From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by groups.io with SMTP; Mon, 13 May 2019 12:24:42 -0700
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id EAEE059467;
	Mon, 13 May 2019 19:24:41 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-123-237.rdu2.redhat.com [10.10.123.237])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 969D65D706;
	Mon, 13 May 2019 19:24:40 +0000 (UTC)
Subject: Re: [edk2-devel] [PATCH v3 0/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b
To: devel@edk2.groups.io, xiaoyux.lu@intel.com, Gary Lin <glin@suse.com>
Cc: Jian J Wang <jian.j.wang@intel.com>, Ting Ye <ting.ye@intel.com>
References: <1557753912-30122-1-git-send-email-xiaoyux.lu@intel.com>
From: "Laszlo Ersek" <lersek@redhat.com>
Message-ID: <d0e9102a-4b90-9277-532a-36df98f3b8e4@redhat.com>
Date: Mon, 13 May 2019 21:24:39 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <1557753912-30122-1-git-send-email-xiaoyux.lu@intel.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Mon, 13 May 2019 19:24:42 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 05/13/19 15:25, Xiaoyu lu wrote:
> (1) CryptoPkg/OpensslLib: Modify process_files.pl for  upgrading OpenSSL
>   OpenSSL only support seeding NONE for UEFI(rand_unix.c line 93).
>   So add --with-rand-seed=none to process_files.pl.
> 
> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in  process_files.pl
>   When running process_files.py to configure OpenSSL, we can exclude some unnecessary files. This can reduce porting time, compiling time and library size.
> 
> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved  external symbol issue
> 
> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>   Disable warning for building OpenSSL_1_1_1b
> 
> (5) CryptoPkg: Upgrade OpenSSL to 1.1.1b
>   Update OpenSSL submodule to OpenSSL_1_1_1b
>   OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687)
> 
>   OpenSSL doesn't implement some rand_pool function for UEFI.
>   Use EFI_RNG_PROTOCOL to generate random for entropy.
>   If EFI_RNG_PROTOCOL is not avaliable, fall back to performance
>   counter, but we not sure about the amount of randomness it provides.
> 
> (6) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward  compatible
> 
>   Note: Will be remove next update.
>   Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1792
>   Ref: https://github.com/openssl/openssl/pull/4338
> 
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Ting Ye <ting.ye@intel.com>

I'm withdrawing from reviewing or testing this series.

Gary, if you have the time, can you please regression test this (for
HTTPS boot) in both OVMF and ArmVirtQemu?

Thank you
Laszlo