(https://github.com/qloong/edk2/tree/dev-openssl-stable)

Current EDKII-CryptoPkg is leveraging OpenSSL-1.0.2xx as the underlying
cryptographic provider, which requires some extra patches
(EDKII-openssl-xxxx.patch) and installation scripts for EDKII build & usage.
The latest stable version of OpenSSL was upgraded to the 1.1.0 series
of release, with lots of EDKII-specific patches integration, which make
CryptoPkg possbile to remove all extra patch and scripts for more native
build support.

This patch series is to update EDKII-CryptoPkg to support native building
with the latest OpenSSL 1.1.0xx. (By now, the latest OpenSSL stable release
is 1.1.0e). Refer "CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt" for the
information about the version and source installation.

(NOTE: The extra build options for ARM/RVCT/XCODE were kept, which expect
       further optimizations from community)

Qin Long (9):
  CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0xx build.
  CryptoPkg/OpensslLib: Remove patch file and installation scripts.
  CryptoPkg: Fix handling of &strcmp function pointers
  CryptoPkg/OpensslLib: Use new Perl script for file list generation.
  CryptoPkg: Clean-up CRT Library Wrapper.
  CryptoPkg: Add extra build option to disable VS build warning
  CryptoPkg: Update HMAC Wrapper implementation with opaque HMAC_CTX object.
  CryptoPkg: Update PK Ciphers Wrapper Implementations work with opaque objects.
  CryptoPkg/TlsLib: Update TLS Wrapper Library to align with OpenSSL changes.

 CryptoPkg/.gitignore                               |    3 +-
 CryptoPkg/CryptoPkg.dec                            |    8 +-
 CryptoPkg/Include/CrtLibSupport.h                  |  192 ++
 CryptoPkg/Include/Library/BaseCryptLib.h           |   87 +-
 CryptoPkg/Include/OpenSslSupport.h                 |  286 ---
 CryptoPkg/Include/arpa/inet.h                      |   16 -
 CryptoPkg/Include/assert.h                         |    7 +-
 CryptoPkg/Include/ctype.h                          |    7 +-
 CryptoPkg/Include/dirent.h                         |   16 -
 CryptoPkg/Include/errno.h                          |    7 +-
 CryptoPkg/Include/internal/dso_conf.h              |    0
 CryptoPkg/Include/limits.h                         |    7 +-
 CryptoPkg/Include/malloc.h                         |   16 -
 CryptoPkg/Include/math.h                           |   16 -
 CryptoPkg/Include/memory.h                         |    7 +-
 CryptoPkg/Include/netdb.h                          |   16 -
 CryptoPkg/Include/netinet/in.h                     |   16 -
 CryptoPkg/Include/openssl/opensslconf.h            |  314 +++
 CryptoPkg/Include/sgtty.h                          |   16 -
 CryptoPkg/Include/signal.h                         |   16 -
 CryptoPkg/Include/stdarg.h                         |    7 +-
 CryptoPkg/Include/stddef.h                         |    6 +-
 CryptoPkg/Include/stdio.h                          |    7 +-
 CryptoPkg/Include/stdlib.h                         |    7 +-
 CryptoPkg/Include/string.h                         |    7 +-
 CryptoPkg/Include/strings.h                        |    6 +-
 CryptoPkg/Include/sys/ioctl.h                      |   16 -
 CryptoPkg/Include/sys/param.h                      |   16 -
 CryptoPkg/Include/sys/socket.h                     |   16 -
 CryptoPkg/Include/sys/stat.h                       |   16 -
 CryptoPkg/Include/sys/time.h                       |    7 +-
 CryptoPkg/Include/sys/times.h                      |   16 -
 CryptoPkg/Include/sys/types.h                      |    7 +-
 CryptoPkg/Include/sys/un.h                         |   16 -
 CryptoPkg/Include/syslog.h                         |    6 +-
 CryptoPkg/Include/time.h                           |    6 +-
 CryptoPkg/Include/unistd.h                         |    6 +-
 CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf    |    9 +-
 CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c |   75 +-
 .../Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c   |   38 +-
 .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c      |   73 +-
 .../Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c  |   38 +-
 .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c    |   73 +-
 .../BaseCryptLib/Hmac/CryptHmacSha256Null.c        |   38 +-
 CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h  |   11 +-
 CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf     |    8 +-
 CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c        |   69 +-
 CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c |   10 +-
 .../Library/BaseCryptLib/Pk/CryptPkcs7Verify.c     |   68 +-
 CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c  |  189 +-
 CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c    |   70 +-
 CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c        |   20 +-
 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c      |   41 +-
 CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf |    8 +-
 CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf     |    6 +
 .../BaseCryptLib/SysCall/BaseMemAllocation.c       |    5 +-
 .../BaseCryptLib/SysCall/ConstantTimeClock.c       |    6 +-
 .../Library/BaseCryptLib/SysCall/CrtWrapper.c      |  156 +-
 .../Library/BaseCryptLib/SysCall/HelperWrapper.c   |   54 -
 .../BaseCryptLib/SysCall/RuntimeMemAllocation.c    |    3 +-
 .../Library/BaseCryptLib/SysCall/TimerWrapper.c    |    4 +-
 CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c  |    8 +-
 .../Library/OpensslLib/EDKII_openssl-1.0.2k.patch  | 2094 --------------------
 CryptoPkg/Library/OpensslLib/Install.cmd           |   80 -
 CryptoPkg/Library/OpensslLib/Install.sh            |   82 -
 CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt     |   36 +
 CryptoPkg/Library/OpensslLib/OpensslLib.inf        |  866 ++++----
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf  |  791 ++++----
 CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt       |   61 -
 CryptoPkg/Library/OpensslLib/buildinf.h            |    2 +-
 CryptoPkg/Library/OpensslLib/opensslconf.h         |  497 -----
 CryptoPkg/Library/OpensslLib/process_files.pl      |  223 +++
 CryptoPkg/Library/OpensslLib/process_files.sh      |  110 -
 CryptoPkg/Library/TlsLib/InternalTlsLib.h          |    6 +-
 CryptoPkg/Library/TlsLib/TlsConfig.c               |   21 +-
 CryptoPkg/Library/TlsLib/TlsInit.c                 |   19 +-
 CryptoPkg/Library/TlsLib/TlsLib.inf                |    9 +-
 77 files changed, 2406 insertions(+), 4792 deletions(-)
 create mode 100644 CryptoPkg/Include/CrtLibSupport.h
 delete mode 100644 CryptoPkg/Include/OpenSslSupport.h
 delete mode 100644 CryptoPkg/Include/arpa/inet.h
 delete mode 100644 CryptoPkg/Include/dirent.h
 create mode 100644 CryptoPkg/Include/internal/dso_conf.h
 delete mode 100644 CryptoPkg/Include/malloc.h
 delete mode 100644 CryptoPkg/Include/math.h
 delete mode 100644 CryptoPkg/Include/netdb.h
 delete mode 100644 CryptoPkg/Include/netinet/in.h
 create mode 100644 CryptoPkg/Include/openssl/opensslconf.h
 delete mode 100644 CryptoPkg/Include/sgtty.h
 delete mode 100644 CryptoPkg/Include/signal.h
 delete mode 100644 CryptoPkg/Include/sys/ioctl.h
 delete mode 100644 CryptoPkg/Include/sys/param.h
 delete mode 100644 CryptoPkg/Include/sys/socket.h
 delete mode 100644 CryptoPkg/Include/sys/stat.h
 delete mode 100644 CryptoPkg/Include/sys/times.h
 delete mode 100644 CryptoPkg/Include/sys/un.h
 delete mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/HelperWrapper.c
 delete mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2k.patch
 delete mode 100755 CryptoPkg/Library/OpensslLib/Install.cmd
 delete mode 100755 CryptoPkg/Library/OpensslLib/Install.sh
 create mode 100644 CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
 delete mode 100644 CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
 delete mode 100644 CryptoPkg/Library/OpensslLib/opensslconf.h
 create mode 100644 CryptoPkg/Library/OpensslLib/process_files.pl
 delete mode 100755 CryptoPkg/Library/OpensslLib/process_files.sh

-- 
2.11.1.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Long:
  I find several issues. Could you help clarify them? 

1. OpenSsl branch should be OpenSSL_1_1_0-stable instead of OpenSSL_1_1_0e. Could you update OpenSSL-HOWTO.txt? 
2. process_files.pl in CryptoPkg\Library\OpensslLib still required?
3. $(OPENSSL_PATH)/crypto/aes/aes_cbc.c exists in the clone openssl directory. They are not auto generated files. Why comments in inf says auto generation for them? 

