From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: suse.com, ip: 195.135.221.5, mailfrom: glin@suse.com)
Received: from smtp.nue.novell.com (smtp.nue.novell.com [195.135.221.5])
 by groups.io with SMTP; Mon, 13 May 2019 23:17:01 -0700
Received: from emea4-mta.ukb.novell.com ([10.120.13.87])
	by smtp.nue.novell.com with ESMTP (TLS encrypted); Tue, 14 May 2019 08:16:59 +0200
Received: from GaryWorkstation (nwb-a10-snat.microfocus.com [10.120.13.201])
	by emea4-mta.ukb.novell.com with ESMTP (TLS encrypted); Tue, 14 May 2019 07:16:35 +0100
Date: Tue, 14 May 2019 14:16:30 +0800
From: "Gary Lin" <glin@suse.com>
To: devel@edk2.groups.io, lersek@redhat.com
Cc: xiaoyux.lu@intel.com, Jian J Wang <jian.j.wang@intel.com>,
	Ting Ye <ting.ye@intel.com>
Subject: Re: [edk2-devel] [PATCH v3 0/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Message-ID: <20190514061630.GC23588@GaryWorkstation>
References: <1557753912-30122-1-git-send-email-xiaoyux.lu@intel.com>
 <d0e9102a-4b90-9277-532a-36df98f3b8e4@redhat.com>
MIME-Version: 1.0
In-Reply-To: <d0e9102a-4b90-9277-532a-36df98f3b8e4@redhat.com>
User-Agent: Mutt/1.11.3 (2019-02-01)
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, May 13, 2019 at 09:24:39PM +0200, Laszlo Ersek wrote:
> On 05/13/19 15:25, Xiaoyu lu wrote:
> > (1) CryptoPkg/OpensslLib: Modify process_files.pl for  upgrading OpenSSL
> >   OpenSSL only support seeding NONE for UEFI(rand_unix.c line 93).
> >   So add --with-rand-seed=none to process_files.pl.
> > 
> > (2) CryptoPkg/OpensslLib: Exclude unnecessary files in  process_files.pl
> >   When running process_files.py to configure OpenSSL, we can exclude some unnecessary files. This can reduce porting time, compiling time and library size.
> > 
> > (3) CryptoPkg/IntrinsicLib: Fix possible unresolved  external symbol issue
> > 
> > (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
> >   Disable warning for building OpenSSL_1_1_1b
> > 
> > (5) CryptoPkg: Upgrade OpenSSL to 1.1.1b
> >   Update OpenSSL submodule to OpenSSL_1_1_1b
> >   OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687)
> > 
> >   OpenSSL doesn't implement some rand_pool function for UEFI.
> >   Use EFI_RNG_PROTOCOL to generate random for entropy.
> >   If EFI_RNG_PROTOCOL is not avaliable, fall back to performance
> >   counter, but we not sure about the amount of randomness it provides.
> > 
> > (6) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward  compatible
> > 
> >   Note: Will be remove next update.
> >   Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1792
> >   Ref: https://github.com/openssl/openssl/pull/4338
> > 
> > 
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Ting Ye <ting.ye@intel.com>
> 
> I'm withdrawing from reviewing or testing this series.
> 
> Gary, if you have the time, can you please regression test this (for
> HTTPS boot) in both OVMF and ArmVirtQemu?
> 
I'll find some time to do the regression test tomorrorw.

Cheers,

Gary Lin