Re: [PATCH v1 0/9] *** Upgrade CryptoPkg to use the latest OpenSSL 1.1.0xx/stable release ***

From: "Long, Qin" <qin.long@intel.com>
To: "Gao, Liming" <liming.gao@intel.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "ard.biesheuvel@linaro.org" <ard.biesheuvel@linaro.org>,
	"Ye, Ting" <ting.ye@intel.com>,
	"ronald.cron@arm.com" <ronald.cron@arm.com>,
	"Wu, Jiaxin" <jiaxin.wu@intel.com>,
	"glin@suse.com" <glin@suse.com>,
	"lersek@redhat.com" <lersek@redhat.com>
Subject: Re: [PATCH v1 0/9] *** Upgrade CryptoPkg to use the latest OpenSSL 1.1.0xx/stable release ***
Date: Wed, 22 Mar 2017 02:44:30 +0000	[thread overview]
Message-ID: <BF2CCE9263284D428840004653A28B6E53F7034F@SHSMSX103.ccr.corp.intel.com> (raw)
In-Reply-To: <4A89E2EF3DFEDB4C8BFDE51014F606A14D6F383A@shsmsx102.ccr.corp.intel.com>

> -----Original Message-----
> From: Gao, Liming
> Sent: Wednesday, March 22, 2017 10:23 AM
> To: Long, Qin; edk2-devel@lists.01.org
> Cc: ard.biesheuvel@linaro.org; Ye, Ting; ronald.cron@arm.com; Wu, Jiaxin;
> glin@suse.com; lersek@redhat.com
> Subject: RE: [edk2] [PATCH v1 0/9] *** Upgrade CryptoPkg to use the latest
> OpenSSL 1.1.0xx/stable release ***
> 
> Long:
>   I find several issues. Could you help clarify them?
> 
> 1. OpenSsl branch should be OpenSSL_1_1_0-stable instead of
> OpenSSL_1_1_0e. Could you update OpenSSL-HOWTO.txt?

Yes, the latest branch is OpenSSL_1_1_0-stable, and OpenSSL_1_1_0e
 is one formal tag for the latest release. These two versions were validated 
by now.
I am thinking if it's better to stick to one formal release in EDK2 by default,
and user can clone their code base with Git (1.1.0xx tag, branch, 
even HEAD, which was just not fully validated and no guarantees on build
 & functionality). 
Will update HOWTO for more information. 

> 2. process_files.pl in CryptoPkg\Library\OpensslLib still required?

Not required. The INF and opensslconf.h were already generated in EDK2 
for direct use, if user follow the HOWTO to choose the code base. 
This is just provided for any customizations (on OpenSSL version
change, or build flags updates.), and future OpenSSL version upgrade. 

> 3. $(OPENSSL_PATH)/crypto/aes/aes_cbc.c exists in the clone openssl
> directory. They are not auto generated files. Why comments in inf says auto
> generation for them?

It's the generated file list, not file.
The file list in OpensslLib[Crypto].INF was generated from "process_files.pl",
to include all needed openssl sources for building.  
We will not maintain this file list manually in the future. Just use "process_file.pl"
to update the INF file if any new OpenSSL version. 

> 
> Thanks
> Liming
> >-----Original Message-----
> >From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> >Qin Long
> >Sent: Tuesday, March 21, 2017 11:56 PM
> >To: edk2-devel@lists.01.org
> >Cc: ard.biesheuvel@linaro.org; Ye, Ting <ting.ye@intel.com>;
> >ronald.cron@arm.com; Wu, Jiaxin <jiaxin.wu@intel.com>; glin@suse.com;
> >lersek@redhat.com
> >Subject: [edk2] [PATCH v1 0/9] *** Upgrade CryptoPkg to use the latest
> >OpenSSL 1.1.0xx/stable release ***
> >
> >(https://github.com/qloong/edk2/tree/dev-openssl-stable)
> >
> >Current EDKII-CryptoPkg is leveraging OpenSSL-1.0.2xx as the underlying
> >cryptographic provider, which requires some extra patches
> >(EDKII-openssl-xxxx.patch) and installation scripts for EDKII build & usage.
> >The latest stable version of OpenSSL was upgraded to the 1.1.0 series
> >of release, with lots of EDKII-specific patches integration, which make
> >CryptoPkg possbile to remove all extra patch and scripts for more
> >native build support.
> >
> >This patch series is to update EDKII-CryptoPkg to support native
> >building with the latest OpenSSL 1.1.0xx. (By now, the latest OpenSSL
> >stable release is 1.1.0e). Refer
> >"CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt" for the information
> about the version and source installation.
> >
> >(NOTE: The extra build options for ARM/RVCT/XCODE were kept, which
> >expect
> >       further optimizations from community)
> >
> >Qin Long (9):
> >  CryptoPkg/OpensslLib: Update INF files to support OpenSSL-1.1.0xx build.
> >  CryptoPkg/OpensslLib: Remove patch file and installation scripts.
> >  CryptoPkg: Fix handling of &strcmp function pointers
> >  CryptoPkg/OpensslLib: Use new Perl script for file list generation.
> >  CryptoPkg: Clean-up CRT Library Wrapper.
> >  CryptoPkg: Add extra build option to disable VS build warning
> >  CryptoPkg: Update HMAC Wrapper implementation with opaque
> HMAC_CTX
> >object.
> >  CryptoPkg: Update PK Ciphers Wrapper Implementations work with
> opaque
> >objects.
> >  CryptoPkg/TlsLib: Update TLS Wrapper Library to align with OpenSSL
> changes.
> >
> > CryptoPkg/.gitignore                               |    3 +-
> > CryptoPkg/CryptoPkg.dec                            |    8 +-
> > CryptoPkg/Include/CrtLibSupport.h                  |  192 ++
> > CryptoPkg/Include/Library/BaseCryptLib.h           |   87 +-
> > CryptoPkg/Include/OpenSslSupport.h                 |  286 ---
> > CryptoPkg/Include/arpa/inet.h                      |   16 -
> > CryptoPkg/Include/assert.h                         |    7 +-
> > CryptoPkg/Include/ctype.h                          |    7 +-
> > CryptoPkg/Include/dirent.h                         |   16 -
> > CryptoPkg/Include/errno.h                          |    7 +-
> > CryptoPkg/Include/internal/dso_conf.h              |    0
> > CryptoPkg/Include/limits.h                         |    7 +-
> > CryptoPkg/Include/malloc.h                         |   16 -
> > CryptoPkg/Include/math.h                           |   16 -
> > CryptoPkg/Include/memory.h                         |    7 +-
> > CryptoPkg/Include/netdb.h                          |   16 -
> > CryptoPkg/Include/netinet/in.h                     |   16 -
> > CryptoPkg/Include/openssl/opensslconf.h            |  314 +++
> > CryptoPkg/Include/sgtty.h                          |   16 -
> > CryptoPkg/Include/signal.h                         |   16 -
> > CryptoPkg/Include/stdarg.h                         |    7 +-
> > CryptoPkg/Include/stddef.h                         |    6 +-
> > CryptoPkg/Include/stdio.h                          |    7 +-
> > CryptoPkg/Include/stdlib.h                         |    7 +-
> > CryptoPkg/Include/string.h                         |    7 +-
> > CryptoPkg/Include/strings.h                        |    6 +-
> > CryptoPkg/Include/sys/ioctl.h                      |   16 -
> > CryptoPkg/Include/sys/param.h                      |   16 -
> > CryptoPkg/Include/sys/socket.h                     |   16 -
> > CryptoPkg/Include/sys/stat.h                       |   16 -
> > CryptoPkg/Include/sys/time.h                       |    7 +-
> > CryptoPkg/Include/sys/times.h                      |   16 -
> > CryptoPkg/Include/sys/types.h                      |    7 +-
> > CryptoPkg/Include/sys/un.h                         |   16 -
> > CryptoPkg/Include/syslog.h                         |    6 +-
> > CryptoPkg/Include/time.h                           |    6 +-
> > CryptoPkg/Include/unistd.h                         |    6 +-
> > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf    |    9 +-
> > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c |   75 +-
> > .../Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c   |   38 +-
> > .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c      |   73 +-
> > .../Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c  |   38 +-
> > .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c    |   73 +-
> > .../BaseCryptLib/Hmac/CryptHmacSha256Null.c        |   38 +-
> > CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h  |   11 +-
> > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf     |    8 +-
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c        |   69 +-
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c |   10 +-
> > .../Library/BaseCryptLib/Pk/CryptPkcs7Verify.c     |   68 +-
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c  |  189 +-
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c    |   70 +-
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c        |   20 +-
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c      |   41 +-
> > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf |    8 +-
> > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf     |    6 +
> > .../BaseCryptLib/SysCall/BaseMemAllocation.c       |    5 +-
> > .../BaseCryptLib/SysCall/ConstantTimeClock.c       |    6 +-
> > .../Library/BaseCryptLib/SysCall/CrtWrapper.c      |  156 +-
> > .../Library/BaseCryptLib/SysCall/HelperWrapper.c   |   54 -
> > .../BaseCryptLib/SysCall/RuntimeMemAllocation.c    |    3 +-
> > .../Library/BaseCryptLib/SysCall/TimerWrapper.c    |    4 +-
> > CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c  |    8 +-
> > .../Library/OpensslLib/EDKII_openssl-1.0.2k.patch  | 2094 --------------------
> > CryptoPkg/Library/OpensslLib/Install.cmd           |   80 -
> > CryptoPkg/Library/OpensslLib/Install.sh            |   82 -
> > CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt     |   36 +
> > CryptoPkg/Library/OpensslLib/OpensslLib.inf        |  866 ++++----
> > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf  |  791 ++++----
> > CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt       |   61 -
> > CryptoPkg/Library/OpensslLib/buildinf.h            |    2 +-
> > CryptoPkg/Library/OpensslLib/opensslconf.h         |  497 -----
> > CryptoPkg/Library/OpensslLib/process_files.pl      |  223 +++
> > CryptoPkg/Library/OpensslLib/process_files.sh      |  110 -
> > CryptoPkg/Library/TlsLib/InternalTlsLib.h          |    6 +-
> > CryptoPkg/Library/TlsLib/TlsConfig.c               |   21 +-
> > CryptoPkg/Library/TlsLib/TlsInit.c                 |   19 +-
> > CryptoPkg/Library/TlsLib/TlsLib.inf                |    9 +-
> > 77 files changed, 2406 insertions(+), 4792 deletions(-)  create mode
> >100644 CryptoPkg/Include/CrtLibSupport.h  delete mode 100644
> >CryptoPkg/Include/OpenSslSupport.h
> > delete mode 100644 CryptoPkg/Include/arpa/inet.h  delete mode 100644
> >CryptoPkg/Include/dirent.h  create mode 100644
> >CryptoPkg/Include/internal/dso_conf.h
> > delete mode 100644 CryptoPkg/Include/malloc.h  delete mode 100644
> >CryptoPkg/Include/math.h  delete mode 100644
> CryptoPkg/Include/netdb.h
> >delete mode 100644 CryptoPkg/Include/netinet/in.h  create mode 100644
> >CryptoPkg/Include/openssl/opensslconf.h
> > delete mode 100644 CryptoPkg/Include/sgtty.h  delete mode 100644
> >CryptoPkg/Include/signal.h  delete mode 100644
> >CryptoPkg/Include/sys/ioctl.h  delete mode 100644
> >CryptoPkg/Include/sys/param.h  delete mode 100644
> >CryptoPkg/Include/sys/socket.h  delete mode 100644
> >CryptoPkg/Include/sys/stat.h  delete mode 100644
> >CryptoPkg/Include/sys/times.h  delete mode 100644
> >CryptoPkg/Include/sys/un.h  delete mode 100644
> >CryptoPkg/Library/BaseCryptLib/SysCall/HelperWrapper.c
> > delete mode 100644 CryptoPkg/Library/OpensslLib/EDKII_openssl-
> >1.0.2k.patch
> > delete mode 100755 CryptoPkg/Library/OpensslLib/Install.cmd
> > delete mode 100755 CryptoPkg/Library/OpensslLib/Install.sh
> > create mode 100644 CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
> > delete mode 100644 CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt
> > delete mode 100644 CryptoPkg/Library/OpensslLib/opensslconf.h
> > create mode 100644 CryptoPkg/Library/OpensslLib/process_files.pl
> > delete mode 100755 CryptoPkg/Library/OpensslLib/process_files.sh
> >
> >--
> >2.11.1.windows.1
> >
> >_______________________________________________
> >edk2-devel mailing list
> >edk2-devel@lists.01.org
> >https://lists.01.org/mailman/listinfo/edk2-devel