From: "Wang, Jian J" <jian.j.wang@intel.com>
To: Laszlo Ersek <lersek@redhat.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"Lu, XiaoyuX" <xiaoyux.lu@intel.com>
Cc: "Ye, Ting" <ting.ye@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 6/6] CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible
Date: Thu, 9 May 2019 14:20:54 +0000 [thread overview]
Message-ID: <D827630B58408649ACB04F44C5100036258F63ED@SHSMSX107.ccr.corp.intel.com> (raw)
In-Reply-To: <b2113e36-b1c8-69c6-e279-3f5c96949bcf@redhat.com>
Laszlo,
> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Thursday, May 09, 2019 10:02 PM
> To: devel@edk2.groups.io; Lu, XiaoyuX <xiaoyux.lu@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting <ting.ye@intel.com>
> Subject: Re: [edk2-devel] [PATCH v2 6/6] CryptoPkg/BaseCryptLib: Make
> HMAC_CTX size backward compatible
>
> On 05/09/19 07:23, Xiaoyu lu wrote:
> > From: Xiaoyu Lu <xiaoyux.lu@intel.com>
> >
> > Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1089
> >
> > OpenSSL internally redefines the size of HMAC_CTX at
> > crypto/hmac/hmac_lcl.h(OpenSSL commit e0810e35).
>
> In my review at <https://edk2.groups.io/g/devel/message/39837>, I *also*
> asked for referencing <https://github.com/openssl/openssl/pull/4338>,
> because that PULL request discussion provides the rationale for the
> change. Well, whatever.
>
> > We should not use it directly and should remove relevant
> > functions(Hmac*GetContextSize).
>
> In the same review, in bullet (2), I asked that the v2 commit message
> please reference the *new* TianoCore BZ -- the one that tracks the
> HMAC_xxx_CTX_SIZE / Hmac*GetContextSize() removal.
>
> Jiaxin said in <https://edk2.groups.io/g/devel/message/39840> that he'd
> file such a BZ. Do we have that BZ now? Can we please mention it in the
> commit message?
>
My apology. I forgot to file one. Just entered one
https://bugzilla.tianocore.org/show_bug.cgi?id=1792
Regards,
Jian
> >
> > But for compatiblility, still updated HMAC_*_CTX_SIZE.
> >
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Ting Ye <ting.ye@intel.com>
> > Signed-off-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > ---
> > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 8 ++++++--
> > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 9 +++++++--
> > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c | 8 ++++++--
> > 3 files changed, 19 insertions(+), 6 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
> b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
> > index 3134806..3a90e03 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
> > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c
> > @@ -9,8 +9,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > #include "InternalCryptLib.h"
> > #include <openssl/hmac.h>
> >
> > -#define HMAC_MD5_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \
> > - sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK
> > +/**
> > + NOTE: OpenSSL redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h
> > + #define HMAC_MAX_MD_CBLOCK_SIZE 144
> > +**/
> > +#define HMAC_MD5_CTX_SIZE (sizeof(void *) * 4 + sizeof(unsigned int) + \
> > + sizeof(unsigned char) * 144)
> >
> > /**
> > Retrieves the size, in bytes, of the context buffer required for HMAC-MD5
> operations.
>
> In my review linked above, I asked for the comment to be removed. I
> guess you disagreed, ultimately.
>
> I agree that the new comment is acceptable. However, it does not conform
> to the edk2 coding style. We should use the // format, for comments like
> these.
>
> Summary:
> - please file the new BZ, and mention it too, in the commit message
> - please clean up the comment style.
>
> With both of those fixed, you can add
>
> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>
> Thanks
> Laszlo
>
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
> b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
> > index bbe3df4..a8e8d44 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
> > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c
> > @@ -9,8 +9,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > #include "InternalCryptLib.h"
> > #include <openssl/hmac.h>
> >
> > -#define HMAC_SHA1_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \
> > - sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK
> > +/**
> > + NOTE: OpenSSL redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h
> > + #define HMAC_MAX_MD_CBLOCK_SIZE 144
> > +
> > +**/
> > +#define HMAC_SHA1_CTX_SIZE (sizeof(void *) * 4 + sizeof(unsigned int) + \
> > + sizeof(unsigned char) * 144)
> >
> > /**
> > Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1
> operations.
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> > index ac9084f..fec60b1 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> > +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256.c
> > @@ -9,8 +9,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > #include "InternalCryptLib.h"
> > #include <openssl/hmac.h>
> >
> > -#define HMAC_SHA256_CTX_SIZE sizeof(void *) * 4 + sizeof(unsigned int) + \
> > - sizeof(unsigned char) * HMAC_MAX_MD_CBLOCK
> > +/**
> > + NOTE: OpenSSL redefines the size of HMAC_CTX at crypto/hmac/hmac_lcl.h
> > + #define HMAC_MAX_MD_CBLOCK_SIZE 144
> > +**/
> > +#define HMAC_SHA256_CTX_SIZE (sizeof(void *) * 4 + sizeof(unsigned int) +
> \
> > + sizeof(unsigned char) * 144)
> >
> > /**
> > Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256
> operations.
> >
next prev parent reply other threads:[~2019-05-09 14:20 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-09 5:23 [PATCH v2 1/6] CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL Xiaoyu lu
2019-05-09 5:23 ` [PATCH v2 2/6] CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl Xiaoyu lu
2019-05-09 13:42 ` [edk2-devel] " Laszlo Ersek
2019-05-10 8:51 ` Xiaoyu lu
2019-05-13 15:12 ` Laszlo Ersek
2019-05-14 12:41 ` Xiaoyu lu
2019-05-14 15:11 ` Laszlo Ersek
2019-05-09 5:23 ` [PATCH v2 3/6] CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue Xiaoyu lu
2019-05-09 17:16 ` [edk2-devel] " Laszlo Ersek
2019-05-09 5:23 ` [PATCH v2 4/6] CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL Xiaoyu lu
2019-05-09 13:48 ` [edk2-devel] " Laszlo Ersek
2019-05-09 5:23 ` [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b Xiaoyu lu
2019-05-09 17:15 ` [edk2-devel] " Laszlo Ersek
2019-05-09 17:30 ` Laszlo Ersek
2019-05-10 10:26 ` Wang, Jian J
2019-05-13 16:14 ` Laszlo Ersek
2019-05-14 7:03 ` Wang, Jian J
2019-05-14 10:58 ` Laszlo Ersek
2019-05-14 13:25 ` Wang, Jian J
2019-05-14 15:08 ` Laszlo Ersek
2019-05-09 20:58 ` Laszlo Ersek
2019-05-10 8:51 ` Xiaoyu lu
2019-05-09 5:23 ` [PATCH v2 6/6] CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible Xiaoyu lu
2019-05-09 14:01 ` [edk2-devel] " Laszlo Ersek
2019-05-09 14:20 ` Wang, Jian J [this message]
2019-05-09 21:34 ` Laszlo Ersek
2019-05-09 11:32 ` [edk2-devel] [PATCH v2 1/6] CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D827630B58408649ACB04F44C5100036258F63ED@SHSMSX107.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox