Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Ard, > -Original Message- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Ard > Biesheuvel > Sent: Tuesday, May 21, 2019 9:39 PM > To: Laszlo Ersek > Cc: Wang, Jian J ; devel@edk2.groups.io; Lu, XiaoyuX > ; Ye, Ting ; Leif Lindholm > ; Gao, Liming > Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b > > On Tue, 21 May 2019 at 13:23, Laszlo Ersek wrote: > > > > Hi, > > > > On 05/21/19 11:09, Wang, Jian J wrote: > > > Ard, > > > > > >> -Original Message- > > >> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Ard > > >> Biesheuvel > > >> Sent: Tuesday, May 21, 2019 5:02 PM > > >> To: Wang, Jian J > > >> Cc: devel@edk2.groups.io; Laszlo Ersek ; Lu, XiaoyuX > > >> ; Ye, Ting ; Leif Lindholm > > >> ; Gao, Liming > > >> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to > 1.1.1b > > >> > > >> On Tue, 21 May 2019 at 09:43, Wang, Jian J wrote: > > >>> > > >>> Hi Ard, > > >>> > > >>> Any comments? > > >>> > > >>> Regards, > > >>> Jian > > >>> > > >>>> -Original Message----- > > >>>> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf > Of > > >> Wang, > > >>>> Jian J > > >>>> Sent: Monday, May 20, 2019 9:41 AM > > >>>> To: devel@edk2.groups.io; ard.biesheu...@linaro.org; Laszlo Ersek > > >>>> > > >>>> Cc: Lu, XiaoyuX ; Ye, Ting ; > Leif > > >>>> Lindholm ; Gao, Liming > > > >>>> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to > > >> 1.1.1b > > >>>> > > >>>> Ard, > > >>>> > > >>>> > > >>>>> -Original Message- > > >>>>> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf > Of > > >> Ard > > >>>>> Biesheuvel > > >>>>> Sent: Friday, May 17, 2019 11:06 PM > > >>>>> To: Laszlo Ersek > > >>>>> Cc: Wang, Jian J ; devel@edk2.groups.io; Lu, > > >> XiaoyuX > > >>>>> ; Ye, Ting ; Leif Lindholm > > >>>>> ; Gao, Liming > > >>>>> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL > to > > >>>> 1.1.1b > > >>>>> > > >>>>> On Fri, 17 May 2019 at 15:17, Laszlo Ersek wrote: > > >>>>>> > > >>>>>> On 05/17/19 15:04, Laszlo Ersek wrote: > > >>>>>>> On 05/17/19 07:11, Wang, Jian J wrote: > > >>>>>>>> Hi Laszlo, > > >>>>>>>> > > >>>>>>>> There's already a float library used in OpensslLib.inf. > > >>>>>>>> > > >>>>>>>> [LibraryClasses.ARM] > > >>>>>>>> ArmSoftFloatLib > > >>>>>>>> > > >>>>>>>> The problem is that the below instance doesn't implement > > >> __aeabi_ui2d > > >>>>>>>> and __aeabi_d2uiz (I encountered this one as well) > > >>>>>>>> > > >>>>>>>> ArmPkg\Library\ArmSoftFloatLib\ArmSoftFloatLib.inf > > >>>>>>>> > > >>>>>>>> I think we can update this library support those two APIs. So what > > >> about > > >>>>>>>> we still push the patch and file a BZ to fix this issue? > > >>>>>>> > > >>>>>>> I'm OK with that, but it will break ARM and AARCH64 platforms that > > >>>>>>> consume OpensslLib (directly or through BaseCryptLib), so this > question > > >>>>>>> is up to Leif and Ard to decide. > > >>>>>> > > >>>>>> Correction: break ARM platforms only, not AARCH64. > > >>>>>> > > >>>>> > > >>>>> We obviously need to fix this before we can upgrade to a new OpenSSL > > >> version. > > >>>>> > > >>>>> Do we really have a need for the random functions? These seem the > only > >
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
On 05/22/19 02:10, Kinney, Michael D wrote: > Hi Laszlo, > > Another option we can consider is delaying the > freeze windows and release date (if required) to > accommodate the OpenSSL 1.1.1b feature. Yes, that's reasonable. And, the same argument could apply to <https://bugzilla.tianocore.org/show_bug.cgi?id=1293>. As I just wrote in another email, we might want to generally switch to a feature-oriented release schedule, from a purely time-based one. It solves some issues, and raises some others (such as: feature creep, indefinite slips, and debates about what features are critical). I'm open to such a workflow change. Thanks! Laszlo > The following page shows that the current branch > being used by EDK II (1.1.0j) with EOL on 9/11/2019. > > https://www.openssl.org/policies/releasestrat.html > > Best regards, > > Mike > >> -Original Message- >> From: devel@edk2.groups.io >> [mailto:devel@edk2.groups.io] On Behalf Of Laszlo Ersek >> Sent: Tuesday, May 21, 2019 2:15 PM >> To: devel@edk2.groups.io; Lu, XiaoyuX >> >> Cc: Wang, Jian J ; Ye, Ting >> >> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: >> Upgrade OpenSSL to 1.1.1b >> >> On 05/16/19 09:54, Xiaoyu lu wrote: >>> This series is also available at: >>> >> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_ >> to_openssl_1_1_1b_v4 >>> >>> Changes: >>> >>> (1) CryptoPkgOpensslLib: Modify process_files.pl for >> upgrading OpenSSL >>> >>> (2) CryptoPkg/OpensslLib: Exclude unnecessary files >> in process_files.pl >>> crypto/store/* are excluded. >>> crypto/rand/randfile.c is excluded. >>> >>> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved >> external symbol issue >>> >>> (4) CryptoPkg/OpensslLib: Prepare for upgrading >> OpenSSL >>> Disable warnings for buiding OpenSSL_1_1_1b >>> >>> (5) CryptoPkg/OpensslLib: Fix cross-build problem for >> AARCH64 >>> >>> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b >>> The biggest change is use TSC as entropy source >>> If TSC isn't avaiable, fallback to >> TimerLib(PerformanceCounter). >>> >>> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size >> backward compatible >>> >>> >>> Verification done for this series: >>> * Https boot in OvmfPkg. >>> * BaseCrypt Library test. (Ovmf, EmulatorPkg) >>> >>> Important notice: >>> Nt32Pkg doesn't support TimerLib >>>> >> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTi >> merLibNullTemplate.inf >>> So it will failed in Nt32Pkg. >>> >>> Cc: Jian J Wang >>> Cc: Ting Ye >> >> This feature has missed edk2-stable201905. >> >> Please postpone the following BZ reference: >> >> https://bugzilla.tianocore.org/show_bug.cgi?id=1089 >> >> from >> >> >> https://github.com/tianocore/tianocore.github.io/wiki/E >> DK-II-Release-Planning#edk2-stable201905-tag-planning >> >> to >> >> >> https://github.com/tianocore/tianocore.github.io/wiki/E >> DK-II-Release-Planning#edk2-stable201908-tag-planning >> >> Thanks, >> Laszlo >> >> > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#41211): https://edk2.groups.io/g/devel/message/41211 Mute This Topic: https://groups.io/mt/31638503/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Hi Laszlo, Another option we can consider is delaying the freeze windows and release date (if required) to accommodate the OpenSSL 1.1.1b feature. The following page shows that the current branch being used by EDK II (1.1.0j) with EOL on 9/11/2019. https://www.openssl.org/policies/releasestrat.html Best regards, Mike > -Original Message- > From: devel@edk2.groups.io > [mailto:devel@edk2.groups.io] On Behalf Of Laszlo Ersek > Sent: Tuesday, May 21, 2019 2:15 PM > To: devel@edk2.groups.io; Lu, XiaoyuX > > Cc: Wang, Jian J ; Ye, Ting > > Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: > Upgrade OpenSSL to 1.1.1b > > On 05/16/19 09:54, Xiaoyu lu wrote: > > This series is also available at: > > > https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_ > to_openssl_1_1_1b_v4 > > > > Changes: > > > > (1) CryptoPkgOpensslLib: Modify process_files.pl for > upgrading OpenSSL > > > > (2) CryptoPkg/OpensslLib: Exclude unnecessary files > in process_files.pl > > crypto/store/* are excluded. > > crypto/rand/randfile.c is excluded. > > > > (3) CryptoPkg/IntrinsicLib: Fix possible unresolved > external symbol issue > > > > (4) CryptoPkg/OpensslLib: Prepare for upgrading > OpenSSL > > Disable warnings for buiding OpenSSL_1_1_1b > > > > (5) CryptoPkg/OpensslLib: Fix cross-build problem for > AARCH64 > > > > (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b > > The biggest change is use TSC as entropy source > > If TSC isn't avaiable, fallback to > TimerLib(PerformanceCounter). > > > > (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size > backward compatible > > > > > > Verification done for this series: > > * Https boot in OvmfPkg. > > * BaseCrypt Library test. (Ovmf, EmulatorPkg) > > > > Important notice: > > Nt32Pkg doesn't support TimerLib > >> > TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTi > merLibNullTemplate.inf > > So it will failed in Nt32Pkg. > > > > Cc: Jian J Wang > > Cc: Ting Ye > > This feature has missed edk2-stable201905. > > Please postpone the following BZ reference: > > https://bugzilla.tianocore.org/show_bug.cgi?id=1089 > > from > > > https://github.com/tianocore/tianocore.github.io/wiki/E > DK-II-Release-Planning#edk2-stable201905-tag-planning > > to > > > https://github.com/tianocore/tianocore.github.io/wiki/E > DK-II-Release-Planning#edk2-stable201908-tag-planning > > Thanks, > Laszlo > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#41176): https://edk2.groups.io/g/devel/message/41176 Mute This Topic: https://groups.io/mt/31638503/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
