Re: [edk2-devel] [PATCH v3 0/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b

["Laszlo Ersek" <lersek@redhat.com>]

On 05/13/19 15:25, Xiaoyu lu wrote:
> (1) CryptoPkg/OpensslLib: Modify process_files.pl for  upgrading OpenSSL
>   OpenSSL only support seeding NONE for UEFI(rand_unix.c line 93).
>   So add --with-rand-seed=none to process_files.pl.
> 
> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in  process_files.pl
>   When running process_files.py to configure OpenSSL, we can exclude some unnecessary files. This can reduce porting time, compiling time and library size.
> 
> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved  external symbol issue
> 
> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>   Disable warning for building OpenSSL_1_1_1b
> 
> (5) CryptoPkg: Upgrade OpenSSL to 1.1.1b
>   Update OpenSSL submodule to OpenSSL_1_1_1b
>   OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687)
> 
>   OpenSSL doesn't implement some rand_pool function for UEFI.
>   Use EFI_RNG_PROTOCOL to generate random for entropy.
>   If EFI_RNG_PROTOCOL is not avaliable, fall back to performance
>   counter, but we not sure about the amount of randomness it provides.
> 
> (6) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward  compatible
> 
>   Note: Will be remove next update.
>   Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1792
>   Ref: https://github.com/openssl/openssl/pull/4338
> 
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Ting Ye <ting.ye@intel.com>

I'm withdrawing from reviewing or testing this series.

Gary, if you have the time, can you please regression test this (for
HTTPS boot) in both OVMF and ArmVirtQemu?

Thank you
Laszlo