public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Xiaoyu lu" <xiaoyux.lu@intel.com>
To: devel@edk2.groups.io
Cc: lersek@redhat.com, Xiaoyu Lu <xiaoyux.lu@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>, Ting Ye <ting.ye@intel.com>
Subject: [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Date: Thu,  9 May 2019 01:23:48 -0400	[thread overview]
Message-ID: <1557379429-7527-5-git-send-email-xiaoyux.lu@intel.com> (raw)
In-Reply-To: <1557379429-7527-1-git-send-email-xiaoyux.lu@intel.com>

From: Xiaoyu Lu <xiaoyux.lu@intel.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1089

Update OpenSSL submodule to OpenSSL_1_1_1b
  OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687)

Run process_files.pl script to regenerate OpensslLib[Crypto].inf
  and opensslconf.h

Remove NO_SYSLOG from OpensslLib[Crypto].inf
  When OPENSSL_SYS_UEFI is defined, NO_SYSLOG not be defined
  in OpenSSL_1_1_0j(74f2d9c1ec5f), but in
  OpenSSL_1_1_1b(50eaac9f333), NO_SYSLOG will
  be defined(e_os.h line 47).

Add compiler_flags to buildinf.h file.

>From OpenSSL_1_1_0i(97c0959f27b294fe1eb10b547145ebef2524b896) to
OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687), OpenSSL
updated DRBG / RAND to request nonce and additional low entropy
randomness from system(line 229 openssl/CHANGES).
git diff OpenSSL_1_1_0i OpenSSL_1_1_1b crypto/include/internal/rand_int.h
git diff OpenSSL_1_1_0i OpenSSL_1_1_1b crypto/rand/rand_unix.c
But it is not implement for UEFI.
Since OpenSSL_1_1_1b doesn't fully implement it. So add a new
file(rand_pool.c) and implement it base on TimerLib.
* rand_pool_acquire_entropy
* rand_pool_add_nonce_data
* rand_pool_add_additional_data
* rand_pool_init
* rand_pool_cleanup
* rand_pool_keep_random_devices_open

We don't need ossl_store functions. So dummy implement them.
add a new file(ossl_store.c) to implement ossl_store_cleanup_int function.

BUFSIZ is used by crypto/evp/evp_key.c(OpenSSL_1_1_1b)
And it is declared in stdio.h. So add it to CrtLibSupport.h.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
---
 CryptoPkg/Library/Include/CrtLibSupport.h         |   8 +
 CryptoPkg/Library/Include/openssl/opensslconf.h   |  54 ++--
 CryptoPkg/Library/OpensslLib/OpensslLib.inf       |  44 +++-
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf |  35 ++-
 CryptoPkg/Library/OpensslLib/buildinf.h           |   2 +
 CryptoPkg/Library/OpensslLib/openssl              |   2 +-
 CryptoPkg/Library/OpensslLib/ossl_store.c         |  17 ++
 CryptoPkg/Library/OpensslLib/rand_pool.c          | 292 ++++++++++++++++++++++
 8 files changed, 425 insertions(+), 29 deletions(-)
 create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c
 create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c

diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
index b05c5d9..193f8de 100644
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
@@ -21,6 +21,14 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define MAX_STRING_SIZE  0x1000
 