Thanks
Liming
>-----Original Message-----
>From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Qin
>Long
>Sent: Tuesday, March 21, 2017 11:56 PM
>To: edk2-devel@lists.01.org
>Cc: ard.biesheuvel@linaro.org; Ye, Ting <ting.ye@intel.com>;
>ronald.cron@arm.com; Wu, Jiaxin <jiaxin.wu@intel.com>; glin@suse.com;
>lersek@redhat.com
>Subject: [edk2] [PATCH v1 0/9] *** Upgrade CryptoPkg to use the latest
>OpenSSL 1.1.0xx/stable release ***
>
>(https://github.com/qloong/edk2/tree/dev-openssl-stable)
>
>Current EDKII-CryptoPkg is leveraging OpenSSL-1.0.2xx as the underlying
>cryptographic provider, which requires some extra patches
>(EDKII-openssl-xxxx.patch) and installation scripts for EDKII build & usage.
>The latest stable version of OpenSSL was upgraded to the 1.1.0 series
>of release, with lots of EDKII-specific patches integration, which make
>CryptoPkg possbile to remove all extra patch and scripts for more native
>build support.
>
>This patch series is to update EDKII-CryptoPkg to support native building
>with the latest OpenSSL 1.1.0xx. (By now, the latest OpenSSL stable release
>is 1.1.0e). Refer "CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt" for the
>information about the version and source installation.
>
>(NOTE: The extra build options for ARM/RVCT/XCODE were kept, which
>expect
>       further optimizations from community)
>
>Qin Long (9):
>  CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0xx build.
>  CryptoPkg/OpensslLib: Remove patch file and installation scripts.
>  CryptoPkg: Fix handling of &strcmp function pointers
>  CryptoPkg/OpensslLib: Use new Perl script for file list generation.
>  CryptoPkg: Clean-up CRT Library Wrapper.
>  CryptoPkg: Add extra build option to disable VS build warning
>  CryptoPkg: Update HMAC Wrapper implementation with opaque HMAC_CTX
>object.
>  CryptoPkg: Update PK Ciphers Wrapper Implementations work with opaque
>objects.
>  CryptoPkg/TlsLib: Update TLS Wrapper Library to align with OpenSSL changes.
>
> CryptoPkg/.gitignore                               |    3 +-
> CryptoPkg/CryptoPkg.dec                            |    8 +-
> CryptoPkg/Include/CrtLibSupport.h                  |  192 ++
> CryptoPkg/Include/Library/BaseCryptLib.h           |   87 +-
> CryptoPkg/Include/OpenSslSupport.h                 |  286 ---
> CryptoPkg/Include/arpa/inet.h                      |   16 -
> CryptoPkg/Include/assert.h                         |    7 +-
> CryptoPkg/Include/ctype.h                          |    7 +-
> CryptoPkg/Include/dirent.h                         |   16 -
> CryptoPkg/Include/errno.h                          |    7 +-
> CryptoPkg/Include/internal/dso_conf.h              |    0
> CryptoPkg/Include/limits.h                         |    7 +-
> CryptoPkg/Include/malloc.h                         |   16 -
> CryptoPkg/Include/math.h                           |   16 -
> CryptoPkg/Include/memory.h                         |    7 +-
> CryptoPkg/Include/netdb.h                          |   16 -
> CryptoPkg/Include/netinet/in.h                     |   16 -
> CryptoPkg/Include/openssl/opensslconf.h            |  314 +++
> CryptoPkg/Include/sgtty.h                          |   16 -
> CryptoPkg/Include/signal.h                         |   16 -
> CryptoPkg/Include/stdarg.h                         |    7 +-
> CryptoPkg/Include/stddef.h                         |    6 +-
> CryptoPkg/Include/stdio.h                          |    7 +-
> CryptoPkg/Include/stdlib.h                         |    7 +-
> CryptoPkg/Include/string.h                         |    7 +-
> CryptoPkg/Include/strings.h                        |    6 +-
> CryptoPkg/Include/sys/ioctl.h                      |   16 -
> CryptoPkg/Include/sys/param.h                      |   16 -
> CryptoPkg/Include/sys/socket.h                     |   16 -
> CryptoPkg/Include/sys/stat.h                       |   16 -
> CryptoPkg/Include/sys/time.h                       |    7 +-
> CryptoPkg/Include/sys/times.h                      |   16 -
> CryptoPkg/Include/sys/types.h                      |    7 +-
> CryptoPkg/Include/sys/un.h                         |   16 -
> CryptoPkg/Include/syslog.h                         |    6 +-
> CryptoPkg/Include/time.h                           |    6 +-
> CryptoPkg/Include/unistd.h                         |    6 +-
> CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf    |    9 +-
> CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c |   75 +-
> .../Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c   |   38 +-
> .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c      |   73 +-
> .../Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c  |   38 +-
> .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c    |   73 +-
> .../BaseCryptLib/Hmac/CryptHmacSha256Null.c        |   38 +-
> CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h  |   11 +-
> CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf     |    8 +-
> CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c        |   69 +-
> CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c |   10 +-
> .../Library/BaseCryptLib/Pk/CryptPkcs7Verify.c     |   68 +-
> CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c  |  189 +-
> CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c    |   70 +-
> CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c        |   20 +-
> CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c      |   41 +-
> CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf |    8 +-
> CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf     |    6 +
> .../BaseCryptLib/SysCall/BaseMemAllocation.c       |    5 +-
> .../BaseCryptLib/SysCall/ConstantTimeClock.c       |    6 +-
> .../Library/BaseCryptLib/SysCall/CrtWrapper.c      |  156 +-
> .../Library/BaseCryptLib/SysCall/HelperWrapper.c   |   54 -
> .../BaseCryptLib/SysCall/RuntimeMemAllocation.c    |    3 +-
> .../Library/BaseCryptLib/SysCall/TimerWrapper.c    |    4 +-
> CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c  |    8 +-
> .../Library/OpensslLib/EDKII_openssl-1.0.2k.patch  | 2094 --------------------
> CryptoPkg/Library/OpensslLib/Install.cmd           |   80 -
> CryptoPkg/Library/OpensslLib/Install.sh            |   82 -
> CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt     |   36 +
> CryptoPkg/Library/OpensslLib/OpensslLib.inf        |  866 ++++----
> CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf  |  791 ++++----
> CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt       |   61 -
> CryptoPkg/Library/OpensslLib/buildinf.h            |    2 +-
> CryptoPkg/Library/OpensslLib/opensslconf.h         |  497 -----
> CryptoPkg/Library/OpensslLib/process_files.pl      |  223 +++
> CryptoPkg/Library/OpensslLib/process_files.sh      |  110 -
> CryptoPkg/Library/TlsLib/InternalTlsLib.h          |    6 +-
> CryptoPkg/Library/TlsLib/TlsConfig.c               |   21 +-
> CryptoPkg/Library/TlsLib/TlsInit.c                 |   19 +-
> CryptoPkg/Library/TlsLib/TlsLib.inf                |    9 +-
> 77 files changed, 2406 insertions(+), 4792 deletions(-)
> create mode 100644 CryptoPkg/Include/CrtLibSupport.h
> delete mode 100644 CryptoPkg/Include/OpenSslSupport.h
> delete mode 100644 CryptoPkg/Include/arpa/inet.h
> delete mode 100644 CryptoPkg/Include/dirent.h
> create mode 100644 CryptoPkg/Include/internal/dso_conf.h
> delete mode 100644 CryptoPkg/Include/malloc.h
> delete mode 100644 CryptoPkg/Include/math.h
> delete mode 100644 CryptoPkg/Include/netdb.h
> delete mode 100644 CryptoPkg/Include/netinet/in.h
> create mode 100644 CryptoPkg/Include/openssl/opensslconf.h
> delete mode 100644 CryptoPkg/Include/sgtty.h
> delete mode 100644 CryptoPkg/Include/signal.h
> delete mode 100644 CryptoPkg/Include/sys/ioctl.h
> delete mode 100644 CryptoPkg/Include/sys/param.h
> delete mode 100644 CryptoPkg/Include/sys/socket.h
> delete mode 100644 CryptoPkg/Include/sys/stat.h
> delete mode 100644 CryptoPkg/Include/sys/times.h
> delete mode 100644 CryptoPkg/Include/sys/un.h
> delete mode 100644
>CryptoPkg/Library/BaseCryptLib/SysCall/HelperWrapper.c
> delete mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-
>1.0.2k.patch
> delete mode 100755 CryptoPkg/Library/OpensslLib/Install.cmd
> delete mode 100755 CryptoPkg/Library/OpensslLib/Install.sh
> create mode 100644 CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
> delete mode 100644 CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
> delete mode 100644 CryptoPkg/Library/OpensslLib/opensslconf.h
> create mode 100644 CryptoPkg/Library/OpensslLib/process_files.pl
> delete mode 100755 CryptoPkg/Library/OpensslLib/process_files.sh
>
>--
>2.11.1.windows.1
>
>_______________________________________________
>edk2-devel mailing list
>edk2-devel@lists.01.org
>https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

