[edk2-devel] [PATCH v3 0/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Xiaoyu lu
xiaoyux.lu at intel.com
Wed May 15 08:58:41 UTC 2019
Hi Laszlo:
Thanks for your information.
If I send the patch v4, I will provide a new branch in my personal repos and not modify it.
Thanks,
Xiaoyu
-----Original Message-----
From: Laszlo Ersek [mailto:lersek at redhat.com]
Sent: Wednesday, May 15, 2019 4:07 PM
To: Lu, XiaoyuX <xiaoyux.lu at intel.com>; devel at edk2.groups.io; glin at suse.com; Wang, Jian J <jian.j.wang at intel.com>
Cc: Ye, Ting <ting.ye at intel.com>
Subject: Re: [edk2-devel] [PATCH v3 0/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Hi Xiaoyu,
On 05/15/19 04:00, Lu, XiaoyuX wrote:
> Hi Gary Lin:
> I also need to modify the code about the entropy source today.
> But I have uploaded a TimerLib based implementation.
>
> https://github.com/xiaoyuxlu/edk2/commits/bz_1089_patch_v4
This is not a good strategy.
Please refer to contributor step 31:
https://github.com/tianocore/tianocore.github.io/wiki/Laszlo's-unkempt-git-guide-for-edk2-contributors-and-maintainers#contrib-31
You should push a topic branch called "xxxx_v4" *only* if you are ready to post it immediately to the list, as "PATCH v4".
Topic branches in personal repos must be *identical* to the corresponding posting on edk2-devel. And once such a topic branch is pushed and referenced in an edk2-devel posting, the branch should never ever be modified again. Not rebased, not force-pushed, not fast-forwarded to additional commits on top. Once you have a v4 posting on edk2-devel, the topic branch *for that version* becomes read-only. If you need updates, you need to prepare a v5.
It's OK to push (even force-push) branches to your personal repo that are work-in-progress. However, the name of the branch should be very clear about that. For example, you could call the branch "bz_1089_patch_v4_wip", with the "_wip" suffix standing for "work-in-progress". Then people fetching that branch will understand it's not final, and may easily change until the mailing list posting.
When you decide it's time to post, you can rename the branch (drop the "_wip" suffix), from which point on you should treat the branch as read-only.
Thanks
Laszlo
> -----Original Message-----
> From: devel at edk2.groups.io [mailto:devel at edk2.groups.io] On Behalf Of
> Gary Lin
> Sent: Wednesday, May 15, 2019 9:54 AM
> To: devel at edk2.groups.io; Wang, Jian J <jian.j.wang at intel.com>
> Cc: Laszlo Ersek <lersek at redhat.com>; Lu, XiaoyuX
> <xiaoyux.lu at intel.com>; Ye, Ting <ting.ye at intel.com>
> Subject: Re: [edk2-devel] [PATCH v3 0/6] CryptoPkg: Upgrade OpenSSL to
> 1.1.1b
>
> On Tue, May 14, 2019 at 01:26:15PM +0000, Wang, Jian J wrote:
>> Yes, please wait for v4 version of this patch series.
>
> Good. I'm looking forward to the new series :)
>
> Thanks,
>
> Gary Lin
>
>>
>> Regards,
>> Jian
>>
>>
>>> -----Original Message-----
>>> From: Laszlo Ersek [mailto:lersek at redhat.com]
>>> Sent: Tuesday, May 14, 2019 8:06 PM
>>> To: devel at edk2.groups.io; glin at suse.com
>>> Cc: Lu, XiaoyuX <xiaoyux.lu at intel.com>; Wang, Jian J
>>> <jian.j.wang at intel.com>; Ye, Ting <ting.ye at intel.com>
>>> Subject: Re: [edk2-devel] [PATCH v3 0/6] CryptoPkg: Upgrade OpenSSL
>>> to 1.1.1b
>>>
>>> On 05/14/19 08:16, Gary Lin wrote:
>>>> On Mon, May 13, 2019 at 09:24:39PM +0200, Laszlo Ersek wrote:
>>>>> On 05/13/19 15:25, Xiaoyu lu wrote:
>>>>>> (1) CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL
>>>>>> OpenSSL only support seeding NONE for UEFI(rand_unix.c line 93).
>>>>>> So add --with-rand-seed=none to process_files.pl.
>>>>>>
>>>>>> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl
>>>>>> When running process_files.py to configure OpenSSL, we can
>>>>>> exclude some
>>> unnecessary files. This can reduce porting time, compiling time and library size.
>>>>>>
>>>>>> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external
>>>>>> symbol issue
>>>>>>
>>>>>> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL
>>>>>> Disable warning for building OpenSSL_1_1_1b
>>>>>>
>>>>>> (5) CryptoPkg: Upgrade OpenSSL to 1.1.1b
>>>>>> Update OpenSSL submodule to OpenSSL_1_1_1b
>>>>>> OpenSSL_1_1_1b(50eaac9f3337667259de725451f201e784599687)
>>>>>>
>>>>>> OpenSSL doesn't implement some rand_pool function for UEFI.
>>>>>> Use EFI_RNG_PROTOCOL to generate random for entropy.
>>>>>> If EFI_RNG_PROTOCOL is not avaliable, fall back to performance
>>>>>> counter, but we not sure about the amount of randomness it provides.
>>>>>>
>>>>>> (6) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward
>>>>>> compatible
>>>>>>
>>>>>> Note: Will be remove next update.
>>>>>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1792
>>>>>> Ref: https://github.com/openssl/openssl/pull/4338
>>>>>>
>>>>>>
>>>>>> Cc: Jian J Wang <jian.j.wang at intel.com>
>>>>>> Cc: Ting Ye <ting.ye at intel.com>
>>>>>
>>>>> I'm withdrawing from reviewing or testing this series.
>>>>>
>>>>> Gary, if you have the time, can you please regression test this
>>>>> (for HTTPS boot) in both OVMF and ArmVirtQemu?
>>>>>
>>>> I'll find some time to do the regression test tomorrorw.
>>>
>>> Thanks, Gary!
>>>
>>> Xiaoyu might post a v4 with a remote topic branch for reviewers to
>>> fetch; I suggest awaiting that. (The series is difficult to apply
>>> with
>>> git-am.)
>>>
>>> Thanks
>>> Laszlo
>>>
>>>> Cheers,
>>>>
>>>> Gary Lin
>>>>
>>>>
>>>>
>>
>>
>>
>>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#40677): https://edk2.groups.io/g/devel/message/40677
Mute This Topic: https://groups.io/mt/31606972/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list