From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Tue, 14 May 2019 05:06:28 -0700 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 30C67307D96F; Tue, 14 May 2019 12:06:23 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-233.rdu2.redhat.com [10.10.120.233]) by smtp.corp.redhat.com (Postfix) with ESMTP id 903255D706; Tue, 14 May 2019 12:06:20 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v3 0/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b To: devel@edk2.groups.io, glin@suse.com Cc: xiaoyux.lu@intel.com, Jian J Wang , Ting Ye References: <1557753912-30122-1-git-send-email-xiaoyux.lu@intel.com> <20190514061630.GC23588@GaryWorkstation> From: "Laszlo Ersek" Message-ID: Date: Tue, 14 May 2019 14:06:18 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20190514061630.GC23588@GaryWorkstation> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Tue, 14 May 2019 12:06:23 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 05/14/19 08:16, Gary Lin wrote: > On Mon, May 13, 2019 at 09:24:39PM +0200, Laszlo Ersek wrote: >> On 05/13/19 15:25, Xiaoyu lu wrote: >>> (1) CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL >>> OpenSSL only support seeding NONE for UEFI(rand_unix.c line 93). >>> So add --with-rand-seed=none to process_files.pl. >>> >>> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl >>> When running process_files.py to configure OpenSSL, we can exclude some unnecessary files. This can reduce porting time, compiling time and library size. >>> >>> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue >>> >>> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL >>> Disable warning for building OpenSSL_1_1_1b >>> >>> (5) CryptoPkg: Upgrade OpenSSL to 1.1.1b >>> Update OpenSSL submodule to OpenSSL_1_1_1b >>> OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687) >>> >>> OpenSSL doesn't implement some rand_pool function for UEFI. >>> Use EFI_RNG_PROTOCOL to generate random for entropy. >>> If EFI_RNG_PROTOCOL is not avaliable, fall back to performance >>> counter, but we not sure about the amount of randomness it provides. >>> >>> (6) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible >>> >>> Note: Will be remove next update. >>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1792 >>> Ref: https://github.com/openssl/openssl/pull/4338 >>> >>> >>> Cc: Jian J Wang >>> Cc: Ting Ye >> >> I'm withdrawing from reviewing or testing this series. >> >> Gary, if you have the time, can you please regression test this (for >> HTTPS boot) in both OVMF and ArmVirtQemu? >> > I'll find some time to do the regression test tomorrorw. Thanks, Gary! Xiaoyu might post a v4 with a remote topic branch for reviewers to fetch; I suggest awaiting that. (The series is difficult to apply with git-am.) Thanks Laszlo > Cheers, > > Gary Lin > > >