On 05/16/19 09:54, Xiaoyu lu wrote: > This series is also available at: > https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_1b_v4 > > Changes: > > (1) CryptoPkgOpensslLib: Modify process_files.pl for upgrading OpenSSL > > (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl > crypto/store/* are excluded. > crypto/rand/randfile.c is excluded. > > (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue > > (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL > Disable warnings for buiding OpenSSL_1_1_1b > > (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 > > (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b > The biggest change is use TSC as entropy source > If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter). > > (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible > > > Verification done for this series: > * Https boot in OvmfPkg. > * BaseCrypt Library test. (Ovmf, EmulatorPkg) > > Important notice: > Nt32Pkg doesn't support TimerLib >> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf > So it will failed in Nt32Pkg. > > Cc: Jian J Wang > Cc: Ting Ye This feature has missed edk2-stable201905. Please postpone the following BZ reference: https://bugzilla.tianocore.org/show_bug.cgi?id=1089 from https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Planning#edk2-stable201905-tag-planning to https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Planning#edk2-stable201908-tag-planning Thanks, Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#41172): https://edk2.groups.io/g/devel/message/41172 Mute This Topic: https://groups.io/mt/31638503/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
On Tue, 21 May 2019 at 13:23, Laszlo Ersek wrote: > > Hi, > > On 05/21/19 11:09, Wang, Jian J wrote: > > Ard, > > > >> -Original Message- > >> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Ard > >> Biesheuvel > >> Sent: Tuesday, May 21, 2019 5:02 PM > >> To: Wang, Jian J > >> Cc: devel@edk2.groups.io; Laszlo Ersek ; Lu, XiaoyuX > >> ; Ye, Ting ; Leif Lindholm > >> ; Gao, Liming > >> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to > >> 1.1.1b > >> > >> On Tue, 21 May 2019 at 09:43, Wang, Jian J wrote: > >>> > >>> Hi Ard, > >>> > >>> Any comments? > >>> > >>> Regards, > >>> Jian > >>> > >>>> -Original Message- > >>>> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > >> Wang, > >>>> Jian J > >>>> Sent: Monday, May 20, 2019 9:41 AM > >>>> To: devel@edk2.groups.io; ard.biesheu...@linaro.org; Laszlo Ersek > >>>> > >>>> Cc: Lu, XiaoyuX ; Ye, Ting ; > >>>> Leif > >>>> Lindholm ; Gao, Liming > >>>> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to > >> 1.1.1b > >>>> > >>>> Ard, > >>>> > >>>> > >>>>> -Original Message- > >>>>> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > >> Ard > >>>>> Biesheuvel > >>>>> Sent: Friday, May 17, 2019 11:06 PM > >>>>> To: Laszlo Ersek > >>>>> Cc: Wang, Jian J ; devel@edk2.groups.io; Lu, > >> XiaoyuX > >>>>> ; Ye, Ting ; Leif Lindholm > >>>>> ; Gao, Liming > >>>>> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to > >>>> 1.1.1b > >>>>> > >>>>> On Fri, 17 May 2019 at 15:17, Laszlo Ersek wrote: > >>>>>> > >>>>>> On 05/17/19 15:04, Laszlo Ersek wrote: > >>>>>>> On 05/17/19 07:11, Wang, Jian J wrote: > >>>>>>>> Hi Laszlo, > >>>>>>>> > >>>>>>>> There's already a float library used in OpensslLib.inf. > >>>>>>>> > >>>>>>>> [LibraryClasses.ARM] > >>>>>>>> ArmSoftFloatLib > >>>>>>>> > >>>>>>>> The problem is that the below instance doesn't implement > >> __aeabi_ui2d > >>>>>>>> and __aeabi_d2uiz (I encountered this one as well) > >>>>>>>> > >>>>>>>> ArmPkg\Library\ArmSoftFloatLib\ArmSoftFloatLib.inf > >>>>>>>> > >>>>>>>> I think we can update this library support those two APIs. So what > >> about > >>>>>>>> we still push the patch and file a BZ to fix this issue? > >>>>>>> > >>>>>>> I'm OK with that, but it will break ARM and AARCH64 platforms that > >>>>>>> consume OpensslLib (directly or through BaseCryptLib), so this > >>>>>>> question > >>>>>>> is up to Leif and Ard to decide. > >>>>>> > >>>>>> Correction: break ARM platforms only, not AARCH64. > >>>>>> > >>>>> > >>>>> We obviously need to fix this before we can upgrade to a new OpenSSL > >> version. > >>>>> > >>>>> Do we really have a need for the random functions? These seem the only > >>>>> ones that use floating point, which the UEFI spec does not permit, so > >>>>> it would be better if we could fix this by removing the dependency on > >>>>> FP in the first place (and get rid of ArmSoftFloatLib entirely) > >>>>> > >>>> > >>>> BaseCryptLib provides RandSeed/RandBytes interface which wrap openssl > >> rand > >>>> functionalities. These interfaces are used by following components in > >>>> edk2 > >>>> > >>>> - CryptoPkg\Library\TlsLib\TlsInit.c > >>>> - SecurityPkg\HddPassword\HddPasswordDxe.c > >>>> > >>>> Openssl components, like asn1, bn, evp, ocsp, pem, pk
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
On 05/21/19 15:02, Wang, Jian J wrote: >> -Original Message- >> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of >> Laszlo Ersek >> Sent: Tuesday, May 21, 2019 8:24 PM >> To: Wang, Jian J ; devel@edk2.groups.io; >> ard.biesheu...@linaro.org >> Cc: Lu, XiaoyuX ; Ye, Ting ; Leif >> Lindholm ; Gao, Liming >> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b >> (2) NB, I think we can no longer merge this feature for >> edk2-stable201905. The soft feature freeze criterion is that all patches >> be reviewed (approved) on-list before the SFF date / announcement, and >> that was not fulfilled in this case. >> > > You're right. But we still need to complete the upgrade ASAP after stable tag. > There're several other features pending on it. True! >> (3) I can only report the failure that trips up the build for me. I did >> that here: >> >> http://mid.mail-archive.com/049e489c-b58f-0fc5-1c66- >> 8ad920d93...@redhat.com >> https://edk2.groups.io/g/devel/message/40823 >> >> >> Thus, for me, the missing symbol was "__aeabi_ui2d". >> >> It's possible that the 32-bit ARM build will fail at a different (later) >> stage as well, but I can't tell until I get past this one. (And I don't >> think I can implement a "shim" function for the missing symbol, just to >> let the build progress.) >> > > I got __aeabi_d2uiz reported missing, in addition to __aeabi_ui2d, if > I build with cross-compiler arm-linux-gnueabi-gcc-5. Using dummy > implementations of both them can make build pass. Any chances the > real implementation of these functions cause other missing symbol? (I'll let Ard answer this.) Thanks Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#41128): https://edk2.groups.io/g/devel/message/41128 Mute This Topic: https://groups.io/mt/31638503/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Laszlo, > -Original Message- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Laszlo Ersek > Sent: Tuesday, May 21, 2019 8:24 PM > To: Wang, Jian J ; devel@edk2.groups.io; > ard.biesheu...@linaro.org > Cc: Lu, XiaoyuX ; Ye, Ting ; Leif > Lindholm ; Gao, Liming > Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b > > Hi, > > On 05/21/19 11:09, Wang, Jian J wrote: > > Ard, > > > >> -Original Message- > >> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Ard > >> Biesheuvel > >> Sent: Tuesday, May 21, 2019 5:02 PM > >> To: Wang, Jian J > >> Cc: devel@edk2.groups.io; Laszlo Ersek ; Lu, XiaoyuX > >> ; Ye, Ting ; Leif Lindholm > >> ; Gao, Liming > >> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to > 1.1.1b > >> > >> On Tue, 21 May 2019 at 09:43, Wang, Jian J wrote: > >>> > >>> Hi Ard, > >>> > >>> Any comments? > >>> > >>> Regards, > >>> Jian > >>> > >>>> -Original Message- > >>>> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > >> Wang, > >>>> Jian J > >>>> Sent: Monday, May 20, 2019 9:41 AM > >>>> To: devel@edk2.groups.io; ard.biesheu...@linaro.org; Laszlo Ersek > >>>> > >>>> Cc: Lu, XiaoyuX ; Ye, Ting ; > Leif > >>>> Lindholm ; Gao, Liming > >>>> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to > >> 1.1.1b > >>>> > >>>> Ard, > >>>> > >>>> > >>>>> -Original Message- > >>>>> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf > Of > >> Ard > >>>>> Biesheuvel > >>>>> Sent: Friday, May 17, 2019 11:06 PM > >>>>> To: Laszlo Ersek > >>>>> Cc: Wang, Jian J ; devel@edk2.groups.io; Lu, > >> XiaoyuX > >>>>> ; Ye, Ting ; Leif Lindholm > >>>>> ; Gao, Liming > >>>>> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to > >>>> 1.1.1b > >>>>> > >>>>> On Fri, 17 May 2019 at 15:17, Laszlo Ersek wrote: > >>>>>> > >>>>>> On 05/17/19 15:04, Laszlo Ersek wrote: > >>>>>>> On 05/17/19 07:11, Wang, Jian J wrote: > >>>>>>>> Hi Laszlo, > >>>>>>>> > >>>>>>>> There's already a float library used in OpensslLib.inf. > >>>>>>>> > >>>>>>>> [LibraryClasses.ARM] > >>>>>>>> ArmSoftFloatLib > >>>>>>>> > >>>>>>>> The problem is that the below instance doesn't implement > >> __aeabi_ui2d > >>>>>>>> and __aeabi_d2uiz (I encountered this one as well) > >>>>>>>> > >>>>>>>> ArmPkg\Library\ArmSoftFloatLib\ArmSoftFloatLib.inf > >>>>>>>> > >>>>>>>> I think we can update this library support those two APIs. So what > >> about > >>>>>>>> we still push the patch and file a BZ to fix this issue? > >>>>>>> > >>>>>>> I'm OK with that, but it will break ARM and AARCH64 platforms that > >>>>>>> consume OpensslLib (directly or through BaseCryptLib), so this > >>>>>>> question > >>>>>>> is up to Leif and Ard to decide. > >>>>>> > >>>>>> Correction: break ARM platforms only, not AARCH64. > >>>>>> > >>>>> > >>>>> We obviously need to fix this before we can upgrade to a new OpenSSL > >> version. > >>>>> > >>>>> Do we really have a need for the random functions? These seem the only > >>>>> ones that use floating point, which the UEFI spec does not permit, so > >>>>> it would be better if we could fix this by removing the dependency on > >>>>> FP in the first place (and get rid of ArmSoftFloatLib entirely) > >>>>> > >>>> > >>>> BaseCryptLib provides RandSeed/RandBytes interface which wrap openssl > >> rand > >>>> funct
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Hi, On 05/21/19 11:09, Wang, Jian J wrote: > Ard, > >> -Original Message- >> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Ard >> Biesheuvel >> Sent: Tuesday, May 21, 2019 5:02 PM >> To: Wang, Jian J >> Cc: devel@edk2.groups.io; Laszlo Ersek ; Lu, XiaoyuX >> ; Ye, Ting ; Leif Lindholm >> ; Gao, Liming >> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b >> >> On Tue, 21 May 2019 at 09:43, Wang, Jian J wrote: >>> >>> Hi Ard, >>> >>> Any comments? >>> >>> Regards, >>> Jian >>> >>>> -Original Message- >>>> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of >> Wang, >>>> Jian J >>>> Sent: Monday, May 20, 2019 9:41 AM >>>> To: devel@edk2.groups.io; ard.biesheu...@linaro.org; Laszlo Ersek >>>> >>>> Cc: Lu, XiaoyuX ; Ye, Ting ; Leif >>>> Lindholm ; Gao, Liming >>>> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to >> 1.1.1b >>>> >>>> Ard, >>>> >>>> >>>>> -----Original Message----- >>>>> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of >> Ard >>>>> Biesheuvel >>>>> Sent: Friday, May 17, 2019 11:06 PM >>>>> To: Laszlo Ersek >>>>> Cc: Wang, Jian J ; devel@edk2.groups.io; Lu, >> XiaoyuX >>>>> ; Ye, Ting ; Leif Lindholm >>>>> ; Gao, Liming >>>>> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to >>>> 1.1.1b >>>>> >>>>> On Fri, 17 May 2019 at 15:17, Laszlo Ersek wrote: >>>>>> >>>>>> On 05/17/19 15:04, Laszlo Ersek wrote: >>>>>>> On 05/17/19 07:11, Wang, Jian J wrote: >>>>>>>> Hi Laszlo, >>>>>>>> >>>>>>>> There's already a float library used in OpensslLib.inf. >>>>>>>> >>>>>>>> [LibraryClasses.ARM] >>>>>>>> ArmSoftFloatLib >>>>>>>> >>>>>>>> The problem is that the below instance doesn't implement >> __aeabi_ui2d >>>>>>>> and __aeabi_d2uiz (I encountered this one as well) >>>>>>>> >>>>>>>> ArmPkg\Library\ArmSoftFloatLib\ArmSoftFloatLib.inf >>>>>>>> >>>>>>>> I think we can update this library support those two APIs. So what >> about >>>>>>>> we still push the patch and file a BZ to fix this issue? >>>>>>> >>>>>>> I'm OK with that, but it will break ARM and AARCH64 platforms that >>>>>>> consume OpensslLib (directly or through BaseCryptLib), so this question >>>>>>> is up to Leif and Ard to decide. >>>>>> >>>>>> Correction: break ARM platforms only, not AARCH64. >>>>>> >>>>> >>>>> We obviously need to fix this before we can upgrade to a new OpenSSL >> version. >>>>> >>>>> Do we really have a need for the random functions? These seem the only >>>>> ones that use floating point, which the UEFI spec does not permit, so >>>>> it would be better if we could fix this by removing the dependency on >>>>> FP in the first place (and get rid of ArmSoftFloatLib entirely) >>>>> >>>> >>>> BaseCryptLib provides RandSeed/RandBytes interface which wrap openssl >> rand >>>> functionalities. These interfaces are used by following components in edk2 >>>> >>>> - CryptoPkg\Library\TlsLib\TlsInit.c >>>> - SecurityPkg\HddPassword\HddPasswordDxe.c >>>> >>>> Openssl components, like asn1, bn, evp, ocsp, pem, pkcs7, pkcs12, rsa, ssl >>>> (in >>>> addition >>>> to cms, dsa, srp, which are disabled in edk2) will call rand_* interface >>>> as well. >>>> >> >> If we have both internal (to Openssl) and external users of the RNG >> api, then I guess there is no way to work around this. It is >> unfortunate, since the RNG code in OpenSSL doesn't actually use double >> types except for keeping an entropy count, which could just as easily >> be kept in an integer variable. (1) I think I agree... However, it seems that the first function (or
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Ard, > -Original Message- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Ard > Biesheuvel > Sent: Tuesday, May 21, 2019 5:02 PM > To: Wang, Jian J > Cc: devel@edk2.groups.io; Laszlo Ersek ; Lu, XiaoyuX > ; Ye, Ting ; Leif Lindholm > ; Gao, Liming > Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b > > On Tue, 21 May 2019 at 09:43, Wang, Jian J wrote: > > > > Hi Ard, > > > > Any comments? > > > > Regards, > > Jian > > > > > -Original Message- > > > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Wang, > > > Jian J > > > Sent: Monday, May 20, 2019 9:41 AM > > > To: devel@edk2.groups.io; ard.biesheu...@linaro.org; Laszlo Ersek > > > > > > Cc: Lu, XiaoyuX ; Ye, Ting ; Leif > > > Lindholm ; Gao, Liming > > > Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to > 1.1.1b > > > > > > Ard, > > > > > > > > > > -Original Message- > > > > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Ard > > > > Biesheuvel > > > > Sent: Friday, May 17, 2019 11:06 PM > > > > To: Laszlo Ersek > > > > Cc: Wang, Jian J ; devel@edk2.groups.io; Lu, > XiaoyuX > > > > ; Ye, Ting ; Leif Lindholm > > > > ; Gao, Liming > > > > Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to > > > 1.1.1b > > > > > > > > On Fri, 17 May 2019 at 15:17, Laszlo Ersek wrote: > > > > > > > > > > On 05/17/19 15:04, Laszlo Ersek wrote: > > > > > > On 05/17/19 07:11, Wang, Jian J wrote: > > > > > >> Hi Laszlo, > > > > > >> > > > > > >> There's already a float library used in OpensslLib.inf. > > > > > >> > > > > > >> [LibraryClasses.ARM] > > > > > >> ArmSoftFloatLib > > > > > >> > > > > > >> The problem is that the below instance doesn't implement > __aeabi_ui2d > > > > > >> and __aeabi_d2uiz (I encountered this one as well) > > > > > >> > > > > > >> ArmPkg\Library\ArmSoftFloatLib\ArmSoftFloatLib.inf > > > > > >> > > > > > >> I think we can update this library support those two APIs. So what > about > > > > > >> we still push the patch and file a BZ to fix this issue? > > > > > > > > > > > > I'm OK with that, but it will break ARM and AARCH64 platforms that > > > > > > consume OpensslLib (directly or through BaseCryptLib), so this > > > > > > question > > > > > > is up to Leif and Ard to decide. > > > > > > > > > > Correction: break ARM platforms only, not AARCH64. > > > > > > > > > > > > > We obviously need to fix this before we can upgrade to a new OpenSSL > version. > > > > > > > > Do we really have a need for the random functions? These seem the only > > > > ones that use floating point, which the UEFI spec does not permit, so > > > > it would be better if we could fix this by removing the dependency on > > > > FP in the first place (and get rid of ArmSoftFloatLib entirely) > > > > > > > > > > BaseCryptLib provides RandSeed/RandBytes interface which wrap openssl > rand > > > functionalities. These interfaces are used by following components in edk2 > > > > > > - CryptoPkg\Library\TlsLib\TlsInit.c > > > - SecurityPkg\HddPassword\HddPasswordDxe.c > > > > > > Openssl components, like asn1, bn, evp, ocsp, pem, pkcs7, pkcs12, rsa, > > > ssl (in > > > addition > > > to cms, dsa, srp, which are disabled in edk2) will call rand_* interface > > > as well. > > > > > If we have both internal (to Openssl) and external users of the RNG > api, then I guess there is no way to work around this. It is > unfortunate, since the RNG code in OpenSSL doesn't actually use double > types except for keeping an entropy count, which could just as easily > be kept in an integer variable. > > So we will need to fix ArmSoftFloatLib before we can merge this > OpenSSL update. I'm happy to help doing that, could you please > summarize what we are missing today? > Great. I think there're two intrinsic functions missing here __aeabi_ui2d __aeabi_d2uiz Laszlo, please double check if these two are enough. Thanks for doing this. Regards, Jian > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#41118): https://edk2.groups.io/g/devel/message/41118 Mute This Topic: https://groups.io/mt/31638503/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Hi Ard, Any comments? Regards, Jian > -Original Message- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Wang, > Jian J > Sent: Monday, May 20, 2019 9:41 AM > To: devel@edk2.groups.io; ard.biesheu...@linaro.org; Laszlo Ersek > > Cc: Lu, XiaoyuX ; Ye, Ting ; Leif > Lindholm ; Gao, Liming > Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b > > Ard, > > > > -Original Message- > > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Ard > > Biesheuvel > > Sent: Friday, May 17, 2019 11:06 PM > > To: Laszlo Ersek > > Cc: Wang, Jian J ; devel@edk2.groups.io; Lu, XiaoyuX > > ; Ye, Ting ; Leif Lindholm > > ; Gao, Liming > > Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to > 1.1.1b > > > > On Fri, 17 May 2019 at 15:17, Laszlo Ersek wrote: > > > > > > On 05/17/19 15:04, Laszlo Ersek wrote: > > > > On 05/17/19 07:11, Wang, Jian J wrote: > > > >> Hi Laszlo, > > > >> > > > >> There's already a float library used in OpensslLib.inf. > > > >> > > > >> [LibraryClasses.ARM] > > > >> ArmSoftFloatLib > > > >> > > > >> The problem is that the below instance doesn't implement __aeabi_ui2d > > > >> and __aeabi_d2uiz (I encountered this one as well) > > > >> > > > >> ArmPkg\Library\ArmSoftFloatLib\ArmSoftFloatLib.inf > > > >> > > > >> I think we can update this library support those two APIs. So what > > > >> about > > > >> we still push the patch and file a BZ to fix this issue? > > > > > > > > I'm OK with that, but it will break ARM and AARCH64 platforms that > > > > consume OpensslLib (directly or through BaseCryptLib), so this question > > > > is up to Leif and Ard to decide. > > > > > > Correction: break ARM platforms only, not AARCH64. > > > > > > > We obviously need to fix this before we can upgrade to a new OpenSSL > > version. > > > > Do we really have a need for the random functions? These seem the only > > ones that use floating point, which the UEFI spec does not permit, so > > it would be better if we could fix this by removing the dependency on > > FP in the first place (and get rid of ArmSoftFloatLib entirely) > > > > BaseCryptLib provides RandSeed/RandBytes interface which wrap openssl rand > functionalities. These interfaces are used by following components in edk2 > > - CryptoPkg\Library\TlsLib\TlsInit.c > - SecurityPkg\HddPassword\HddPasswordDxe.c > > Openssl components, like asn1, bn, evp, ocsp, pem, pkcs7, pkcs12, rsa, ssl (in > addition > to cms, dsa, srp, which are disabled in edk2) will call rand_* interface as > well. > > Regards, > Jian > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#41113): https://edk2.groups.io/g/devel/message/41113 Mute This Topic: https://groups.io/mt/31638503/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
On Sat, May 18, 2019 at 07:26:35AM +, Xiaoyu Lu wrote: > Gary Lin, > > Because I divided commit(PATCH v4 6/7) into two patches. Can I pick > your Tested-by tag for the two patches? > If there is no functional change, my "Tested-by" is still valid. I can do the test again for v5 if you like. BTW, I forgot to state that my "Tested-by" doesn't include "PATCH v4 5/7" since I didn't build aarch64 aavmf due to lacking of https support. Thanks, Gary Lin > Thanks > Xiaoyu > -Original Message- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Gary Lin > Sent: Friday, May 17, 2019 5:17 PM > To: devel@edk2.groups.io; Lu, XiaoyuX > Cc: Laszlo Ersek ; Wang, Jian J ; > Ye, Ting > Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b > > On Thu, May 16, 2019 at 03:54:51AM -0400, Xiaoyu lu wrote: > > This series is also available at: > > https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_ > > 1b_v4 > > > > Changes: > > > > (1) CryptoPkgOpensslLib: Modify process_files.pl for upgrading > > OpenSSL > > > > (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl > > crypto/store/* are excluded. > > crypto/rand/randfile.c is excluded. > > > > (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol > > issue > > > > (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL > > Disable warnings for buiding OpenSSL_1_1_1b > > > > (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 > > > > (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b > > The biggest change is use TSC as entropy source > > If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter). > > > > (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible > > > > > > Verification done for this series: > > * Https boot in OvmfPkg. > > * BaseCrypt Library test. (Ovmf, EmulatorPkg) > > > My https boot test with ovmf looks good. The connection was rejected as > expected when the server certificate wasn't enrolled. The bootloader images > were downloaded after adding the certificate, and I can boot into the > installation UI in the end. > > I skipped the test for aavmf since TLS is still not enabled. > > For the series. > Tested-by: Gary Lin > > > Important notice: > > Nt32Pkg doesn't support TimerLib > > > TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTem > > > TimerLib|plate.inf > > So it will failed in Nt32Pkg. > > > > Cc: Jian J Wang > > Cc: Ting Ye > > > > Laszlo Ersek (1): > > CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 > > > > Xiaoyu Lu (6): > > CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL > > CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl > > CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue > > CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL > > CryptoPkg: Upgrade OpenSSL to 1.1.1b > > CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible > > > > CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf| 4 +- > > CryptoPkg/Library/OpensslLib/OpensslLib.inf| 76 - > > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 67 - > > CryptoPkg/Library/Include/CrtLibSupport.h | 13 +- > > CryptoPkg/Library/Include/openssl/opensslconf.h| 54 +++- > > CryptoPkg/Library/Include/sys/syscall.h| 11 + > > CryptoPkg/Library/OpensslLib/buildinf.h| 2 + > > CryptoPkg/Library/OpensslLib/rand_pool_noise.h | 29 ++ > > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 8 +- > > .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 9 +- > > .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c| 8 +- > > CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c | 22 ++ > > CryptoPkg/Library/OpensslLib/ossl_store.c | 17 ++ > > CryptoPkg/Library/OpensslLib/rand_pool.c | 316 > > + > > CryptoPkg/Library/OpensslLib/rand_pool_noise.c | 29 ++ > > CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c | 43 +++ > > CryptoPkg/Library/OpensslLib/openssl | 2 +- > > CryptoPkg/Library/OpensslLib/process_files.pl | 11 +- > > 18 files changed, 669 insertions(+), 52 deletions(-) create mode > > 100644 CryptoPkg/Library/Include/sys/syscall.h > > create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h >
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Ard, > -Original Message- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Ard > Biesheuvel > Sent: Friday, May 17, 2019 11:06 PM > To: Laszlo Ersek > Cc: Wang, Jian J ; devel@edk2.groups.io; Lu, XiaoyuX > ; Ye, Ting ; Leif Lindholm > ; Gao, Liming > Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b > > On Fri, 17 May 2019 at 15:17, Laszlo Ersek wrote: > > > > On 05/17/19 15:04, Laszlo Ersek wrote: > > > On 05/17/19 07:11, Wang, Jian J wrote: > > >> Hi Laszlo, > > >> > > >> There's already a float library used in OpensslLib.inf. > > >> > > >> [LibraryClasses.ARM] > > >> ArmSoftFloatLib > > >> > > >> The problem is that the below instance doesn't implement __aeabi_ui2d > > >> and __aeabi_d2uiz (I encountered this one as well) > > >> > > >> ArmPkg\Library\ArmSoftFloatLib\ArmSoftFloatLib.inf > > >> > > >> I think we can update this library support those two APIs. So what about > > >> we still push the patch and file a BZ to fix this issue? > > > > > > I'm OK with that, but it will break ARM and AARCH64 platforms that > > > consume OpensslLib (directly or through BaseCryptLib), so this question > > > is up to Leif and Ard to decide. > > > > Correction: break ARM platforms only, not AARCH64. > > > > We obviously need to fix this before we can upgrade to a new OpenSSL version. > > Do we really have a need for the random functions? These seem the only > ones that use floating point, which the UEFI spec does not permit, so > it would be better if we could fix this by removing the dependency on > FP in the first place (and get rid of ArmSoftFloatLib entirely) > BaseCryptLib provides RandSeed/RandBytes interface which wrap openssl rand functionalities. These interfaces are used by following components in edk2 - CryptoPkg\Library\TlsLib\TlsInit.c - SecurityPkg\HddPassword\HddPasswordDxe.c Openssl components, like asn1, bn, evp, ocsp, pem, pkcs7, pkcs12, rsa, ssl (in addition to cms, dsa, srp, which are disabled in edk2) will call rand_* interface as well. Regards, Jian > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#40988): https://edk2.groups.io/g/devel/message/40988 Mute This Topic: https://groups.io/mt/31638503/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Laszlo, I'm so sorry that I made a mistake about your name. Thanks Xiaoyu -Original Message- From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Laszlo Ersek Sent: Friday, May 17, 2019 9:08 PM To: Lu, XiaoyuX ; devel@edk2.groups.io Cc: Wang, Jian J ; Ye, Ting ; Ard Biesheuvel ; Leif Lindholm Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b On 05/17/19 12:12, Lu, XiaoyuX wrote: > Hi, Lerszlo: well... I agree that my first name may not be trivial to spell, but you can always use the clipboard, whenever in doubt. For the record, it's "Laszlo". > > (1): > >> Unfortunately, I've found another build issue with this series. (My >> apologies that I didn't discover it earlier.) It is reported in the 32-bit >> (ARM) build of the ArmVirtQemu platform: >> >> CryptoPkg/Library/OpensslLib/openssl/crypto/rand/drbg_lib.c:1028: >> undefined reference to `__aeabi_ui2d' >> > > OpensslLib[Crypto].inf contains ArmSoftFloatLib as dependent library. > > In ArmSoftFloatLib: > > softfloat-for-gcc.h|98| #define uint32_to_float64 __floatunsidf > softfloat-for-gcc.h|222| #define __floatunsidf __aeabi_ui2d > > softfloat-for-gcc.h|128| #define float64_to_uint32_round_to_zero > __fixunsdfsi > softfloat-for-gcc.h|234| #define __fixunsdfsi__aeabi_d2uiz > > But *uint32_to_float64* and *float64_to_uint32_round_to_zero* aren't > implemented in softfloat.c > > If these two functions implement, the build will pass. (I use dummy > functions and try) See my response to Jian on this. > (2): > >> thus, preferably, a CryptoPkg patch series should be at least build tested >> (if not boot tested) for all arches, before being posted to the mailing list. > > I should test ARM, since IA32 arch has Intrinsic problem(_ftol2). It is very > likely that ARM arch does not support it either. > >> (Yes, CI would help a lot with such issues.) > > Now I don't have a CI environment here. > I will setup one for building OvmfPkg, ArmVirtPkg, EmulatorPkg. Sorry, I was unclear: I meant a community-level, central CI. Not a personal one. And, the central CI is undergoing design discussions right now. Thanks Laszlo > -Original Message- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Laszlo Ersek > Sent: Friday, May 17, 2019 2:26 AM > To: devel@edk2.groups.io; Lu, XiaoyuX > Cc: Wang, Jian J ; Ye, Ting > ; Ard Biesheuvel ; Leif > Lindholm > Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to > 1.1.1b > > Hi, > > (+ Ard and Leif) > > On 05/16/19 09:54, Xiaoyu lu wrote: >> This series is also available at: >> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1 >> _ >> 1b_v4 >> >> Changes: >> >> (1) CryptoPkgOpensslLib: Modify process_files.pl for upgrading >> OpenSSL >> >> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl >> crypto/store/* are excluded. >> crypto/rand/randfile.c is excluded. >> >> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol >> issue >> >> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL >> Disable warnings for buiding OpenSSL_1_1_1b >> >> (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 >> >> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b >> The biggest change is use TSC as entropy source >> If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter). >> >> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible >> >> >> Verification done for this series: >> * Https boot in OvmfPkg. >> * BaseCrypt Library test. (Ovmf, EmulatorPkg) >> >> Important notice: >> Nt32Pkg doesn't support TimerLib >>> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTem >>> TimerLib|p >>> TimerLib|late.inf >> So it will failed in Nt32Pkg. >> >> Cc: Jian J Wang >> Cc: Ting Ye >> >> Laszlo Ersek (1): >> CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 >> >> Xiaoyu Lu (6): >> CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL >> CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl >> CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue >> CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL >> CryptoPkg: Upgrade OpenSSL to 1.1.1b >> CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible >> >> CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf| 4 +-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Gary Lin, Because I divided commit(PATCH v4 6/7) into two patches. Can I pick your Tested-by tag for the two patches? Thanks Xiaoyu -Original Message- From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Gary Lin Sent: Friday, May 17, 2019 5:17 PM To: devel@edk2.groups.io; Lu, XiaoyuX Cc: Laszlo Ersek ; Wang, Jian J ; Ye, Ting Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b On Thu, May 16, 2019 at 03:54:51AM -0400, Xiaoyu lu wrote: > This series is also available at: > https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_ > 1b_v4 > > Changes: > > (1) CryptoPkgOpensslLib: Modify process_files.pl for upgrading > OpenSSL > > (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl > crypto/store/* are excluded. > crypto/rand/randfile.c is excluded. > > (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol > issue > > (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL > Disable warnings for buiding OpenSSL_1_1_1b > > (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 > > (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b > The biggest change is use TSC as entropy source > If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter). > > (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible > > > Verification done for this series: > * Https boot in OvmfPkg. > * BaseCrypt Library test. (Ovmf, EmulatorPkg) > My https boot test with ovmf looks good. The connection was rejected as expected when the server certificate wasn't enrolled. The bootloader images were downloaded after adding the certificate, and I can boot into the installation UI in the end. I skipped the test for aavmf since TLS is still not enabled. For the series. Tested-by: Gary Lin > Important notice: > Nt32Pkg doesn't support TimerLib > > TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTem > > TimerLib|plate.inf > So it will failed in Nt32Pkg. > > Cc: Jian J Wang > Cc: Ting Ye > > Laszlo Ersek (1): > CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 > > Xiaoyu Lu (6): > CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL > CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl > CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue > CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL > CryptoPkg: Upgrade OpenSSL to 1.1.1b > CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible > > CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf| 4 +- > CryptoPkg/Library/OpensslLib/OpensslLib.inf| 76 - > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 67 - > CryptoPkg/Library/Include/CrtLibSupport.h | 13 +- > CryptoPkg/Library/Include/openssl/opensslconf.h| 54 +++- > CryptoPkg/Library/Include/sys/syscall.h| 11 + > CryptoPkg/Library/OpensslLib/buildinf.h| 2 + > CryptoPkg/Library/OpensslLib/rand_pool_noise.h | 29 ++ > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 8 +- > .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 9 +- > .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c| 8 +- > CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c | 22 ++ > CryptoPkg/Library/OpensslLib/ossl_store.c | 17 ++ > CryptoPkg/Library/OpensslLib/rand_pool.c | 316 > + > CryptoPkg/Library/OpensslLib/rand_pool_noise.c | 29 ++ > CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c | 43 +++ > CryptoPkg/Library/OpensslLib/openssl | 2 +- > CryptoPkg/Library/OpensslLib/process_files.pl | 11 +- > 18 files changed, 669 insertions(+), 52 deletions(-) create mode > 100644 CryptoPkg/Library/Include/sys/syscall.h > create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h > create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c > create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c > create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c > create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c > create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > > -- > 2.7.4 > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#40977): https://edk2.groups.io/g/devel/message/40977 Mute This Topic: https://groups.io/mt/31638503/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
On Fri, 17 May 2019 at 15:17, Laszlo Ersek wrote: > > On 05/17/19 15:04, Laszlo Ersek wrote: > > On 05/17/19 07:11, Wang, Jian J wrote: > >> Hi Laszlo, > >> > >> There's already a float library used in OpensslLib.inf. > >> > >> [LibraryClasses.ARM] > >> ArmSoftFloatLib > >> > >> The problem is that the below instance doesn't implement __aeabi_ui2d > >> and __aeabi_d2uiz (I encountered this one as well) > >> > >> ArmPkg\Library\ArmSoftFloatLib\ArmSoftFloatLib.inf > >> > >> I think we can update this library support those two APIs. So what about > >> we still push the patch and file a BZ to fix this issue? > > > > I'm OK with that, but it will break ARM and AARCH64 platforms that > > consume OpensslLib (directly or through BaseCryptLib), so this question > > is up to Leif and Ard to decide. > > Correction: break ARM platforms only, not AARCH64. > We obviously need to fix this before we can upgrade to a new OpenSSL version. Do we really have a need for the random functions? These seem the only ones that use floating point, which the UEFI spec does not permit, so it would be better if we could fix this by removing the dependency on FP in the first place (and get rid of ArmSoftFloatLib entirely) -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#40925): https://edk2.groups.io/g/devel/message/40925 Mute This Topic: https://groups.io/mt/31638503/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
On 05/17/19 15:04, Laszlo Ersek wrote: > On 05/17/19 07:11, Wang, Jian J wrote: >> Hi Laszlo, >> >> There's already a float library used in OpensslLib.inf. >> >> [LibraryClasses.ARM] >> ArmSoftFloatLib >> >> The problem is that the below instance doesn't implement __aeabi_ui2d >> and __aeabi_d2uiz (I encountered this one as well) >> >> ArmPkg\Library\ArmSoftFloatLib\ArmSoftFloatLib.inf >> >> I think we can update this library support those two APIs. So what about >> we still push the patch and file a BZ to fix this issue? > > I'm OK with that, but it will break ARM and AARCH64 platforms that > consume OpensslLib (directly or through BaseCryptLib), so this question > is up to Leif and Ard to decide. Correction: break ARM platforms only, not AARCH64. Laszlo > Thanks > Laszlo > >>> -Original Message- >>> From: Laszlo Ersek [mailto:ler...@redhat.com] >>> Sent: Friday, May 17, 2019 2:26 AM >>> To: devel@edk2.groups.io; Lu, XiaoyuX >>> Cc: Wang, Jian J ; Ye, Ting ; Ard >>> Biesheuvel ; Leif Lindholm >>> >>> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to >>> 1.1.1b >>> >>> Hi, >>> >>> (+ Ard and Leif) >>> >>> On 05/16/19 09:54, Xiaoyu lu wrote: >>>> This series is also available at: >>>> >>> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_1b >>> _v4 >>>> >>>> Changes: >>>> >>>> (1) CryptoPkgOpensslLib: Modify process_files.pl for upgrading OpenSSL >>>> >>>> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl >>>> crypto/store/* are excluded. >>>> crypto/rand/randfile.c is excluded. >>>> >>>> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue >>>> >>>> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL >>>> Disable warnings for buiding OpenSSL_1_1_1b >>>> >>>> (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 >>>> >>>> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b >>>> The biggest change is use TSC as entropy source >>>> If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter). >>>> >>>> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible >>>> >>>> >>>> Verification done for this series: >>>> * Https boot in OvmfPkg. >>>> * BaseCrypt Library test. (Ovmf, EmulatorPkg) >>>> >>>> Important notice: >>>> Nt32Pkg doesn't support TimerLib >>>>> >>> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplat >>> e.inf >>>> So it will failed in Nt32Pkg. >>>> >>>> Cc: Jian J Wang >>>> Cc: Ting Ye >>>> >>>> Laszlo Ersek (1): >>>> CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 >>>> >>>> Xiaoyu Lu (6): >>>> CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL >>>> CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl >>>> CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue >>>> CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL >>>> CryptoPkg: Upgrade OpenSSL to 1.1.1b >>>> CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible >>>> >>>> CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf| 4 +- >>>> CryptoPkg/Library/OpensslLib/OpensslLib.inf| 76 - >>>> CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 67 - >>>> CryptoPkg/Library/Include/CrtLibSupport.h | 13 +- >>>> CryptoPkg/Library/Include/openssl/opensslconf.h| 54 +++- >>>> CryptoPkg/Library/Include/sys/syscall.h| 11 + >>>> CryptoPkg/Library/OpensslLib/buildinf.h| 2 + >>>> CryptoPkg/Library/OpensslLib/rand_pool_noise.h | 29 ++ >>>> CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 8 +- >>>> .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 9 +- >>>> .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c| 8 +- >>>> CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c | 22 ++ >>>> CryptoPkg/Library/OpensslLib/ossl_store.c | 17 ++ >>>> CryptoPkg/Library/OpensslLib/rand_pool.c | 316 >>>
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
On 05/17/19 12:12, Lu, XiaoyuX wrote: > Hi, Lerszlo: well... I agree that my first name may not be trivial to spell, but you can always use the clipboard, whenever in doubt. For the record, it's "Laszlo". > > (1): > >> Unfortunately, I've found another build issue with this series. (My >> apologies that I didn't discover it earlier.) It is reported in the 32-bit >> (ARM) build of the ArmVirtQemu platform: >> >> CryptoPkg/Library/OpensslLib/openssl/crypto/rand/drbg_lib.c:1028: >> undefined reference to `__aeabi_ui2d' >> > > OpensslLib[Crypto].inf contains ArmSoftFloatLib as dependent library. > > In ArmSoftFloatLib: > > softfloat-for-gcc.h|98| #define uint32_to_float64 __floatunsidf > softfloat-for-gcc.h|222| #define __floatunsidf __aeabi_ui2d > > softfloat-for-gcc.h|128| #define float64_to_uint32_round_to_zero > __fixunsdfsi > softfloat-for-gcc.h|234| #define __fixunsdfsi__aeabi_d2uiz > > But *uint32_to_float64* and *float64_to_uint32_round_to_zero* aren't > implemented in softfloat.c > > If these two functions implement, the build will pass. (I use dummy functions > and try) See my response to Jian on this. > (2): > >> thus, preferably, a CryptoPkg patch series should be at least build tested >> (if not boot tested) for all arches, before being posted to the mailing list. > > I should test ARM, since IA32 arch has Intrinsic problem(_ftol2). It is very > likely that ARM arch does not support it either. > >> (Yes, CI would help a lot with such issues.) > > Now I don't have a CI environment here. > I will setup one for building OvmfPkg, ArmVirtPkg, EmulatorPkg. Sorry, I was unclear: I meant a community-level, central CI. Not a personal one. And, the central CI is undergoing design discussions right now. Thanks Laszlo > -Original Message- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Laszlo > Ersek > Sent: Friday, May 17, 2019 2:26 AM > To: devel@edk2.groups.io; Lu, XiaoyuX > Cc: Wang, Jian J ; Ye, Ting ; Ard > Biesheuvel ; Leif Lindholm > > Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b > > Hi, > > (+ Ard and Leif) > > On 05/16/19 09:54, Xiaoyu lu wrote: >> This series is also available at: >> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_ >> 1b_v4 >> >> Changes: >> >> (1) CryptoPkgOpensslLib: Modify process_files.pl for upgrading >> OpenSSL >> >> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl >> crypto/store/* are excluded. >> crypto/rand/randfile.c is excluded. >> >> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol >> issue >> >> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL >> Disable warnings for buiding OpenSSL_1_1_1b >> >> (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 >> >> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b >> The biggest change is use TSC as entropy source >> If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter). >> >> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible >> >> >> Verification done for this series: >> * Https boot in OvmfPkg. >> * BaseCrypt Library test. (Ovmf, EmulatorPkg) >> >> Important notice: >> Nt32Pkg doesn't support TimerLib >>> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemp >>> TimerLib|late.inf >> So it will failed in Nt32Pkg. >> >> Cc: Jian J Wang >> Cc: Ting Ye >> >> Laszlo Ersek (1): >> CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 >> >> Xiaoyu Lu (6): >> CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL >> CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl >> CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue >> CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL >> CryptoPkg: Upgrade OpenSSL to 1.1.1b >> CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible >> >> CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf| 4 +- >> CryptoPkg/Library/OpensslLib/OpensslLib.inf| 76 - >> CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 67 - >> CryptoPkg/Library/Include/CrtLibSupport.h | 13 +- >> CryptoPkg/Library/Include/openssl/opensslconf.h| 54 +++- >> CryptoPkg/Library/Include/sys/syscall.h| 11 + >> CryptoPkg/Library/OpensslLib/buildinf.h| 2 + &g
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
On 05/17/19 07:11, Wang, Jian J wrote: > Hi Laszlo, > > There's already a float library used in OpensslLib.inf. > > [LibraryClasses.ARM] > ArmSoftFloatLib > > The problem is that the below instance doesn't implement __aeabi_ui2d > and __aeabi_d2uiz (I encountered this one as well) > > ArmPkg\Library\ArmSoftFloatLib\ArmSoftFloatLib.inf > > I think we can update this library support those two APIs. So what about > we still push the patch and file a BZ to fix this issue? I'm OK with that, but it will break ARM and AARCH64 platforms that consume OpensslLib (directly or through BaseCryptLib), so this question is up to Leif and Ard to decide. Thanks Laszlo >> -Original Message- >> From: Laszlo Ersek [mailto:ler...@redhat.com] >> Sent: Friday, May 17, 2019 2:26 AM >> To: devel@edk2.groups.io; Lu, XiaoyuX >> Cc: Wang, Jian J ; Ye, Ting ; Ard >> Biesheuvel ; Leif Lindholm >> >> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b >> >> Hi, >> >> (+ Ard and Leif) >> >> On 05/16/19 09:54, Xiaoyu lu wrote: >>> This series is also available at: >>> >> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_1b >> _v4 >>> >>> Changes: >>> >>> (1) CryptoPkgOpensslLib: Modify process_files.pl for upgrading OpenSSL >>> >>> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl >>> crypto/store/* are excluded. >>> crypto/rand/randfile.c is excluded. >>> >>> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue >>> >>> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL >>> Disable warnings for buiding OpenSSL_1_1_1b >>> >>> (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 >>> >>> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b >>> The biggest change is use TSC as entropy source >>> If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter). >>> >>> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible >>> >>> >>> Verification done for this series: >>> * Https boot in OvmfPkg. >>> * BaseCrypt Library test. (Ovmf, EmulatorPkg) >>> >>> Important notice: >>> Nt32Pkg doesn't support TimerLib >>>> >> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplat >> e.inf >>> So it will failed in Nt32Pkg. >>> >>> Cc: Jian J Wang >>> Cc: Ting Ye >>> >>> Laszlo Ersek (1): >>> CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 >>> >>> Xiaoyu Lu (6): >>> CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL >>> CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl >>> CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue >>> CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL >>> CryptoPkg: Upgrade OpenSSL to 1.1.1b >>> CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible >>> >>> CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf| 4 +- >>> CryptoPkg/Library/OpensslLib/OpensslLib.inf| 76 - >>> CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 67 - >>> CryptoPkg/Library/Include/CrtLibSupport.h | 13 +- >>> CryptoPkg/Library/Include/openssl/opensslconf.h| 54 +++- >>> CryptoPkg/Library/Include/sys/syscall.h| 11 + >>> CryptoPkg/Library/OpensslLib/buildinf.h| 2 + >>> CryptoPkg/Library/OpensslLib/rand_pool_noise.h | 29 ++ >>> CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 8 +- >>> .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 9 +- >>> .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c| 8 +- >>> CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c | 22 ++ >>> CryptoPkg/Library/OpensslLib/ossl_store.c | 17 ++ >>> CryptoPkg/Library/OpensslLib/rand_pool.c | 316 >> + >>> CryptoPkg/Library/OpensslLib/rand_pool_noise.c | 29 ++ >>> CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c | 43 +++ >>> CryptoPkg/Library/OpensslLib/openssl | 2 +- >>> CryptoPkg/Library/OpensslLib/process_files.pl | 11 +- >>> 18 files changed, 669 insertions(+), 52 deletions(-) >>> create mode 100644 CryptoPkg/Library/Include/sys/syscall.h >>> create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Hi, Lerszlo: (1): > Unfortunately, I've found another build issue with this series. (My apologies > that I didn't discover it earlier.) It is reported in the 32-bit (ARM) build > of the ArmVirtQemu platform: > > CryptoPkg/Library/OpensslLib/openssl/crypto/rand/drbg_lib.c:1028: > undefined reference to `__aeabi_ui2d' > OpensslLib[Crypto].inf contains ArmSoftFloatLib as dependent library. In ArmSoftFloatLib: softfloat-for-gcc.h|98| #define uint32_to_float64 __floatunsidf softfloat-for-gcc.h|222| #define __floatunsidf __aeabi_ui2d softfloat-for-gcc.h|128| #define float64_to_uint32_round_to_zero __fixunsdfsi softfloat-for-gcc.h|234| #define __fixunsdfsi__aeabi_d2uiz But *uint32_to_float64* and *float64_to_uint32_round_to_zero* aren't implemented in softfloat.c If these two functions implement, the build will pass. (I use dummy functions and try) (2): >thus, preferably, a CryptoPkg patch series should be at least build tested (if >not boot tested) for all arches, before being posted to the mailing list. I should test ARM, since IA32 arch has Intrinsic problem(_ftol2). It is very likely that ARM arch does not support it either. >(Yes, CI would help a lot with such issues.) Now I don't have a CI environment here. I will setup one for building OvmfPkg, ArmVirtPkg, EmulatorPkg. Thanks, Xiaoyu -Original Message- From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Laszlo Ersek Sent: Friday, May 17, 2019 2:26 AM To: devel@edk2.groups.io; Lu, XiaoyuX Cc: Wang, Jian J ; Ye, Ting ; Ard Biesheuvel ; Leif Lindholm Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b Hi, (+ Ard and Leif) On 05/16/19 09:54, Xiaoyu lu wrote: > This series is also available at: > https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_ > 1b_v4 > > Changes: > > (1) CryptoPkgOpensslLib: Modify process_files.pl for upgrading > OpenSSL > > (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl > crypto/store/* are excluded. > crypto/rand/randfile.c is excluded. > > (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol > issue > > (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL > Disable warnings for buiding OpenSSL_1_1_1b > > (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 > > (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b > The biggest change is use TSC as entropy source > If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter). > > (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible > > > Verification done for this series: > * Https boot in OvmfPkg. > * BaseCrypt Library test. (Ovmf, EmulatorPkg) > > Important notice: > Nt32Pkg doesn't support TimerLib >> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemp >> TimerLib|late.inf > So it will failed in Nt32Pkg. > > Cc: Jian J Wang > Cc: Ting Ye > > Laszlo Ersek (1): > CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 > > Xiaoyu Lu (6): > CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL > CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl > CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue > CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL > CryptoPkg: Upgrade OpenSSL to 1.1.1b > CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible > > CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf| 4 +- > CryptoPkg/Library/OpensslLib/OpensslLib.inf| 76 - > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 67 - > CryptoPkg/Library/Include/CrtLibSupport.h | 13 +- > CryptoPkg/Library/Include/openssl/opensslconf.h| 54 +++- > CryptoPkg/Library/Include/sys/syscall.h| 11 + > CryptoPkg/Library/OpensslLib/buildinf.h| 2 + > CryptoPkg/Library/OpensslLib/rand_pool_noise.h | 29 ++ > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 8 +- > .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 9 +- > .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c| 8 +- > CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c | 22 ++ > CryptoPkg/Library/OpensslLib/ossl_store.c | 17 ++ > CryptoPkg/Library/OpensslLib/rand_pool.c | 316 > + > CryptoPkg/Library/OpensslLib/rand_pool_noise.c | 29 ++ > CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c | 43 +++ > CryptoPkg/Library/OpensslLib/openssl | 2 +- > CryptoPkg/Library/OpensslLib/process_files.pl | 11 +- > 18 files changed, 669 insertions(+), 52 deletions(-) create mode > 100644 CryptoPkg/Library/Include/sys/syscall.h > cre
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
On Thu, May 16, 2019 at 03:54:51AM -0400, Xiaoyu lu wrote: > This series is also available at: > https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_1b_v4 > > Changes: > > (1) CryptoPkgOpensslLib: Modify process_files.pl for upgrading OpenSSL > > (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl > crypto/store/* are excluded. > crypto/rand/randfile.c is excluded. > > (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue > > (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL > Disable warnings for buiding OpenSSL_1_1_1b > > (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 > > (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b > The biggest change is use TSC as entropy source > If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter). > > (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible > > > Verification done for this series: > * Https boot in OvmfPkg. > * BaseCrypt Library test. (Ovmf, EmulatorPkg) > My https boot test with ovmf looks good. The connection was rejected as expected when the server certificate wasn't enrolled. The bootloader images were downloaded after adding the certificate, and I can boot into the installation UI in the end. I skipped the test for aavmf since TLS is still not enabled. For the series. Tested-by: Gary Lin > Important notice: > Nt32Pkg doesn't support TimerLib > > TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf > So it will failed in Nt32Pkg. > > Cc: Jian J Wang > Cc: Ting Ye > > Laszlo Ersek (1): > CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 > > Xiaoyu Lu (6): > CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL > CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl > CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue > CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL > CryptoPkg: Upgrade OpenSSL to 1.1.1b > CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible > > CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf| 4 +- > CryptoPkg/Library/OpensslLib/OpensslLib.inf| 76 - > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 67 - > CryptoPkg/Library/Include/CrtLibSupport.h | 13 +- > CryptoPkg/Library/Include/openssl/opensslconf.h| 54 +++- > CryptoPkg/Library/Include/sys/syscall.h| 11 + > CryptoPkg/Library/OpensslLib/buildinf.h| 2 + > CryptoPkg/Library/OpensslLib/rand_pool_noise.h | 29 ++ > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 8 +- > .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 9 +- > .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c| 8 +- > CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c | 22 ++ > CryptoPkg/Library/OpensslLib/ossl_store.c | 17 ++ > CryptoPkg/Library/OpensslLib/rand_pool.c | 316 > + > CryptoPkg/Library/OpensslLib/rand_pool_noise.c | 29 ++ > CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c | 43 +++ > CryptoPkg/Library/OpensslLib/openssl | 2 +- > CryptoPkg/Library/OpensslLib/process_files.pl | 11 +- > 18 files changed, 669 insertions(+), 52 deletions(-) > create mode 100644 CryptoPkg/Library/Include/sys/syscall.h > create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h > create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c > create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c > create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c > create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c > create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > > -- > 2.7.4 > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#40899): https://edk2.groups.io/g/devel/message/40899 Mute This Topic: https://groups.io/mt/31638503/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Hi Laszlo, There's already a float library used in OpensslLib.inf. [LibraryClasses.ARM] ArmSoftFloatLib The problem is that the below instance doesn't implement __aeabi_ui2d and __aeabi_d2uiz (I encountered this one as well) ArmPkg\Library\ArmSoftFloatLib\ArmSoftFloatLib.inf I think we can update this library support those two APIs. So what about we still push the patch and file a BZ to fix this issue? Regards, Jian > -Original Message- > From: Laszlo Ersek [mailto:ler...@redhat.com] > Sent: Friday, May 17, 2019 2:26 AM > To: devel@edk2.groups.io; Lu, XiaoyuX > Cc: Wang, Jian J ; Ye, Ting ; Ard > Biesheuvel ; Leif Lindholm > > Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b > > Hi, > > (+ Ard and Leif) > > On 05/16/19 09:54, Xiaoyu lu wrote: > > This series is also available at: > > > https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_1b > _v4 > > > > Changes: > > > > (1) CryptoPkgOpensslLib: Modify process_files.pl for upgrading OpenSSL > > > > (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl > > crypto/store/* are excluded. > > crypto/rand/randfile.c is excluded. > > > > (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue > > > > (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL > > Disable warnings for buiding OpenSSL_1_1_1b > > > > (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 > > > > (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b > > The biggest change is use TSC as entropy source > > If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter). > > > > (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible > > > > > > Verification done for this series: > > * Https boot in OvmfPkg. > > * BaseCrypt Library test. (Ovmf, EmulatorPkg) > > > > Important notice: > > Nt32Pkg doesn't support TimerLib > >> > TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplat > e.inf > > So it will failed in Nt32Pkg. > > > > Cc: Jian J Wang > > Cc: Ting Ye > > > > Laszlo Ersek (1): > > CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 > > > > Xiaoyu Lu (6): > > CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL > > CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl > > CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue > > CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL > > CryptoPkg: Upgrade OpenSSL to 1.1.1b > > CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible > > > > CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf| 4 +- > > CryptoPkg/Library/OpensslLib/OpensslLib.inf| 76 - > > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 67 - > > CryptoPkg/Library/Include/CrtLibSupport.h | 13 +- > > CryptoPkg/Library/Include/openssl/opensslconf.h| 54 +++- > > CryptoPkg/Library/Include/sys/syscall.h| 11 + > > CryptoPkg/Library/OpensslLib/buildinf.h| 2 + > > CryptoPkg/Library/OpensslLib/rand_pool_noise.h | 29 ++ > > CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 8 +- > > .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 9 +- > > .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c| 8 +- > > CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c | 22 ++ > > CryptoPkg/Library/OpensslLib/ossl_store.c | 17 ++ > > CryptoPkg/Library/OpensslLib/rand_pool.c | 316 > + > > CryptoPkg/Library/OpensslLib/rand_pool_noise.c | 29 ++ > > CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c | 43 +++ > > CryptoPkg/Library/OpensslLib/openssl | 2 +- > > CryptoPkg/Library/OpensslLib/process_files.pl | 11 +- > > 18 files changed, 669 insertions(+), 52 deletions(-) > > create mode 100644 CryptoPkg/Library/Include/sys/syscall.h > > create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h > > create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c > > create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c > > create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c > > create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c > > create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > > > > Unfortunately, I've found another build issue with this series. (My > apologies that I didn't discover it earlier.) It is reported in the > 32-bit (