From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: xiaoyux.lu@intel.com)
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 by groups.io with SMTP; Sat, 18 May 2019 00:26:39 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga002.jf.intel.com ([10.7.209.21])
  by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 May 2019 00:26:37 -0700
X-ExtLoop1: 1
Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204])
  by orsmga002.jf.intel.com with ESMTP; 18 May 2019 00:26:38 -0700
Received: from fmsmsx102.amr.corp.intel.com (10.18.124.200) by
 FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Sat, 18 May 2019 00:26:38 -0700
Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by
 FMSMSX102.amr.corp.intel.com (10.18.124.200) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Sat, 18 May 2019 00:26:37 -0700
Received: from shsmsx101.ccr.corp.intel.com ([169.254.1.129]) by
 SHSMSX103.ccr.corp.intel.com ([169.254.4.70]) with mapi id 14.03.0415.000;
 Sat, 18 May 2019 15:26:36 +0800
From: "Xiaoyu Lu" <xiaoyux.lu@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "glin@suse.com"
	<glin@suse.com>
CC: Laszlo Ersek <lersek@redhat.com>, "Wang, Jian J" <jian.j.wang@intel.com>,
	"Ye, Ting" <ting.ye@intel.com>
Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Thread-Topic: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to
 1.1.1b
Thread-Index: AQHVDJFNRHGTPUi1+0aJntn22WMKfKZwem+g
Date: Sat, 18 May 2019 07:26:35 +0000
Message-ID: <BFD21A70FD4B3446B866B6088E3259E50B95E8B2@SHSMSX101.ccr.corp.intel.com>
References: <1557993298-22205-1-git-send-email-xiaoyux.lu@intel.com>
 <20190517091709.GB7054@GaryWorkstation>
In-Reply-To: <20190517091709.GB7054@GaryWorkstation>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-version: 11.0.600.7
dlp-reaction: no-action
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYzg2ODljOGYtNTQxNS00NGRlLWI2OGMtMDU2NjI1OTBjNGY1IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiVHR1SVNKSjNNOU0yVUtNNFwvejJlNUZobFZocHRQalpUUWdrOU84NEI4a2lYd3BKUmowdlwvMjBKS05nU1gxWFdmIn0=
x-ctpclassification: CTP_NT
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Return-Path: xiaoyux.lu@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Gary Lin,

	Because I divided commit(PATCH v4 6/7) into two patches. Can I pick your =
Tested-by tag for the two patches?

Thanks
Xiaoyu
-----Original Message-----
From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Gary=
 Lin
Sent: Friday, May 17, 2019 5:17 PM
To: devel@edk2.groups.io; Lu, XiaoyuX <xiaoyux.lu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>; Wang, Jian J <jian.j.wang@intel.com>=
; Ye, Ting <ting.ye@intel.com>
Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1=
.1b

On Thu, May 16, 2019 at 03:54:51AM -0400, Xiaoyu lu wrote:
> This series is also available at:
> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_
> 1b_v4
>=20
> Changes:
>=20
> (1) CryptoPkgOpensslLib: Modify process_files.pl for  upgrading=20
> OpenSSL
>=20
> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>     crypto/store/* are excluded.
>     crypto/rand/randfile.c is excluded.
>=20
> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol=20
> issue
>=20
> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>     Disable warnings for buiding OpenSSL_1_1_1b
>=20
> (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
>=20
> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b
>     The biggest change is use TSC as entropy source
>     If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter).
>=20
> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
>=20
>=20
> Verification done for this series:
> * Https boot in OvmfPkg.
> * BaseCrypt Library test. (Ovmf, EmulatorPkg)
>=20
My https boot test with ovmf looks good. The connection was rejected as ex=
pected when the server certificate wasn't enrolled. The bootloader images w=
ere downloaded after adding the certificate, and I can boot into the instal=
lation UI in the end.

I skipped the test for aavmf since TLS is still not enabled.

For the series.
Tested-by: Gary Lin <glin@suse.com>

> Important notice:
> Nt32Pkg doesn't support TimerLib
> > TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTem
> > TimerLib|plate.inf
> So it will failed in Nt32Pkg.
>=20
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Ting Ye <ting.ye@intel.com>
>=20
> Laszlo Ersek (1):
>   CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64
>=20
> Xiaoyu Lu (6):
>   CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL
>   CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>   CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue
>   CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>   CryptoPkg: Upgrade OpenSSL to 1.1.1b
>   CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
>=20
>  CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf    |   4 +-
>  CryptoPkg/Library/OpensslLib/OpensslLib.inf        |  76 ++++-
>  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf  |  67 ++++-
>  CryptoPkg/Library/Include/CrtLibSupport.h          |  13 +-
>  CryptoPkg/Library/Include/openssl/opensslconf.h    |  54 +++-
>  CryptoPkg/Library/Include/sys/syscall.h            |  11 +
>  CryptoPkg/Library/OpensslLib/buildinf.h            |   2 +
>  CryptoPkg/Library/OpensslLib/rand_pool_noise.h     |  29 ++
>  CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c |   8 +-
>  .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c      |   9 +-
>  .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c    |   8 +-
>  CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c     |  22 ++
>  CryptoPkg/Library/OpensslLib/ossl_store.c          |  17 ++
>  CryptoPkg/Library/OpensslLib/rand_pool.c           | 316 ++++++++++++++=
+++++++
>  CryptoPkg/Library/OpensslLib/rand_pool_noise.c     |  29 ++
>  CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c |  43 +++
>  CryptoPkg/Library/OpensslLib/openssl               |   2 +-
>  CryptoPkg/Library/OpensslLib/process_files.pl      |  11 +-
>  18 files changed, 669 insertions(+), 52 deletions(-)  create mode=20
> 100644 CryptoPkg/Library/Include/sys/syscall.h
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h
>  create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c
>=20
> --
> 2.7.4
>=20
>=20
>=20
>=20
>=20