Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Ard Biesheuvel" <ard.biesheuvel@linaro.org>
To: "Wang, Jian J" <jian.j.wang@intel.com>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>,
	Laszlo Ersek <lersek@redhat.com>,
	 "Lu, XiaoyuX" <xiaoyux.lu@intel.com>,
	"Ye, Ting" <ting.ye@intel.com>,
	 Leif Lindholm <leif.lindholm@linaro.org>,
	"Gao, Liming" <liming.gao@intel.com>
Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Date: Tue, 21 May 2019 11:01:55 +0200	[thread overview]
Message-ID: <CAKv+Gu-BnjpMKmp=razAyep674HxxFtqkKct+Nd5ZgNhz2CZ-Q@mail.gmail.com> (raw)
In-Reply-To: <D827630B58408649ACB04F44C5100036258FEF76@SHSMSX107.ccr.corp.intel.com>

On Tue, 21 May 2019 at 09:43, Wang, Jian J <jian.j.wang@intel.com> wrote:
>
> Hi Ard,
>
> Any comments?
>
> Regards,
> Jian
>
> > -----Original Message-----
> > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Wang,
> > Jian J
> > Sent: Monday, May 20, 2019 9:41 AM
> > To: devel@edk2.groups.io; ard.biesheuvel@linaro.org; Laszlo Ersek
> > <lersek@redhat.com>
> > Cc: Lu, XiaoyuX <xiaoyux.lu@intel.com>; Ye, Ting <ting.ye@intel.com>; Leif
> > Lindholm <leif.lindholm@linaro.org>; Gao, Liming <liming.gao@intel.com>
> > Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
> >
> > Ard,
> >
> >
> > > -----Original Message-----
> > > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Ard
> > > Biesheuvel
> > > Sent: Friday, May 17, 2019 11:06 PM
> > > To: Laszlo Ersek <lersek@redhat.com>
> > > Cc: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io; Lu, XiaoyuX
> > > <xiaoyux.lu@intel.com>; Ye, Ting <ting.ye@intel.com>; Leif Lindholm
> > > <leif.lindholm@linaro.org>; Gao, Liming <liming.gao@intel.com>
> > > Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to
> > 1.1.1b
> > >
> > > On Fri, 17 May 2019 at 15:17, Laszlo Ersek <lersek@redhat.com> wrote:
> > > >
> > > > On 05/17/19 15:04, Laszlo Ersek wrote:
> > > > > On 05/17/19 07:11, Wang, Jian J wrote:
> > > > >> Hi Laszlo,
> > > > >>
> > > > >> There's already a float library used in OpensslLib.inf.
> > > > >>
> > > > >> [LibraryClasses.ARM]
> > > > >>   ArmSoftFloatLib
> > > > >>
> > > > >> The problem is that the below instance doesn't implement __aeabi_ui2d
> > > > >> and __aeabi_d2uiz (I encountered this one as well)
> > > > >>
> > > > >>   ArmPkg\Library\ArmSoftFloatLib\ArmSoftFloatLib.inf
> > > > >>
> > > > >> I think we can update this library support those two APIs. So what about
> > > > >> we still push the patch and file a BZ to fix this issue?
> > > > >
> > > > > I'm OK with that, but it will break ARM and AARCH64 platforms that
> > > > > consume OpensslLib (directly or through BaseCryptLib), so this question
> > > > > is up to Leif and Ard to decide.
> > > >
> > > > Correction: break ARM platforms only, not AARCH64.
> > > >
> > >
> > > We obviously need to fix this before we can upgrade to a new OpenSSL version.
> > >
> > > Do we really have a need for the random functions? These seem the only
> > > ones that use floating point, which the UEFI spec does not permit, so
> > > it would be better if we could fix this by removing the dependency on
> > > FP in the first place (and get rid of ArmSoftFloatLib entirely)
> > >
> >
> > BaseCryptLib provides RandSeed/RandBytes interface which wrap openssl rand
> > functionalities. These interfaces are used by following components in edk2
> >
> >   - CryptoPkg\Library\TlsLib\TlsInit.c
> >   - SecurityPkg\HddPassword\HddPasswordDxe.c
> >
> > Openssl components, like asn1, bn, evp, ocsp, pem, pkcs7, pkcs12, rsa, ssl (in
> > addition
> > to cms, dsa, srp, which are disabled in edk2) will call rand_* interface as well.
> >

If we have both internal (to Openssl) and external users of the RNG
api, then I guess there is no way to work around this. It is
unfortunate, since the RNG code in OpenSSL doesn't actually use double
types except for keeping an entropy count, which could just as easily
be kept in an integer variable.

So we will need to fix ArmSoftFloatLib before we can merge this
OpenSSL update. I'm happy to help doing that, could you please
summarize what we are missing today?

next prev parent reply	other threads:[~2019-05-21  9:02 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-16  7:54 [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b Xiaoyu lu
2019-05-16  7:54 ` [PATCH v4 1/7] CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL Xiaoyu lu
2019-05-16  7:54 ` [PATCH v4 2/7] CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl Xiaoyu lu
2019-05-16 15:51   ` [edk2-devel] " Laszlo Ersek
2019-05-16  7:54 ` [PATCH v4 3/7] CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue Xiaoyu lu
2019-05-16  7:54 ` [PATCH v4 4/7] CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL Xiaoyu lu
2019-05-16  7:54 ` [PATCH v4 5/7] CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 Xiaoyu lu
2019-05-16 15:58   ` [edk2-devel] " Laszlo Ersek
2019-05-16  7:54 ` [PATCH v4 6/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b Xiaoyu lu
2019-05-16 16:31   ` [edk2-devel] " Laszlo Ersek
2019-05-17 11:14     ` Xiaoyu Lu
2019-05-17 13:15       ` Laszlo Ersek
2019-05-18  7:16         ` Xiaoyu Lu
2019-05-16  7:54 ` [PATCH v4 7/7] CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible Xiaoyu lu
2019-05-16 18:25 ` [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b Laszlo Ersek
2019-05-17  5:11   ` Wang, Jian J
2019-05-17 13:04     ` Laszlo Ersek
2019-05-17 13:16       ` Laszlo Ersek
2019-05-17 15:06         ` Ard Biesheuvel
2019-05-20  1:40           ` Wang, Jian J
     [not found]           ` <15A0408CA29C0595.820@groups.io>
2019-05-21  7:43             ` Wang, Jian J
2019-05-21  9:01               ` Ard Biesheuvel [this message]
2019-05-21  9:09                 ` Wang, Jian J
2019-05-21 12:23                   ` Laszlo Ersek
2019-05-21 13:02                     ` Wang, Jian J
2019-05-21 13:34                       ` Laszlo Ersek
2019-05-21 13:39                     ` Ard Biesheuvel
2019-05-23  5:10                       ` Wang, Jian J
2019-05-17 10:12   ` Xiaoyu Lu
2019-05-17 13:08     ` Laszlo Ersek
2019-05-18  7:37       ` Xiaoyu Lu
2019-05-16 18:53 ` Laszlo Ersek
2019-05-17  5:00   ` [edk2-devel] " Wang, Jian J
2019-05-17  9:17 ` Gary Lin
2019-05-18  7:26   ` Xiaoyu Lu
2019-05-20  1:48     ` Gary Lin
2019-05-21 21:14 ` Laszlo Ersek
2019-05-22  0:10   ` Michael D Kinney
2019-05-22  9:05     ` Laszlo Ersek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAKv+Gu-BnjpMKmp=razAyep674HxxFtqkKct+Nd5ZgNhz2CZ-Q@mail.gmail.com' \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox