From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Wed, 15 May 2019 01:06:45 -0700 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EB59281F10; Wed, 15 May 2019 08:06:44 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-121.rdu2.redhat.com [10.10.120.121]) by smtp.corp.redhat.com (Postfix) with ESMTP id 48B4F1001E67; Wed, 15 May 2019 08:06:43 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v3 0/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b To: "Lu, XiaoyuX" , "devel@edk2.groups.io" , "glin@suse.com" , "Wang, Jian J" Cc: "Ye, Ting" References: <1557753912-30122-1-git-send-email-xiaoyux.lu@intel.com> <20190514061630.GC23588@GaryWorkstation> <20190515015353.GD23588@GaryWorkstation> From: "Laszlo Ersek" Message-ID: <9984856c-6e88-ee59-6cf3-9f7ca443bb6a@redhat.com> Date: Wed, 15 May 2019 10:06:42 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 15 May 2019 08:06:45 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Hi Xiaoyu, On 05/15/19 04:00, Lu, XiaoyuX wrote: > Hi Gary Lin: > I also need to modify the code about the entropy source today. > But I have uploaded a TimerLib based implementation. > > https://github.com/xiaoyuxlu/edk2/commits/bz_1089_patch_v4 This is not a good strategy. Please refer to contributor step 31: https://github.com/tianocore/tianocore.github.io/wiki/Laszlo's-unkempt-git-guide-for-edk2-contributors-and-maintainers#contrib-31 You should push a topic branch called "xxxx_v4" *only* if you are ready to post it immediately to the list, as "PATCH v4". Topic branches in personal repos must be *identical* to the corresponding posting on edk2-devel. And once such a topic branch is pushed and referenced in an edk2-devel posting, the branch should never ever be modified again. Not rebased, not force-pushed, not fast-forwarded to additional commits on top. Once you have a v4 posting on edk2-devel, the topic branch *for that version* becomes read-only. If you need updates, you need to prepare a v5. It's OK to push (even force-push) branches to your personal repo that are work-in-progress. However, the name of the branch should be very clear about that. For example, you could call the branch "bz_1089_patch_v4_wip", with the "_wip" suffix standing for "work-in-progress". Then people fetching that branch will understand it's not final, and may easily change until the mailing list posting. When you decide it's time to post, you can rename the branch (drop the "_wip" suffix), from which point on you should treat the branch as read-only. Thanks Laszlo > -----Original Message----- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Gary Lin > Sent: Wednesday, May 15, 2019 9:54 AM > To: devel@edk2.groups.io; Wang, Jian J > Cc: Laszlo Ersek ; Lu, XiaoyuX ; Ye, Ting > Subject: Re: [edk2-devel] [PATCH v3 0/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b > > On Tue, May 14, 2019 at 01:26:15PM +0000, Wang, Jian J wrote: >> Yes, please wait for v4 version of this patch series. > > Good. I'm looking forward to the new series :) > > Thanks, > > Gary Lin > >> >> Regards, >> Jian >> >> >>> -----Original Message----- >>> From: Laszlo Ersek [mailto:lersek@redhat.com] >>> Sent: Tuesday, May 14, 2019 8:06 PM >>> To: devel@edk2.groups.io; glin@suse.com >>> Cc: Lu, XiaoyuX ; Wang, Jian J >>> ; Ye, Ting >>> Subject: Re: [edk2-devel] [PATCH v3 0/6] CryptoPkg: Upgrade OpenSSL >>> to 1.1.1b >>> >>> On 05/14/19 08:16, Gary Lin wrote: >>>> On Mon, May 13, 2019 at 09:24:39PM +0200, Laszlo Ersek wrote: >>>>> On 05/13/19 15:25, Xiaoyu lu wrote: >>>>>> (1) CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL >>>>>> OpenSSL only support seeding NONE for UEFI(rand_unix.c line 93). >>>>>> So add --with-rand-seed=none to process_files.pl. >>>>>> >>>>>> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl >>>>>> When running process_files.py to configure OpenSSL, we can >>>>>> exclude some >>> unnecessary files. This can reduce porting time, compiling time and library size. >>>>>> >>>>>> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external >>>>>> symbol issue >>>>>> >>>>>> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL >>>>>> Disable warning for building OpenSSL_1_1_1b >>>>>> >>>>>> (5) CryptoPkg: Upgrade OpenSSL to 1.1.1b >>>>>> Update OpenSSL submodule to OpenSSL_1_1_1b >>>>>> OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687) >>>>>> >>>>>> OpenSSL doesn't implement some rand_pool function for UEFI. >>>>>> Use EFI_RNG_PROTOCOL to generate random for entropy. >>>>>> If EFI_RNG_PROTOCOL is not avaliable, fall back to performance >>>>>> counter, but we not sure about the amount of randomness it provides. >>>>>> >>>>>> (6) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward >>>>>> compatible >>>>>> >>>>>> Note: Will be remove next update. >>>>>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1792 >>>>>> Ref: https://github.com/openssl/openssl/pull/4338 >>>>>> >>>>>> >>>>>> Cc: Jian J Wang >>>>>> Cc: Ting Ye >>>>> >>>>> I'm withdrawing from reviewing or testing this series. >>>>> >>>>> Gary, if you have the time, can you please regression test this >>>>> (for HTTPS boot) in both OVMF and ArmVirtQemu? >>>>> >>>> I'll find some time to do the regression test tomorrorw. >>> >>> Thanks, Gary! >>> >>> Xiaoyu might post a v4 with a remote topic branch for reviewers to >>> fetch; I suggest awaiting that. (The series is difficult to apply >>> with >>> git-am.) >>> >>> Thanks >>> Laszlo >>> >>>> Cheers, >>>> >>>> Gary Lin >>>> >>>> >>>> >> >> >> >> > > >