> -----Original Message-----
> From: Gao, Liming
> Sent: Wednesday, March 22, 2017 10:23 AM
> To: Long, Qin; edk2-devel@lists.01.org
> Cc: ard.biesheuvel@linaro.org; Ye, Ting; ronald.cron@arm.com; Wu, Jiaxin;
> glin@suse.com; lersek@redhat.com
> Subject: RE: [edk2] [PATCH v1 0/9] *** Upgrade CryptoPkg to use the latest
> OpenSSL 1.1.0xx/stable release ***
> 
> Long:
>   I find several issues. Could you help clarify them?
> 
> 1. OpenSsl branch should be OpenSSL_1_1_0-stable instead of
> OpenSSL_1_1_0e. Could you update OpenSSL-HOWTO.txt?

Yes, the latest branch is OpenSSL_1_1_0-stable, and OpenSSL_1_1_0e
 is one formal tag for the latest release. These two versions were validated 
by now.
I am thinking if it's better to stick to one formal release in EDK2 by default,
and user can clone their code base with Git (1.1.0xx tag, branch, 
even HEAD, which was just not fully validated and no guarantees on build
 & functionality). 
Will update HOWTO for more information. 

> 2. process_files.pl in CryptoPkg\Library\OpensslLib still required?

Not required. The INF and opensslconf.h were already generated in EDK2 
for direct use, if user follow the HOWTO to choose the code base. 
This is just provided for any customizations (on OpenSSL version
change, or build flags updates.), and future OpenSSL version upgrade. 

> 3. $(OPENSSL_PATH)/crypto/aes/aes_cbc.c exists in the clone openssl
> directory. They are not auto generated files. Why comments in inf says auto
> generation for them?

It's the generated file list, not file.
The file list in OpensslLib[Crypto].INF was generated from "process_files.pl",
to include all needed openssl sources for building.  
We will not maintain this file list manually in the future. Just use "process_file.pl"
to update the INF file if any new OpenSSL version. 

> 
> Thanks
> Liming
> >-----Original Message-----
> >From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> >Qin Long
> >Sent: Tuesday, March 21, 2017 11:56 PM
> >To: edk2-devel@lists.01.org
> >Cc: ard.biesheuvel@linaro.org; Ye, Ting <ting.ye@intel.com>;
> >ronald.cron@arm.com; Wu, Jiaxin <jiaxin.wu@intel.com>; glin@suse.com;
> >lersek@redhat.com
> >Subject: [edk2] [PATCH v1 0/9] *** Upgrade CryptoPkg to use the latest
> >OpenSSL 1.1.0xx/stable release ***
> >
> >(https://github.com/qloong/edk2/tree/dev-openssl-stable)
> >
> >Current EDKII-CryptoPkg is leveraging OpenSSL-1.0.2xx as the underlying
> >cryptographic provider, which requires some extra patches
> >(EDKII-openssl-xxxx.patch) and installation scripts for EDKII build & usage.
> >The latest stable version of OpenSSL was upgraded to the 1.1.0 series
> >of release, with lots of EDKII-specific patches integration, which make
> >CryptoPkg possbile to remove all extra patch and scripts for more
> >native build support.
> >
> >This patch series is to update EDKII-CryptoPkg to support native
> >building with the latest OpenSSL 1.1.0xx. (By now, the latest OpenSSL
> >stable release is 1.1.0e). Refer
> >"CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt" for the information
> about the version and source installation.
> >
> >(NOTE: The extra build options for ARM/RVCT/XCODE were kept, which
> >expect
> >       further optimizations from community)
> >
> >Qin Long (9):
> >  CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0xx build.
> >  CryptoPkg/OpensslLib: Remove patch file and installation scripts.
> >  CryptoPkg: Fix handling of &strcmp function pointers
> >  CryptoPkg/OpensslLib: Use new Perl script for file list generation.
> >  CryptoPkg: Clean-up CRT Library Wrapper.
> >  CryptoPkg: Add extra build option to disable VS build warning
> >  CryptoPkg: Update HMAC Wrapper implementation with opaque
> HMAC_CTX
> >object.
> >  CryptoPkg: Update PK Ciphers Wrapper Implementations work with
> opaque
> >objects.
> >  CryptoPkg/TlsLib: Update TLS Wrapper Library to align with OpenSSL
> changes.
> >
> > CryptoPkg/.gitignore                               |    3 +-
> > CryptoPkg/CryptoPkg.dec                            |    8 +-
> > CryptoPkg/Include/CrtLibSupport.h                  |  192 ++
> > CryptoPkg/Include/Library/BaseCryptLib.h           |   87 +-
> > CryptoPkg/Include/OpenSslSupport.h                 |  286 ---
> > CryptoPkg/Include/arpa/inet.h                      |   16 -
> > CryptoPkg/Include/assert.h                         |    7 +-
> > CryptoPkg/Include/ctype.h                          |    7 +-
> > CryptoPkg/Include/dirent.h                         |   16 -
> > CryptoPkg/Include/errno.h                          |    7 +-
> > CryptoPkg/Include/internal/dso_conf.h              |    0
> > CryptoPkg/Include/limits.h                         |    7 +-
> > CryptoPkg/Include/malloc.h                         |   16 -
> > CryptoPkg/Include/math.h                           |   16 -
> > CryptoPkg/Include/memory.h                         |    7 +-
> > CryptoPkg/Include/netdb.h                          |   16 -
> > CryptoPkg/Include/netinet/in.h                     |   16 -
> > CryptoPkg/Include/openssl/opensslconf.h            |  314 +++
> > CryptoPkg/Include/sgtty.h                          |   16 -
> > CryptoPkg/Include/signal.h                         |   16 -
> > CryptoPkg/Include/stdarg.h                         |    7 +-
> > CryptoPkg/Include/stddef.h                         |    6 +-
> > CryptoPkg/Include/stdio.h                          |    7 +-
> > CryptoPkg/Include/stdlib.h                         |    7 +-
> > CryptoPkg/Include/string.h                         |    7 +-
> > CryptoPkg/Include/strings.h                        |    6 +-
> > CryptoPkg/Include/sys/ioctl.h                      |   16 -
> > CryptoPkg/Include/sys/param.h                      |   16 -
> > CryptoPkg/Include/sys/socket.h                     |   16 -
> > CryptoPkg/Include/sys/stat.h                       |   16 -
> > CryptoPkg/Include/sys/time.h                       |    7 +-
> > CryptoPkg/Include/sys/times.h                      |   16 -
> > CryptoPkg/Include/sys/types.h                      |    7 +-
> > CryptoPkg/Include/sys/un.h                         |   16 -
> > CryptoPkg/Include/syslog.h                         |    6 +-
> > CryptoPkg/Include/time.h                           |    6 +-
> > CryptoPkg/Include/unistd.h                         |    6 +-
> > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf    |    9 +-
> > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c |   75 +-
> > .../Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c   |   38 +-
> > .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c      |   73 +-
> > .../Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c  |   38 +-
> > .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c    |   73 +-
> > .../BaseCryptLib/Hmac/CryptHmacSha256Null.c        |   38 +-
> > CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h  |   11 +-
> > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf     |    8 +-
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c        |   69 +-
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c |   10 +-
> > .../Library/BaseCryptLib/Pk/CryptPkcs7Verify.c     |   68 +-
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c  |  189 +-
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c    |   70 +-
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c        |   20 +-
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c      |   41 +-
> > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf |    8 +-
> > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf     |    6 +
> > .../BaseCryptLib/SysCall/BaseMemAllocation.c       |    5 +-
> > .../BaseCryptLib/SysCall/ConstantTimeClock.c       |    6 +-
> > .../Library/BaseCryptLib/SysCall/CrtWrapper.c      |  156 +-
> > .../Library/BaseCryptLib/SysCall/HelperWrapper.c   |   54 -
> > .../BaseCryptLib/SysCall/RuntimeMemAllocation.c    |    3 +-
> > .../Library/BaseCryptLib/SysCall/TimerWrapper.c    |    4 +-
> > CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c  |    8 +-
> > .../Library/OpensslLib/EDKII_openssl-1.0.2k.patch  | 2094 --------------------
> > CryptoPkg/Library/OpensslLib/Install.cmd           |   80 -
> > CryptoPkg/Library/OpensslLib/Install.sh            |   82 -
> > CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt     |   36 +
> > CryptoPkg/Library/OpensslLib/OpensslLib.inf        |  866 ++++----
> > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf  |  791 ++++----
> > CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt       |   61 -
> > CryptoPkg/Library/OpensslLib/buildinf.h            |    2 +-
> > CryptoPkg/Library/OpensslLib/opensslconf.h         |  497 -----
> > CryptoPkg/Library/OpensslLib/process_files.pl      |  223 +++
> > CryptoPkg/Library/OpensslLib/process_files.sh      |  110 -
> > CryptoPkg/Library/TlsLib/InternalTlsLib.h          |    6 +-
> > CryptoPkg/Library/TlsLib/TlsConfig.c               |   21 +-
> > CryptoPkg/Library/TlsLib/TlsInit.c                 |   19 +-
> > CryptoPkg/Library/TlsLib/TlsLib.inf                |    9 +-
> > 77 files changed, 2406 insertions(+), 4792 deletions(-)  create mode
> >100644 CryptoPkg/Include/CrtLibSupport.h  delete mode 100644
> >CryptoPkg/Include/OpenSslSupport.h
> > delete mode 100644 CryptoPkg/Include/arpa/inet.h  delete mode 100644
> >CryptoPkg/Include/dirent.h  create mode 100644
> >CryptoPkg/Include/internal/dso_conf.h
> > delete mode 100644 CryptoPkg/Include/malloc.h  delete mode 100644
> >CryptoPkg/Include/math.h  delete mode 100644
> CryptoPkg/Include/netdb.h
> >delete mode 100644 CryptoPkg/Include/netinet/in.h  create mode 100644
> >CryptoPkg/Include/openssl/opensslconf.h
> > delete mode 100644 CryptoPkg/Include/sgtty.h  delete mode 100644
> >CryptoPkg/Include/signal.h  delete mode 100644
> >CryptoPkg/Include/sys/ioctl.h  delete mode 100644
> >CryptoPkg/Include/sys/param.h  delete mode 100644
> >CryptoPkg/Include/sys/socket.h  delete mode 100644
> >CryptoPkg/Include/sys/stat.h  delete mode 100644
> >CryptoPkg/Include/sys/times.h  delete mode 100644
> >CryptoPkg/Include/sys/un.h  delete mode 100644
> >CryptoPkg/Library/BaseCryptLib/SysCall/HelperWrapper.c
> > delete mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-
> >1.0.2k.patch
> > delete mode 100755 CryptoPkg/Library/OpensslLib/Install.cmd
> > delete mode 100755 CryptoPkg/Library/OpensslLib/Install.sh
> > create mode 100644 CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
> > delete mode 100644 CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
> > delete mode 100644 CryptoPkg/Library/OpensslLib/opensslconf.h
> > create mode 100644 CryptoPkg/Library/OpensslLib/process_files.pl
> > delete mode 100755 CryptoPkg/Library/OpensslLib/process_files.sh
> >
> >--
> >2.11.1.windows.1
> >
> >_______________________________________________
> >edk2-devel mailing list
> >edk2-devel@lists.01.org
> >https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

On 03/21/17 16:56, Qin Long wrote:
> (https://github.com/qloong/edk2/tree/dev-openssl-stable)
> 
> Current EDKII-CryptoPkg is leveraging OpenSSL-1.0.2xx as the underlying
> cryptographic provider, which requires some extra patches
> (EDKII-openssl-xxxx.patch) and installation scripts for EDKII build & usage.
> The latest stable version of OpenSSL was upgraded to the 1.1.0 series
> of release, with lots of EDKII-specific patches integration, which make
> CryptoPkg possbile to remove all extra patch and scripts for more native
> build support.
> 
> This patch series is to update EDKII-CryptoPkg to support native building
> with the latest OpenSSL 1.1.0xx. (By now, the latest OpenSSL stable release
> is 1.1.0e). Refer "CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt" for the
> information about the version and source installation.
> 
> (NOTE: The extra build options for ARM/RVCT/XCODE were kept, which expect
>        further optimizations from community)
> 
> Qin Long (9):
>   CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0xx build.
>   CryptoPkg/OpensslLib: Remove patch file and installation scripts.
>   CryptoPkg: Fix handling of &strcmp function pointers
>   CryptoPkg/OpensslLib: Use new Perl script for file list generation.
>   CryptoPkg: Clean-up CRT Library Wrapper.
>   CryptoPkg: Add extra build option to disable VS build warning
>   CryptoPkg: Update HMAC Wrapper implementation with opaque HMAC_CTX object.
>   CryptoPkg: Update PK Ciphers Wrapper Implementations work with opaque objects.
>   CryptoPkg/TlsLib: Update TLS Wrapper Library to align with OpenSSL changes.

