From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: suse.com, ip: 195.135.221.5, mailfrom: glin@suse.com) Received: from smtp.nue.novell.com (smtp.nue.novell.com [195.135.221.5]) by groups.io with SMTP; Sun, 19 May 2019 18:48:51 -0700 Received: from emea4-mta.ukb.novell.com ([10.120.13.87]) by smtp.nue.novell.com with ESMTP (TLS encrypted); Mon, 20 May 2019 03:48:48 +0200 Received: from GaryWorkstation (nwb-a10-snat.microfocus.com [10.120.13.201]) by emea4-mta.ukb.novell.com with ESMTP (TLS encrypted); Mon, 20 May 2019 02:48:23 +0100 Date: Mon, 20 May 2019 09:48:18 +0800 From: "Gary Lin" To: devel@edk2.groups.io, xiaoyux.lu@intel.com Cc: Laszlo Ersek , "Wang, Jian J" , "Ye, Ting" Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b Message-ID: <20190520014817.GC7054@GaryWorkstation> References: <1557993298-22205-1-git-send-email-xiaoyux.lu@intel.com> <20190517091709.GB7054@GaryWorkstation> MIME-Version: 1.0 In-Reply-To: User-Agent: Mutt/1.11.3 (2019-02-01) Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sat, May 18, 2019 at 07:26:35AM +0000, Xiaoyu Lu wrote: > Gary Lin, > > Because I divided commit(PATCH v4 6/7) into two patches. Can I pick your Tested-by tag for the two patches? > If there is no functional change, my "Tested-by" is still valid. I can do the test again for v5 if you like. BTW, I forgot to state that my "Tested-by" doesn't include "PATCH v4 5/7" since I didn't build aarch64 aavmf due to lacking of https support. Thanks, Gary Lin > Thanks > Xiaoyu > -----Original Message----- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Gary Lin > Sent: Friday, May 17, 2019 5:17 PM > To: devel@edk2.groups.io; Lu, XiaoyuX > Cc: Laszlo Ersek ; Wang, Jian J ; Ye, Ting > Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b > > On Thu, May 16, 2019 at 03:54:51AM -0400, Xiaoyu lu wrote: > > This series is also available at: > > https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_ > > 1b_v4 > > > > Changes: > > > > (1) CryptoPkgOpensslLib: Modify process_files.pl for upgrading > > OpenSSL > > > > (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl > > crypto/store/* are excluded. > > crypto/rand/randfile.c is excluded. > > > > (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol > > issue > > > > (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL > > Disable warnings for buiding OpenSSL_1_1_1b > > > > (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 > > > > (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b > > The biggest change is use TSC as entropy source > > If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter). > > > > (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible > > > > > > Verification done for this series: > > * Https boot in OvmfPkg. > > * BaseCrypt Library test. (Ovmf, EmulatorPkg) > > > My https boot test with ovmf looks good. The connection was rejected as expected when the server certificate wasn't enrolled. The bootloader images were downloaded after adding the certificate, and I can boot into the installation UI in the end. > > I skipped the test for aavmf since TLS is still not enabled. > > For the series. > Tested-by: Gary Lin > > > Important notice: > > Nt32Pkg doesn't support TimerLib > > > TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTem > > > TimerLib|plate.inf > > So it will failed in Nt32Pkg. > > > > Cc: Jian J Wang > > Cc: Ting Ye > > > > Laszlo Ersek (1): > > CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 > > > > Xiaoyu Lu (6): > > CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL > > CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl > > CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue > > CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL > > CryptoPkg: Upgrade OpenSSL to 1.1.1b > > CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible > > > > CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf | 4 +- > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 76 ++++- > > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 67 ++++- > > CryptoPkg/Library/Include/CrtLibSupport.h | 13 +- > > CryptoPkg/Library/Include/openssl/opensslconf.h | 54 +++- > > CryptoPkg/Library/Include/sys/syscall.h | 11 + > > CryptoPkg/Library/OpensslLib/buildinf.h | 2 + > > CryptoPkg/Library/OpensslLib/rand_pool_noise.h | 29 ++ > > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 8 +- > > .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 9 +- > > .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c | 8 +- > > CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c | 22 ++ > > CryptoPkg/Library/OpensslLib/ossl_store.c | 17 ++ > > CryptoPkg/Library/OpensslLib/rand_pool.c | 316 +++++++++++++++++++++ > > CryptoPkg/Library/OpensslLib/rand_pool_noise.c | 29 ++ > > CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c | 43 +++ > > CryptoPkg/Library/OpensslLib/openssl | 2 +- > > CryptoPkg/Library/OpensslLib/process_files.pl | 11 +- > > 18 files changed, 669 insertions(+), 52 deletions(-) create mode > > 100644 CryptoPkg/Library/Include/sys/syscall.h > > create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h > > create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c > > create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c > > create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c > > create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c > > create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > > > > -- > > 2.7.4 > > > > > > > > > > > > > > > > >