 //
+// BUFSIZ used in evp_key.c
+// This is defined in CRT library(stdio.h).
+//
+#ifndef BUFSIZ
+#define BUFSIZ  8192
+#endif
+
+//
 // OpenSSL relies on explicit configuration for word size in crypto/bn,
 // but we want it to be automatically inferred from the target. So we
 // bypass what's in <openssl/opensslconf.h> for OPENSSL_SYS_UEFI, and
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 28dd9ab..07fa2d3 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -10,6 +10,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <openssl/opensslv.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -77,18 +79,21 @@ extern "C" {
 #ifndef OPENSSL_NO_SEED
 # define OPENSSL_NO_SEED
 #endif
+#ifndef OPENSSL_NO_SM2
+# define OPENSSL_NO_SM2
+#endif
 #ifndef OPENSSL_NO_SRP
 # define OPENSSL_NO_SRP
 #endif
 #ifndef OPENSSL_NO_TS
 # define OPENSSL_NO_TS
 #endif
-#ifndef OPENSSL_NO_UI
-# define OPENSSL_NO_UI
-#endif
 #ifndef OPENSSL_NO_WHIRLPOOL
 # define OPENSSL_NO_WHIRLPOOL
 #endif
+#ifndef OPENSSL_RAND_SEED_NONE
+# define OPENSSL_RAND_SEED_NONE
+#endif
 #ifndef OPENSSL_NO_AFALGENG
 # define OPENSSL_NO_AFALGENG
 #endif
@@ -122,6 +127,9 @@ extern "C" {
 #ifndef OPENSSL_NO_DEPRECATED
 # define OPENSSL_NO_DEPRECATED
 #endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
 #ifndef OPENSSL_NO_DGRAM
 # define OPENSSL_NO_DGRAM
 #endif
@@ -155,6 +163,9 @@ extern "C" {
 #ifndef OPENSSL_NO_ERR
 # define OPENSSL_NO_ERR
 #endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
 #ifndef OPENSSL_NO_FILENAMES
 # define OPENSSL_NO_FILENAMES
 #endif
@@ -209,15 +220,24 @@ extern "C" {
 #ifndef OPENSSL_NO_TESTS
 # define OPENSSL_NO_TESTS
 #endif
+#ifndef OPENSSL_NO_TLS1_3
+# define OPENSSL_NO_TLS1_3
+#endif
 #ifndef OPENSSL_NO_UBSAN
 # define OPENSSL_NO_UBSAN
 #endif
+#ifndef OPENSSL_NO_UI_CONSOLE
+# define OPENSSL_NO_UI_CONSOLE
+#endif
 #ifndef OPENSSL_NO_UNIT_TEST
 # define OPENSSL_NO_UNIT_TEST
 #endif
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 # define OPENSSL_NO_WEAK_SSL_CIPHERS
 #endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
 #ifndef OPENSSL_NO_AFALGENG
 # define OPENSSL_NO_AFALGENG
 #endif
@@ -236,15 +256,11 @@ extern "C" {
  * functions.
  */
 #ifndef DECLARE_DEPRECATED
-# if defined(OPENSSL_NO_DEPRECATED)
-#  define DECLARE_DEPRECATED(f)
-# else
-#  define DECLARE_DEPRECATED(f)   f;
-#  ifdef __GNUC__
-#   if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
-#    undef DECLARE_DEPRECATED
-#    define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
-#   endif
+# define DECLARE_DEPRECATED(f)   f;
+# ifdef __GNUC__
+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
 #  endif
 # endif
 #endif
@@ -268,6 +284,18 @@ extern "C" {
 # define OPENSSL_API_COMPAT OPENSSL_MIN_API
 #endif
 
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
 #if OPENSSL_API_COMPAT < 0x10100000L
 # define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
 #else
@@ -286,8 +314,6 @@ extern "C" {
 # define DEPRECATEDIN_0_9_8(f)
 #endif
 
-
-
 /* Generate 80386 code? */
 #undef I386_ONLY
 
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index f4d7772..5e6b99e 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -15,13 +15,15 @@
   VERSION_STRING                 = 1.0
   LIBRARY_CLASS                  = OpensslLib
   DEFINE OPENSSL_PATH            = openssl
-  DEFINE OPENSSL_FLAGS           = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DNO_SYSLOG
+  DEFINE OPENSSL_FLAGS           = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
 
 #
 #  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64
 #
 
 [Sources]
+  ossl_store.c
+  rand_pool.c
   $(OPENSSL_PATH)/e_os.h
 # Autogenerated files list starts here
   $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
@@ -32,6 +34,7 @@
   $(OPENSSL_PATH)/crypto/aes/aes_misc.c
   $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
   $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
+  $(OPENSSL_PATH)/crypto/aria/aria.c
   $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
   $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
   $(OPENSSL_PATH)/crypto/asn1/a_digest.c
@@ -54,6 +57,7 @@
   $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c
   $(OPENSSL_PATH)/crypto/asn1/asn1_err.c
   $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c
+  $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.c
   $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c
   $(OPENSSL_PATH)/crypto/asn1/asn1_par.c
   $(OPENSSL_PATH)/crypto/asn1/asn_mime.c
@@ -172,6 +176,7 @@
   $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
   $(OPENSSL_PATH)/crypto/cpt_err.c
   $(OPENSSL_PATH)/crypto/cryptlib.c
+  $(OPENSSL_PATH)/crypto/ctype.c
   $(OPENSSL_PATH)/crypto/cversion.c
   $(OPENSSL_PATH)/crypto/des/cbc_cksm.c
   $(OPENSSL_PATH)/crypto/des/cbc_enc.c
@@ -189,7 +194,6 @@
   $(OPENSSL_PATH)/crypto/des/pcbc_enc.c
   $(OPENSSL_PATH)/crypto/des/qud_cksm.c
   $(OPENSSL_PATH)/crypto/des/rand_key.c
-  $(OPENSSL_PATH)/crypto/des/rpc_enc.c
   $(OPENSSL_PATH)/crypto/des/set_key.c
   $(OPENSSL_PATH)/crypto/des/str2key.c
   $(OPENSSL_PATH)/crypto/des/xcbc_enc.c
@@ -206,6 +210,7 @@
   $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c
   $(OPENSSL_PATH)/crypto/dh/dh_prn.c
   $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
+  $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
   $(OPENSSL_PATH)/crypto/dso/dso_dl.c
   $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
   $(OPENSSL_PATH)/crypto/dso/dso_err.c
@@ -228,6 +233,7 @@
   $(OPENSSL_PATH)/crypto/evp/e_aes.c
   $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c
   $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c
+  $(OPENSSL_PATH)/crypto/evp/e_aria.c
   $(OPENSSL_PATH)/crypto/evp/e_bf.c
   $(OPENSSL_PATH)/crypto/evp/e_camellia.c
   $(OPENSSL_PATH)/crypto/evp/e_cast.c
@@ -242,6 +248,7 @@
   $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c
   $(OPENSSL_PATH)/crypto/evp/e_rc5.c
   $(OPENSSL_PATH)/crypto/evp/e_seed.c
+  $(OPENSSL_PATH)/crypto/evp/e_sm4.c
   $(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c
   $(OPENSSL_PATH)/crypto/evp/encode.c
   $(OPENSSL_PATH)/crypto/evp/evp_cnf.c
@@ -259,6 +266,7 @@
   $(OPENSSL_PATH)/crypto/evp/m_null.c
   $(OPENSSL_PATH)/crypto/evp/m_ripemd.c
   $(OPENSSL_PATH)/crypto/evp/m_sha1.c
+  $(OPENSSL_PATH)/crypto/evp/m_sha3.c
   $(OPENSSL_PATH)/crypto/evp/m_sigver.c
   $(OPENSSL_PATH)/crypto/evp/m_wp.c
   $(OPENSSL_PATH)/crypto/evp/names.c
@@ -271,10 +279,10 @@
   $(OPENSSL_PATH)/crypto/evp/p_seal.c
   $(OPENSSL_PATH)/crypto/evp/p_sign.c
   $(OPENSSL_PATH)/crypto/evp/p_verify.c
+  $(OPENSSL_PATH)/crypto/evp/pbe_scrypt.c
   $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
   $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
   $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
-  $(OPENSSL_PATH)/crypto/evp/scrypt.c
   $(OPENSSL_PATH)/crypto/ex_data.c
   $(OPENSSL_PATH)/crypto/getenv.c
   $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
@@ -283,6 +291,7 @@
   $(OPENSSL_PATH)/crypto/init.c
   $(OPENSSL_PATH)/crypto/kdf/hkdf.c
   $(OPENSSL_PATH)/crypto/kdf/kdf_err.c
+  $(OPENSSL_PATH)/crypto/kdf/scrypt.c
   $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
   $(OPENSSL_PATH)/crypto/lhash/lh_stats.c
   $(OPENSSL_PATH)/crypto/lhash/lhash.c
@@ -360,14 +369,14 @@
   $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
   $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