* I build-tested this series with ArmVirtQemu, as in:

build -a AARCH64 -t GCC5 -p ArmVirtPkg/ArmVirtQemu.dsc \
  -n 12 -b DEBUG -D DEBUG_PRINT_ERROR_LEVEL=0x8040004F \
  -D PURE_ACPI_BOOT_ENABLE --cmd-len=65536 -D SECURE_BOOT_ENABLE

Note that the buid does not cover TLS functionality (patch #9), because
ArmVirtQemu uses "OpensslLibCrypto.inf"

* I did some functional testing with OVMF (Ia32X64), again without
enabling TLS (so patch #9 was likely not exercised.) Secure Boot remains
enabled & working for VMs that had it enabled earlier. Also, deleting
the PK, and re-enrolling all the keys (re-enabling SB) works too.
Unsigned images are rejected.

If this was the final version of the set, I'd give my T-b, for patches
1-8. But, I think you are going to submit a v2 anyway, which I'll have
to test again.

(I tested v1 to see if there was a functional problem that I should report.)

Thanks!
Laszlo
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Thank you, Ersek.

The comments looks good to me.  
Yes, I will send out the V2 patches to integrate those comments, after we finish the validations on TLS/HTTPS part with Thomas's suggestions about TlsLib wrapper.


Best Regards & Thanks,
LONG, Qin

> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Wednesday, March 22, 2017 9:02 PM
> To: Long, Qin <qin.long@intel.com>; edk2-devel@lists.01.org
> Cc: ard.biesheuvel@linaro.org; Ye, Ting <ting.ye@intel.com>;
> ronald.cron@arm.com; Wu, Jiaxin <jiaxin.wu@intel.com>; glin@suse.com
> Subject: Re: [edk2] [PATCH v1 0/9] *** Upgrade CryptoPkg to use the latest
> OpenSSL 1.1.0xx/stable release ***
> 
> On 03/21/17 16:56, Qin Long wrote:
> > (https://github.com/qloong/edk2/tree/dev-openssl-stable)
> >
> > Current EDKII-CryptoPkg is leveraging OpenSSL-1.0.2xx as the
> > underlying cryptographic provider, which requires some extra patches
> > (EDKII-openssl-xxxx.patch) and installation scripts for EDKII build & usage.
> > The latest stable version of OpenSSL was upgraded to the 1.1.0 series
> > of release, with lots of EDKII-specific patches integration, which
> > make CryptoPkg possbile to remove all extra patch and scripts for more
> > native build support.
> >
> > This patch series is to update EDKII-CryptoPkg to support native
> > building with the latest OpenSSL 1.1.0xx. (By now, the latest OpenSSL
> > stable release is 1.1.0e). Refer
> > "CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt" for the information
> about the version and source installation.
> >
> > (NOTE: The extra build options for ARM/RVCT/XCODE were kept, which
> expect
> >        further optimizations from community)
> >
> > Qin Long (9):
> >   CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0xx build.
> >   CryptoPkg/OpensslLib: Remove patch file and installation scripts.
> >   CryptoPkg: Fix handling of &strcmp function pointers
> >   CryptoPkg/OpensslLib: Use new Perl script for file list generation.
> >   CryptoPkg: Clean-up CRT Library Wrapper.
> >   CryptoPkg: Add extra build option to disable VS build warning
> >   CryptoPkg: Update HMAC Wrapper implementation with opaque
> HMAC_CTX object.
> >   CryptoPkg: Update PK Ciphers Wrapper Implementations work with
> opaque objects.
> >   CryptoPkg/TlsLib: Update TLS Wrapper Library to align with OpenSSL
> changes.
> 
> * I build-tested this series with ArmVirtQemu, as in:
> 
> build -a AARCH64 -t GCC5 -p ArmVirtPkg/ArmVirtQemu.dsc \
>   -n 12 -b DEBUG -D DEBUG_PRINT_ERROR_LEVEL=0x8040004F \
>   -D PURE_ACPI_BOOT_ENABLE --cmd-len=65536 -D SECURE_BOOT_ENABLE
> 
> Note that the buid does not cover TLS functionality (patch #9), because
> ArmVirtQemu uses "OpensslLibCrypto.inf"
> 
> * I did some functional testing with OVMF (Ia32X64), again without enabling
> TLS (so patch #9 was likely not exercised.) Secure Boot remains enabled &
> working for VMs that had it enabled earlier. Also, deleting the PK, and re-
> enrolling all the keys (re-enabling SB) works too.
> Unsigned images are rejected.
> 
> If this was the final version of the set, I'd give my T-b, for patches 1-8. But, I
> think you are going to submit a v2 anyway, which I'll have to test again.
> 
> (I tested v1 to see if there was a functional problem that I should report.)
> 
> Thanks!
> Laszlo
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel