planning#edk2-stable201905-tag-planning

to

  https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Planning#edk2-stable201908-tag-planning

Thanks,
Laszlo

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#41172): https://edk2.groups.io/g/devel/message/41172
Mute This Topic: https://groups.io/mt/31638503/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Posted by Michael D Kinney 4 years, 11 months ago 
Hi Laszlo,

Another option we can consider is delaying the
freeze windows and release date (if required) to
accommodate the OpenSSL 1.1.1b feature.

The following page shows that the current branch
being used by EDK II (1.1.0j) with EOL on 9/11/2019.

https://www.openssl.org/policies/releasestrat.html

Best regards,

Mike

> -----Original Message-----
> From: devel@edk2.groups.io
> [mailto:devel@edk2.groups.io] On Behalf Of Laszlo Ersek
> Sent: Tuesday, May 21, 2019 2:15 PM
> To: devel@edk2.groups.io; Lu, XiaoyuX
> <xiaoyux.lu@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting
> <ting.ye@intel.com>
> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg:
> Upgrade OpenSSL to 1.1.1b
> 
> On 05/16/19 09:54, Xiaoyu lu wrote:
> > This series is also available at:
> >
> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_
> to_openssl_1_1_1b_v4
> >
> > Changes:
> >
> > (1) CryptoPkgOpensslLib: Modify process_files.pl for
> upgrading OpenSSL
> >
> > (2) CryptoPkg/OpensslLib: Exclude unnecessary files
> in process_files.pl
> >     crypto/store/* are excluded.
> >     crypto/rand/randfile.c is excluded.
> >
> > (3) CryptoPkg/IntrinsicLib: Fix possible unresolved
> external symbol issue
> >
> > (4) CryptoPkg/OpensslLib: Prepare for upgrading
> OpenSSL
> >     Disable warnings for buiding OpenSSL_1_1_1b
> >
> > (5) CryptoPkg/OpensslLib: Fix cross-build problem for
> AARCH64
> >
> > (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b
> >     The biggest change is use TSC as entropy source
> >     If TSC isn't avaiable, fallback to
> TimerLib(PerformanceCounter).
> >
> > (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size
> backward compatible
> >
> >
> > Verification done for this series:
> > * Https boot in OvmfPkg.
> > * BaseCrypt Library test. (Ovmf, EmulatorPkg)
> >
> > Important notice:
> > Nt32Pkg doesn't support TimerLib
> >>
> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTi
> merLibNullTemplate.inf
> > So it will failed in Nt32Pkg.
> >
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Ting Ye <ting.ye@intel.com>
> 
> This feature has missed edk2-stable201905.
> 
> Please postpone the following BZ reference:
> 
>   https://bugzilla.tianocore.org/show_bug.cgi?id=1089
> 
> from
> 
> 
> https://github.com/tianocore/tianocore.github.io/wiki/E
> DK-II-Release-Planning#edk2-stable201905-tag-planning
> 
> to
> 
> 
> https://github.com/tianocore/tianocore.github.io/wiki/E
> DK-II-Release-Planning#edk2-stable201908-tag-planning
> 
> Thanks,
> Laszlo
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#41176): https://edk2.groups.io/g/devel/message/41176
Mute This Topic: https://groups.io/mt/31638503/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Posted by Laszlo Ersek 4 years, 11 months ago 
On 05/22/19 02:10, Kinney, Michael D wrote:
> Hi Laszlo,
> 
> Another option we can consider is delaying the
> freeze windows and release date (if required) to
> accommodate the OpenSSL 1.1.1b feature.

Yes, that's reasonable.

And, the same argument could apply to
<https://bugzilla.tianocore.org/show_bug.cgi?id=1293>.

As I just wrote in another email, we might want to generally switch to a
feature-oriented release schedule, from a purely time-based one. It
solves some issues, and raises some others (such as: feature creep,
indefinite slips, and debates about what features are critical). I'm
open to such a workflow change.

Thanks!
Laszlo

> The following page shows that the current branch
> being used by EDK II (1.1.0j) with EOL on 9/11/2019.
> 
> https://www.openssl.org/policies/releasestrat.html
> 
> Best regards,
> 
> Mike
> 
>> -----Original Message-----
>> From: devel@edk2.groups.io
>> [mailto:devel@edk2.groups.io] On Behalf Of Laszlo Ersek
>> Sent: Tuesday, May 21, 2019 2:15 PM
>> To: devel@edk2.groups.io; Lu, XiaoyuX
>> <xiaoyux.lu@intel.com>
>> Cc: Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting
>> <ting.ye@intel.com>
>> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg:
>> Upgrade OpenSSL to 1.1.1b
>>
>> On 05/16/19 09:54, Xiaoyu lu wrote:
>>> This series is also available at:
>>>
>> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_
>> to_openssl_1_1_1b_v4
>>>
>>> Changes:
>>>
>>> (1) CryptoPkgOpensslLib: Modify process_files.pl for
>> upgrading OpenSSL
>>>
>>> (2) CryptoPkg/OpensslLib: Exclude unnecessary files
>> in process_files.pl
>>>     crypto/store/* are excluded.
>>>     crypto/rand/randfile.c is excluded.
>>>
>>> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved
>> external symbol issue
>>>
>>> (4) CryptoPkg/OpensslLib: Prepare for upgrading
>> OpenSSL
>>>     Disable warnings for buiding OpenSSL_1_1_1b
>>>
>>> (5) CryptoPkg/OpensslLib: Fix cross-build problem for
>> AARCH64
>>>
>>> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b
>>>     The biggest change is use TSC as entropy source
>>>     If TSC isn't avaiable, fallback to
>> TimerLib(PerformanceCounter).
>>>
>>> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size
>> backward compatible
>>>
>>>
>>> Verification done for this series:
>>> * Https boot in OvmfPkg.
>>> * BaseCrypt Library test. (Ovmf, EmulatorPkg)
>>>
>>> Important notice:
>>> Nt32Pkg doesn't support TimerLib
>>>>
>> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTi
>> merLibNullTemplate.inf
>>> So it will failed in Nt32Pkg.
>>>
>>> Cc: Jian J Wang <jian.j.wang@intel.com>
>>> Cc: Ting Ye <ting.ye@intel.com>
>>
>> This feature has missed edk2-stable201905.
>>
>> Please postpone the following BZ reference:
>>
>>   https://bugzilla.tianocore.org/show_bug.cgi?id=1089
>>
>> from
>>
>>
>> https://github.com/tianocore/tianocore.github.io/wiki/E
>> DK-II-Release-Planning#edk2-stable201905-tag-planning
>>
>> to
>>
>>
>> https://github.com/tianocore/tianocore.github.io/wiki/E
>> DK-II-Release-Planning#edk2-stable201908-tag-planning
>>
>> Thanks,
>> Laszlo
>>
>> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#41211): https://edk2.groups.io/g/devel/message/41211
Mute This Topic: https://groups.io/mt/31638503/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Posted by Gary Lin 4 years, 11 months ago 
On Thu, May 16, 2019 at 03:54:51AM -0400, Xiaoyu lu wrote:
> This series is also available at:
> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_1b_v4
> 
> Changes:
> 
> (1) CryptoPkgOpensslLib: Modify process_files.pl for  upgrading OpenSSL
> 
> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>     crypto/store/* are excluded.
>     crypto/rand/randfile.c is excluded.
> 
> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
> 
> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>     Disable warnings for buiding OpenSSL_1_1_1b
> 
> (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
> 
> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b
>     The biggest change is use TSC as entropy source
>     If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter).
> 
> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
> 
> 
> Verification done for this series:
> * Https boot in OvmfPkg.
> * BaseCrypt Library test. (Ovmf, EmulatorPkg)
> 
My https boot test with ovmf looks good. The connection was rejected as
expected when the server certificate wasn't enrolled. The bootloader
images were downloaded after adding the certificate, and I can boot into
the installation UI in the end.

I skipped the test for aavmf since TLS is still not enabled.

For the series.
Tested-by: Gary Lin <glin@suse.com>

> Important notice:
> Nt32Pkg doesn't support TimerLib
> > TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
> So it will failed in Nt32Pkg.
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Ting Ye <ting.ye@intel.com>
> 
> Laszlo Ersek (1):
>   CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
> 
> Xiaoyu Lu (6):
>   CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL
>   CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>   CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
>   CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>   CryptoPkg: Upgrade OpenSSL to 1.1.1b
>   CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
> 
>  CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf    |   4 +-
>  CryptoPkg/Library/OpensslLib/OpensslLib.inf        |  76 ++++-
>  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf  |  67 ++++-
>  CryptoPkg/Library/Include/CrtLibSupport.h          |  13 +-
>  CryptoPkg/Library/Include/openssl/opensslconf.h    |  54 +++-
>  CryptoPkg/Library/Include/sys/syscall.h            |  11 +
>  CryptoPkg/Library/OpensslLib/buildinf.h            |   2 +
>  CryptoPkg/Library/OpensslLib/rand_pool_noise.h     |  29 ++
>  CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c |   8 +-
>  .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c      |   9 +-
>  .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c    |   8 +-
>  CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c     |  22 ++
>  CryptoPkg/Library/OpensslLib/ossl_store.c          |  17 ++
>  CryptoPkg/Library/OpensslLib/rand_pool.c           | 316 +++++++++++++++++++++
>  CryptoPkg/Library/OpensslLib/rand_pool_noise.c     |  29 ++
>  CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c |  43 +++
>  CryptoPkg/Library/OpensslLib/openssl               |   2 +-
>  CryptoPkg/Library/OpensslLib/process_files.pl      |  11 +-
>  18 files changed, 669 insertions(+), 52 deletions(-)
>  create mode 100644 CryptoPkg/Library/Include/sys/syscall.h
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h
>  create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c
> 
> -- 
> 2.7.4
> 
> 
> 
> 
> 

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#40899): https://edk2.groups.io/g/devel/message/40899
Mute This Topic: https://groups.io/mt/31638503/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Posted by Xiaoyu Lu 4 years, 11 months ago 
Gary Lin,

	Because I divided commit(PATCH v4 6/7) into two patches. Can I pick your Tested-by tag for the two patches?

Thanks
Xiaoyu
-----Original Message-----
From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Gary Lin
Sent: Friday, May 17, 2019 5:17 PM
To: devel@edk2.groups.io; Lu, XiaoyuX <xiaoyux.lu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>; Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting <ting.ye@intel.com>
Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b

On Thu, May 16, 2019 at 03:54:51AM -0400, Xiaoyu lu wrote:
> This series is also available at:
> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_
> 1b_v4
> 
> Changes:
> 
> (1) CryptoPkgOpensslLib: Modify process_files.pl for  upgrading 
> OpenSSL
> 
> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>     crypto/store/* are excluded.
>     crypto/rand/randfile.c is excluded.
> 
> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol 
> issue
> 
> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>     Disable warnings for buiding OpenSSL_1_1_1b
> 
> (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
> 
> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b
>     The biggest change is use TSC as entropy source
>     If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter).
> 
> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
> 
> 
> Verification done for this series:
> * Https boot in OvmfPkg.
> * BaseCrypt Library test. (Ovmf, EmulatorPkg)
> 
My https boot test with ovmf looks good. The connection was rejected as expected when the server certificate wasn't enrolled. The bootloader images were downloaded after adding the certificate, and I can boot into the installation UI in the end.

I skipped the test for aavmf since TLS is still not enabled.

For the series.
Tested-by: Gary Lin <glin@suse.com>

> Important notice:
> Nt32Pkg doesn't support TimerLib
> > TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTem
> > TimerLib|plate.inf
> So it will failed in Nt32Pkg.
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Ting Ye <ting.ye@intel.com>
> 
> Laszlo Ersek (1):
>   CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
> 
> Xiaoyu Lu (6):
>   CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL
>   CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>   CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
>   CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>   CryptoPkg: Upgrade OpenSSL to 1.1.1b
>   CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
> 
>  CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf    |   4 +-
>  CryptoPkg/Library/OpensslLib/OpensslLib.inf        |  76 ++++-
>  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf  |  67 ++++-
>  CryptoPkg/Library/Include/CrtLibSupport.h          |  13 +-
>  CryptoPkg/Library/Include/openssl/opensslconf.h    |  54 +++-
>  CryptoPkg/Library/Include/sys/syscall.h            |  11 +
>  CryptoPkg/Library/OpensslLib/buildinf.h            |   2 +
>  CryptoPkg/Library/OpensslLib/rand_pool_noise.h     |  29 ++
>  CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c |   8 +-
>  .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c      |   9 +-
>  .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c    |   8 +-
>  CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c     |  22 ++
>  CryptoPkg/Library/OpensslLib/ossl_store.c          |  17 ++
>  CryptoPkg/Library/OpensslLib/rand_pool.c           | 316 +++++++++++++++++++++
>  CryptoPkg/Library/OpensslLib/rand_pool_noise.c     |  29 ++
>  CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c |  43 +++
>  CryptoPkg/Library/OpensslLib/openssl               |   2 +-
>  CryptoPkg/Library/OpensslLib/process_files.pl      |  11 +-
>  18 files changed, 669 insertions(+), 52 deletions(-)  create mode 
> 100644 CryptoPkg/Library/Include/sys/syscall.h
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h
>  create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c
> 
> --
> 2.7.4
> 
> 
> 
> 
> 




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#40977): https://edk2.groups.io/g/devel/message/40977
Mute This Topic: https://groups.io/mt/31638503/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Posted by Gary Lin 4 years, 11 months ago 
On Sat, May 18, 2019 at 07:26:35AM +0000, Xiaoyu Lu wrote:
> Gary Lin,
> 
> 	Because I divided commit(PATCH v4 6/7) into two patches. Can I pick your Tested-by tag for the two patches?
> 
If there is no functional change, my "Tested-by" is still valid.
I can do the test again for v5 if you like.
BTW, I forgot to state that my "Tested-by" doesn't include "PATCH v4 5/7"
since I didn't build aarch64 aavmf due to lacking of https support.

Thanks,

Gary Lin

> Thanks
> Xiaoyu
> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Gary Lin
> Sent: Friday, May 17, 2019 5:17 PM
> To: devel@edk2.groups.io; Lu, XiaoyuX <xiaoyux.lu@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>; Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting <ting.ye@intel.com>
> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
> 
> On Thu, May 16, 2019 at 03:54:51AM -0400, Xiaoyu lu wrote:
> > This series is also available at:
> > https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_
> > 1b_v4
> > 
> > Changes:
> > 
> > (1) CryptoPkgOpensslLib: Modify process_files.pl for  upgrading 
> > OpenSSL
> > 
> > (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
> >     crypto/store/* are excluded.
> >     crypto/rand/randfile.c is excluded.
> > 
> > (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol 
> > issue
> > 
> > (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
> >     Disable warnings for buiding OpenSSL_1_1_1b
> > 
> > (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
> > 
> > (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b
> >     The biggest change is use TSC as entropy source
> >     If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter).
> > 
> > (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
> > 
> > 
> > Verification done for this series:
> > * Https boot in OvmfPkg.
> > * BaseCrypt Library test. (Ovmf, EmulatorPkg)
> > 
> My https boot test with ovmf looks good. The connection was rejected as expected when the server certificate wasn't enrolled. The bootloader images were downloaded after adding the certificate, and I can boot into the installation UI in the end.
> 
> I skipped the test for aavmf since TLS is still not enabled.
> 
> For the series.
> Tested-by: Gary Lin <glin@suse.com>
> 
> > Important notice:
> > Nt32Pkg doesn't support TimerLib
> > > TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTem
> > > TimerLib|plate.inf
> > So it will failed in Nt32Pkg.
> > 
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Ting Ye <ting.ye@intel.com>
> > 
> > Laszlo Ersek (1):
> >   CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
> > 
> > Xiaoyu Lu (6):
> >   CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL
> >   CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
> >   CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
> >   CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
> >   CryptoPkg: Upgrade OpenSSL to 1.1.1b
> >   CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
> > 
> >  CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf    |   4 +-
> >  CryptoPkg/Library/OpensslLib/OpensslLib.inf        |  76 ++++-
> >  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf  |  67 ++++-
> >  CryptoPkg/Library/Include/CrtLibSupport.h          |  13 +-
> >  CryptoPkg/Library/Include/openssl/opensslconf.h    |  54 +++-
> >  CryptoPkg/Library/Include/sys/syscall.h            |  11 +
> >  CryptoPkg/Library/OpensslLib/buildinf.h            |   2 +
> >  CryptoPkg/Library/OpensslLib/rand_pool_noise.h     |  29 ++
> >  CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c |   8 +-
> >  .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c      |   9 +-
> >  .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c    |   8 +-
> >  CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c     |  22 ++
> >  CryptoPkg/Library/OpensslLib/ossl_store.c          |  17 ++
> >  CryptoPkg/Library/OpensslLib/rand_pool.c           | 316 +++++++++++++++++++++
> >  CryptoPkg/Library/OpensslLib/rand_pool_noise.c     |  29 ++
> >  CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c |  43 +++
> >  CryptoPkg/Library/OpensslLib/openssl               |   2 +-
> >  CryptoPkg/Library/OpensslLib/process_files.pl      |  11 +-
> >  18 files changed, 669 insertions(+), 52 deletions(-)  create mode 
> > 100644 CryptoPkg/Library/Include/sys/syscall.h
> >  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h
> >  create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c
> >  create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c
> >  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c
> >  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c
> >  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c
> > 
> > --
> > 2.7.4
> > 
> > 
> > 
> > 
> > 
> 
> 
> 
> 
> 
> 
> 

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#40989): https://edk2.groups.io/g/devel/message/40989
Mute This Topic: https://groups.io/mt/31638503/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.