   $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
-  $(OPENSSL_PATH)/crypto/rand/md_rand.c
+  $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
+  $(OPENSSL_PATH)/crypto/rand/drbg_lib.c
   $(OPENSSL_PATH)/crypto/rand/rand_egd.c
   $(OPENSSL_PATH)/crypto/rand/rand_err.c
   $(OPENSSL_PATH)/crypto/rand/rand_lib.c
   $(OPENSSL_PATH)/crypto/rand/rand_unix.c
   $(OPENSSL_PATH)/crypto/rand/rand_vms.c
   $(OPENSSL_PATH)/crypto/rand/rand_win.c
-  $(OPENSSL_PATH)/crypto/rand/randfile.c
   $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
   $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
@@ -379,8 +388,8 @@
   $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_meth.c
+  $(OPENSSL_PATH)/crypto/rsa/rsa_mp.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_none.c
-  $(OPENSSL_PATH)/crypto/rsa/rsa_null.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_ossl.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c
@@ -392,15 +401,27 @@
   $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
+  $(OPENSSL_PATH)/crypto/sha/keccak1600.c
   $(OPENSSL_PATH)/crypto/sha/sha1_one.c
   $(OPENSSL_PATH)/crypto/sha/sha1dgst.c
   $(OPENSSL_PATH)/crypto/sha/sha256.c
   $(OPENSSL_PATH)/crypto/sha/sha512.c
+  $(OPENSSL_PATH)/crypto/siphash/siphash.c
+  $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
+  $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
+  $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
+  $(OPENSSL_PATH)/crypto/sm3/sm3.c
+  $(OPENSSL_PATH)/crypto/sm4/sm4.c
   $(OPENSSL_PATH)/crypto/stack/stack.c
   $(OPENSSL_PATH)/crypto/threads_none.c
   $(OPENSSL_PATH)/crypto/threads_pthread.c
   $(OPENSSL_PATH)/crypto/threads_win.c
   $(OPENSSL_PATH)/crypto/txt_db/txt_db.c
+  $(OPENSSL_PATH)/crypto/ui/ui_err.c
+  $(OPENSSL_PATH)/crypto/ui/ui_lib.c
+  $(OPENSSL_PATH)/crypto/ui/ui_null.c
+  $(OPENSSL_PATH)/crypto/ui/ui_openssl.c
+  $(OPENSSL_PATH)/crypto/ui/ui_util.c
   $(OPENSSL_PATH)/crypto/uid.c
   $(OPENSSL_PATH)/crypto/x509/by_dir.c
   $(OPENSSL_PATH)/crypto/x509/by_file.c
@@ -445,6 +466,7 @@
   $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c
   $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c
   $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c
+  $(OPENSSL_PATH)/crypto/x509v3/v3_admis.c
   $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c
   $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c
   $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c
@@ -479,12 +501,14 @@
   $(OPENSSL_PATH)/ssl/d1_msg.c
   $(OPENSSL_PATH)/ssl/d1_srtp.c
   $(OPENSSL_PATH)/ssl/methods.c
+  $(OPENSSL_PATH)/ssl/packet.c
   $(OPENSSL_PATH)/ssl/pqueue.c
   $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c
   $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c
   $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c
   $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c
   $(OPENSSL_PATH)/ssl/record/ssl3_record.c
+  $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c
   $(OPENSSL_PATH)/ssl/s3_cbc.c
   $(OPENSSL_PATH)/ssl/s3_enc.c
   $(OPENSSL_PATH)/ssl/s3_lib.c
@@ -502,16 +526,19 @@
   $(OPENSSL_PATH)/ssl/ssl_stat.c
   $(OPENSSL_PATH)/ssl/ssl_txt.c
   $(OPENSSL_PATH)/ssl/ssl_utst.c
+  $(OPENSSL_PATH)/ssl/statem/extensions.c
+  $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c
+  $(OPENSSL_PATH)/ssl/statem/extensions_cust.c
+  $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c
   $(OPENSSL_PATH)/ssl/statem/statem.c
   $(OPENSSL_PATH)/ssl/statem/statem_clnt.c
   $(OPENSSL_PATH)/ssl/statem/statem_dtls.c
   $(OPENSSL_PATH)/ssl/statem/statem_lib.c
   $(OPENSSL_PATH)/ssl/statem/statem_srvr.c
   $(OPENSSL_PATH)/ssl/t1_enc.c
-  $(OPENSSL_PATH)/ssl/t1_ext.c
   $(OPENSSL_PATH)/ssl/t1_lib.c
-  $(OPENSSL_PATH)/ssl/t1_reneg.c
   $(OPENSSL_PATH)/ssl/t1_trce.c
+  $(OPENSSL_PATH)/ssl/tls13_enc.c
   $(OPENSSL_PATH)/ssl/tls_srp.c
 # Autogenerated files list ends here
 
@@ -521,6 +548,7 @@
 
 [LibraryClasses]
   DebugLib
+  TimerLib
 
 [LibraryClasses.ARM]
   ArmSoftFloatLib
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index fd12d11..1362a46 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -15,13 +15,15 @@
   VERSION_STRING                 = 1.0
   LIBRARY_CLASS                  = OpensslLib
   DEFINE OPENSSL_PATH            = openssl
-  DEFINE OPENSSL_FLAGS           = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DNO_SYSLOG
+  DEFINE OPENSSL_FLAGS           = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
 
 #
 #  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64
 #
 
 [Sources]
+  ossl_store.c
+  rand_pool.c
   $(OPENSSL_PATH)/e_os.h
 # Autogenerated files list starts here
   $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
@@ -32,6 +34,7 @@
   $(OPENSSL_PATH)/crypto/aes/aes_misc.c
   $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
   $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
+  $(OPENSSL_PATH)/crypto/aria/aria.c
   $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
   $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
   $(OPENSSL_PATH)/crypto/asn1/a_digest.c
@@ -54,6 +57,7 @@
   $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c
   $(OPENSSL_PATH)/crypto/asn1/asn1_err.c
   $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c
+  $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.c
   $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c
   $(OPENSSL_PATH)/crypto/asn1/asn1_par.c
   $(OPENSSL_PATH)/crypto/asn1/asn_mime.c
@@ -172,6 +176,7 @@
   $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
   $(OPENSSL_PATH)/crypto/cpt_err.c
   $(OPENSSL_PATH)/crypto/cryptlib.c
+  $(OPENSSL_PATH)/crypto/ctype.c
   $(OPENSSL_PATH)/crypto/cversion.c
   $(OPENSSL_PATH)/crypto/des/cbc_cksm.c
   $(OPENSSL_PATH)/crypto/des/cbc_enc.c
@@ -189,7 +194,6 @@
   $(OPENSSL_PATH)/crypto/des/pcbc_enc.c
   $(OPENSSL_PATH)/crypto/des/qud_cksm.c
   $(OPENSSL_PATH)/crypto/des/rand_key.c
-  $(OPENSSL_PATH)/crypto/des/rpc_enc.c
   $(OPENSSL_PATH)/crypto/des/set_key.c
   $(OPENSSL_PATH)/crypto/des/str2key.c
   $(OPENSSL_PATH)/crypto/des/xcbc_enc.c
@@ -206,6 +210,7 @@
   $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c
   $(OPENSSL_PATH)/crypto/dh/dh_prn.c
   $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
+  $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
   $(OPENSSL_PATH)/crypto/dso/dso_dl.c
   $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
   $(OPENSSL_PATH)/crypto/dso/dso_err.c
@@ -228,6 +233,7 @@
   $(OPENSSL_PATH)/crypto/evp/e_aes.c
   $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c
   $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c
+  $(OPENSSL_PATH)/crypto/evp/e_aria.c
   $(OPENSSL_PATH)/crypto/evp/e_bf.c
   $(OPENSSL_PATH)/crypto/evp/e_camellia.c
   $(OPENSSL_PATH)/crypto/evp/e_cast.c
@@ -242,6 +248,7 @@
   $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c
   $(OPENSSL_PATH)/crypto/evp/e_rc5.c
   $(OPENSSL_PATH)/crypto/evp/e_seed.c
+  $(OPENSSL_PATH)/crypto/evp/e_sm4.c
   $(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c
   $(OPENSSL_PATH)/crypto/evp/encode.c
   $(OPENSSL_PATH)/crypto/evp/evp_cnf.c
@@ -259,6 +266,7 @@
   $(OPENSSL_PATH)/crypto/evp/m_null.c
   $(OPENSSL_PATH)/crypto/evp/m_ripemd.c
   $(OPENSSL_PATH)/crypto/evp/m_sha1.c
+  $(OPENSSL_PATH)/crypto/evp/m_sha3.c
   $(OPENSSL_PATH)/crypto/evp/m_sigver.c
   $(OPENSSL_PATH)/crypto/evp/m_wp.c
   $(OPENSSL_PATH)/crypto/evp/names.c
@@ -271,10 +279,10 @@
   $(OPENSSL_PATH)/crypto/evp/p_seal.c
   $(OPENSSL_PATH)/crypto/evp/p_sign.c
   $(OPENSSL_PATH)/crypto/evp/p_verify.c
+  $(OPENSSL_PATH)/crypto/evp/pbe_scrypt.c
   $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
   $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
   $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
-  $(OPENSSL_PATH)/crypto/evp/scrypt.c
   $(OPENSSL_PATH)/crypto/ex_data.c
   $(OPENSSL_PATH)/crypto/getenv.c
   $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
@@ -283,6 +291,7 @@
   $(OPENSSL_PATH)/crypto/init.c
   $(OPENSSL_PATH)/crypto/kdf/hkdf.c
   $(OPENSSL_PATH)/crypto/kdf/kdf_err.c
+  $(OPENSSL_PATH)/crypto/kdf/scrypt.c
   $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
   $(OPENSSL_PATH)/crypto/lhash/lh_stats.c
   $(OPENSSL_PATH)/crypto/lhash/lhash.c
@@ -360,14 +369,14 @@
   $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
   $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
   $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
-  $(OPENSSL_PATH)/crypto/rand/md_rand.c
+  $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
+  $(OPENSSL_PATH)/crypto/rand/drbg_lib.c
   $(OPENSSL_PATH)/crypto/rand/rand_egd.c
   $(OPENSSL_PATH)/crypto/rand/rand_err.c
   $(OPENSSL_PATH)/crypto/rand/rand_lib.c
   $(OPENSSL_PATH)/crypto/rand/rand_unix.c
   $(OPENSSL_PATH)/crypto/rand/rand_vms.c
   $(OPENSSL_PATH)/crypto/rand/rand_win.c
-  $(OPENSSL_PATH)/crypto/rand/randfile.c
   $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
   $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
@@ -379,8 +388,8 @@
   $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_meth.c
+  $(OPENSSL_PATH)/crypto/rsa/rsa_mp.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_none.c
-  $(OPENSSL_PATH)/crypto/rsa/rsa_null.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_ossl.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c
@@ -392,15 +401,27 @@
   $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
   $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
+  $(OPENSSL_PATH)/crypto/sha/keccak1600.c
   $(OPENSSL_PATH)/crypto/sha/sha1_one.c
   $(OPENSSL_PATH)/crypto/sha/sha1dgst.c
   $(OPENSSL_PATH)/crypto/sha/sha256.c
   $(OPENSSL_PATH)/crypto/sha/sha512.c
+  $(OPENSSL_PATH)/crypto/siphash/siphash.c
+  $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
+  $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
+  $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
+  $(OPENSSL_PATH)/crypto/sm3/sm3.c
+  $(OPENSSL_PATH)/crypto/sm4/sm4.c
   $(OPENSSL_PATH)/crypto/stack/stack.c
   $(OPENSSL_PATH)/crypto/threads_none.c
   $(OPENSSL_PATH)/crypto/threads_pthread.c
   $(OPENSSL_PATH)/crypto/threads_win.c
   $(OPENSSL_PATH)/crypto/txt_db/txt_db.c
+  $(OPENSSL_PATH)/crypto/ui/ui_err.c
+  $(OPENSSL_PATH)/crypto/ui/ui_lib.c
+  $(OPENSSL_PATH)/crypto/ui/ui_null.c
+  $(OPENSSL_PATH)/crypto/ui/ui_openssl.c
+  $(OPENSSL_PATH)/crypto/ui/ui_util.c
   $(OPENSSL_PATH)/crypto/uid.c
   $(OPENSSL_PATH)/crypto/x509/by_dir.c
   $(OPENSSL_PATH)/crypto/x509/by_file.c
@@ -445,6 +466,7 @@
   $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c
   $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c
   $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c
+  $(OPENSSL_PATH)/crypto/x509v3/v3_admis.c
   $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c
   $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c
   $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c
@@ -482,6 +504,7 @@
 
 [LibraryClasses]
   DebugLib
+  TimerLib
 
 [LibraryClasses.ARM]
   ArmSoftFloatLib
diff --git a/CryptoPkg/Library/OpensslLib/buildinf.h b/CryptoPkg/Library/OpensslLib/buildinf.h
index c5ca293..5b3b50b 100644
--- a/CryptoPkg/Library/OpensslLib/buildinf.h
+++ b/CryptoPkg/Library/OpensslLib/buildinf.h
@@ -1,2 +1,4 @@
 #define PLATFORM  "UEFI"
 #define DATE      "Fri Dec 22 01:23:45 PDT 2017"
+
+const char * compiler_flags = "";
diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl
index 74f2d9c..50eaac9 160000
--- a/CryptoPkg/Library/OpensslLib/openssl
+++ b/CryptoPkg/Library/OpensslLib/openssl
@@ -1 +1 @@
-Subproject commit 74f2d9c1ec5f5510e1d3da5a9f03c28df0977762
+Subproject commit 50eaac9f3337667259de725451f201e784599687
diff --git a/CryptoPkg/Library/OpensslLib/ossl_store.c b/CryptoPkg/Library/OpensslLib/ossl_store.c
new file mode 100644
index 0000000..29e1506
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/ossl_store.c
@@ -0,0 +1,17 @@
+/** @file
+  Dummy implement ossl_store(Store retrieval functions) for UEFI.
+
+Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+/*
+ * This function is cleanup ossl store.
+ *
+ * Dummy Implement for UEFI
+ */
+void ossl_store_cleanup_int(void)
+{
+}
+
diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c b/CryptoPkg/Library/OpensslLib/rand_pool.c
new file mode 100644
index 0000000..c7cdeb0
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/rand_pool.c
@@ -0,0 +1,292 @@
+/** @file
+  OpenSSL_1_1_1b doesn't implement rand_pool_* functions for UEFI.
+  The file implement these functions.
+
+Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "internal/rand_int.h"
+#include <openssl/aes.h>
+#include <Uefi.h>
+#include <Library/TimerLib.h>
+
+/**
+  Get some randomness from low-order bits of GetPerformanceCounter results.
+  And combine them to the 64-bit value
+
+  @param[out] Rand    Buffer pointer to store the 64-bit random value.
+
+  @retval TRUE        Random number generated successfully.
+  @retval FALSE       Failed to generate.
+**/
+STATIC
+BOOLEAN
+EFIAPI
+GetRandomSourceFromPerformanceCounter(
+  OUT UINT64      *Rand
+  )
+{
+  UINT32 Index;
+  UINT32 *RandPtr;
+  RandPtr = (UINT32 *)Rand;
+
+  if (Rand == NULL) {
+    return FALSE;
+  }
+
+  for (Index = 0; Index < 2; Index ++) {
+    *RandPtr = (UINT32)(GetPerformanceCounter() & 0xFF);
+    MicroSecondDelay(10);
+    RandPtr++;
+  }
+
+  return TRUE;
+}
+
+/**
+  Calls GetRandomSourceFromPerformanceCounter to fill
+  a buffer of arbitrary size with random bytes.
+
+  @param[in]   Length        Size of the buffer, in bytes,  to fill with.
+  @param[out]  RandBuffer    Pointer to the buffer to store the random result.
+
+  @retval EFI_SUCCESS        Random bytes generation succeeded.
+  @retval EFI_NOT_READY      Failed to request random bytes.
+
+**/
+STATIC
+BOOLEAN
+EFIAPI
+RandGetBytes (
+  IN UINTN         Length,
+  OUT UINT8        *RandBuffer
+  )
+{
+  BOOLEAN     Ret;
+  UINT64      TempRand;
+
+  Ret = FALSE;
+
+  while (Length > 0) {
+    Ret = GetRandomSourceFromPerformanceCounter (&TempRand);
+    if (!Ret) {
+      return Ret;
+    }
+    if (Length >= sizeof (TempRand)) {
+      *((UINT64*)RandBuffer) = TempRand;
+      RandBuffer += sizeof (UINT64);
+      Length -= sizeof (TempRand);
+    } else {
+      CopyMem (RandBuffer, &TempRand, Length);
+      Length = 0;
+    }
+  }
+
+  return Ret;
+}
+
+/**
+  Creates a 128bit random value that is fully forward and backward prediction resistant,
+  suitable for seeding a NIST SP800-90 Compliant.
+  This function takes multiple random numbers from PerformanceCounter to ensure reseeding
+  and performs AES-CBC-MAC over the data to compute the seed value.
+
+  @param[out]  SeedBuffer    Pointer to a 128bit buffer to store the random seed.
+
+  @retval TRUE        Random seed generation succeeded.
+  @retval FALSE      Failed to request random bytes.
+
+**/
+STATIC
+BOOLEAN
+EFIAPI
+RandGetSeed128 (
+  OUT UINT8        *SeedBuffer
+  )
+{
+  BOOLEAN     Ret;
+  UINT8       RandByte[16];
+  UINT8       Key[16];
+  UINT8       Ffv[16];
+  UINT8       Xored[16];
+  UINT32      Index;
+  UINT32      Index2;
+  AES_KEY     AESKey;
+
+  //
+  // Chose an arbitary key and zero the feed_forward_value (FFV)
+  //
+  for (Index = 0; Index < 16; Index++) {
+    Key[Index] = (UINT8) Index;
+    Ffv[Index] = 0;
+  }
+
+  AES_set_encrypt_key(Key, 16 * 8, &AESKey);
+
+  //
+  // Perform CBC_MAC over 32 * 128 bit values, with 10us gaps between 128 bit value
+  // The 10us gaps will ensure multiple reseeds within the system time with a large
+  // design margin.
+  //
+  for (Index = 0; Index < 32; Index++) {
+    MicroSecondDelay (10);
+    Ret = RandGetBytes (16, RandByte);
+    if (!Ret) {
+      return Ret;
+    }
+
+    //
+    // Perform XOR operations on two 128-bit value.
+    //
+    for (Index2 = 0; Index2 < 16; Index2++) {
+      Xored[Index2] = RandByte[Index2] ^ Ffv[Index2];
+    }
+
+    AES_encrypt(Xored, Ffv, &AESKey);
+  }
+
+  for (Index = 0; Index < 16; Index++) {
+    SeedBuffer[Index] = Ffv[Index];
+  }
+
+  return Ret;
+}
+
+/**
+  Generate high-quality entropy source.
+
+  @param[in]   Length        Size of the buffer, in bytes, to fill with.
+  @param[out]  Entropy       Pointer to the buffer to store the entropy data.
+
+  @retval EFI_SUCCESS        Entropy generation succeeded.
+  @retval EFI_NOT_READY      Failed to request random data.
+
+**/
+STATIC
+BOOLEAN
+EFIAPI
+RandGenerateEntropy (
+  IN UINTN         Length,
+  OUT UINT8        *Entropy
+  )
+{
+  BOOLEAN     Ret;
+  UINTN       BlockCount;
+  UINT8       Seed[16];
+  UINT8       *Ptr;
+
+  BlockCount = Length / 16;
+  Ptr        = (UINT8 *)Entropy;
+
+  //
+  // Generate high-quality seed for DRBG Entropy
+  //
+  while (BlockCount > 0) {
+    Ret = RandGetSeed128 (Seed);
+    if (!Ret) {
+      return Ret;
+    }
+    CopyMem (Ptr, Seed, 16);
+
+    BlockCount--;
+    Ptr = Ptr + 16;
+  }
+
+  //
+  // Populate the remained data as request.
+  //
+  Ret = RandGetSeed128 (Seed);
+  if (!Ret) {
+    return Ret;
+  }
+  CopyMem (Ptr, Seed, (Length % 16));
+
+  return Ret;
+}
+
+
+/*
+ * Add random bytes to the pool to acquire requested amount of entropy
+ *
+ * This function is platform specific and tries to acquire the requested
+ * amount of entropy by polling platform specific entropy sources.
+ */
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
+  EFI_STATUS  Status;
+  size_t bytes_needed;
+  unsigned char * buffer;
+
+  bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+  if (bytes_needed > 0) {
+    buffer = rand_pool_add_begin(pool, bytes_needed);
+
+    if (buffer != NULL) {
+      Status = RandGenerateEntropy(bytes_needed, buffer);
+      if (EFI_ERROR (Status)) {
+        rand_pool_add_end(pool, 0, 0);
+      } else {
+        rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed);
+      }
+    }
+  }
+
+  return rand_pool_entropy_available(pool);
+}
+
+/*
+ * Implementation for UEFI
+ */
+int rand_pool_add_nonce_data(RAND_POOL *pool)
+{
+  struct {
+    UINT64  Rand;
+    UINT64  TimerValue;
+  } data = { 0 };
+
+  RandGetBytes(8, (UINT8 *)&(data.Rand));
+  data.TimerValue = GetPerformanceCounter();
+
+  return rand_pool_add(pool, (unsigned char*)&data, sizeof(data), 0);
+}
+
+/*
+ * Implementation for UEFI
+ */
+int rand_pool_add_additional_data(RAND_POOL *pool)
+{
+  struct {
+    UINT64  Rand;
+    UINT64  TimerValue;
+  } data = { 0 };
+
+  RandGetBytes(8, (UINT8 *)&(data.Rand));
+  data.TimerValue = GetPerformanceCounter();
+
+  return rand_pool_add(pool, (unsigned char*)&data, sizeof(data), 0);
+}
+
+/*
+ * Dummy Implememtation for UEFI
+ */
+int rand_pool_init(void)
+{
+  return 1;
+}
+
+/*
+ * Dummy Implememtation for UEFI
+ */
+void rand_pool_cleanup(void)
+{
+}
+
+/*
+ * Dummy Implememtation for UEFI
+ */
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
-- 
2.7.4


  parent reply	other threads:[~2019-05-09  5:24 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-09  5:23 [PATCH v2 1/6] CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL Xiaoyu lu
2019-05-09  5:23 ` [PATCH v2 2/6] CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl Xiaoyu lu
2019-05-09 13:42   ` [edk2-devel] " Laszlo Ersek
2019-05-10  8:51     ` Xiaoyu lu
2019-05-13 15:12       ` Laszlo Ersek
2019-05-14 12:41         ` Xiaoyu lu
2019-05-14 15:11           ` Laszlo Ersek
2019-05-09  5:23 ` [PATCH v2 3/6] CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue Xiaoyu lu
2019-05-09 17:16   ` [edk2-devel] " Laszlo Ersek
2019-05-09  5:23 ` [PATCH v2 4/6] CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL Xiaoyu lu
2019-05-09 13:48   ` [edk2-devel] " Laszlo Ersek
2019-05-09  5:23 ` Xiaoyu lu [this message]
2019-05-09 17:15   ` [edk2-devel] [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b Laszlo Ersek
2019-05-09 17:30     ` Laszlo Ersek
2019-05-10 10:26       ` Wang, Jian J
2019-05-13 16:14         ` Laszlo Ersek
2019-05-14  7:03           ` Wang, Jian J
2019-05-14 10:58             ` Laszlo Ersek
2019-05-14 13:25               ` Wang, Jian J
2019-05-14 15:08                 ` Laszlo Ersek
2019-05-09 20:58   ` Laszlo Ersek
2019-05-10  8:51     ` Xiaoyu lu
2019-05-09  5:23 ` [PATCH v2 6/6] CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible Xiaoyu lu
2019-05-09 14:01   ` [edk2-devel] " Laszlo Ersek
2019-05-09 14:20     ` Wang, Jian J
2019-05-09 21:34       ` Laszlo Ersek
2019-05-09 11:32 ` [edk2-devel] [PATCH v2 1/6] CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL Laszlo Ersek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1557379429-7527-5-git-send-email-xiaoyux.lu@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox