[edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
Wang, Jian J
jian.j.wang at intel.com
Tue May 21 09:09:38 UTC 2019
Ard,
> -----Original Message-----
> From: devel at edk2.groups.io [mailto:devel at edk2.groups.io] On Behalf Of Ard
> Biesheuvel
> Sent: Tuesday, May 21, 2019 5:02 PM
> To: Wang, Jian J <jian.j.wang at intel.com>
> Cc: devel at edk2.groups.io; Laszlo Ersek <lersek at redhat.com>; Lu, XiaoyuX
> <xiaoyux.lu at intel.com>; Ye, Ting <ting.ye at intel.com>; Leif Lindholm
> <leif.lindholm at linaro.org>; Gao, Liming <liming.gao at intel.com>
> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to 1.1.1b
>
> On Tue, 21 May 2019 at 09:43, Wang, Jian J <jian.j.wang at intel.com> wrote:
> >
> > Hi Ard,
> >
> > Any comments?
> >
> > Regards,
> > Jian
> >
> > > -----Original Message-----
> > > From: devel at edk2.groups.io [mailto:devel at edk2.groups.io] On Behalf Of
> Wang,
> > > Jian J
> > > Sent: Monday, May 20, 2019 9:41 AM
> > > To: devel at edk2.groups.io; ard.biesheuvel at linaro.org; Laszlo Ersek
> > > <lersek at redhat.com>
> > > Cc: Lu, XiaoyuX <xiaoyux.lu at intel.com>; Ye, Ting <ting.ye at intel.com>; Leif
> > > Lindholm <leif.lindholm at linaro.org>; Gao, Liming <liming.gao at intel.com>
> > > Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to
> 1.1.1b
> > >
> > > Ard,
> > >
> > >
> > > > -----Original Message-----
> > > > From: devel at edk2.groups.io [mailto:devel at edk2.groups.io] On Behalf Of
> Ard
> > > > Biesheuvel
> > > > Sent: Friday, May 17, 2019 11:06 PM
> > > > To: Laszlo Ersek <lersek at redhat.com>
> > > > Cc: Wang, Jian J <jian.j.wang at intel.com>; devel at edk2.groups.io; Lu,
> XiaoyuX
> > > > <xiaoyux.lu at intel.com>; Ye, Ting <ting.ye at intel.com>; Leif Lindholm
> > > > <leif.lindholm at linaro.org>; Gao, Liming <liming.gao at intel.com>
> > > > Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to
> > > 1.1.1b
> > > >
> > > > On Fri, 17 May 2019 at 15:17, Laszlo Ersek <lersek at redhat.com> wrote:
> > > > >
> > > > > On 05/17/19 15:04, Laszlo Ersek wrote:
> > > > > > On 05/17/19 07:11, Wang, Jian J wrote:
> > > > > >> Hi Laszlo,
> > > > > >>
> > > > > >> There's already a float library used in OpensslLib.inf.
> > > > > >>
> > > > > >> [LibraryClasses.ARM]
> > > > > >> ArmSoftFloatLib
> > > > > >>
> > > > > >> The problem is that the below instance doesn't implement
> __aeabi_ui2d
> > > > > >> and __aeabi_d2uiz (I encountered this one as well)
> > > > > >>
> > > > > >> ArmPkg\Library\ArmSoftFloatLib\ArmSoftFloatLib.inf
> > > > > >>
> > > > > >> I think we can update this library support those two APIs. So what
> about
> > > > > >> we still push the patch and file a BZ to fix this issue?
> > > > > >
> > > > > > I'm OK with that, but it will break ARM and AARCH64 platforms that
> > > > > > consume OpensslLib (directly or through BaseCryptLib), so this question
> > > > > > is up to Leif and Ard to decide.
> > > > >
> > > > > Correction: break ARM platforms only, not AARCH64.
> > > > >
> > > >
> > > > We obviously need to fix this before we can upgrade to a new OpenSSL
> version.
> > > >
> > > > Do we really have a need for the random functions? These seem the only
> > > > ones that use floating point, which the UEFI spec does not permit, so
> > > > it would be better if we could fix this by removing the dependency on
> > > > FP in the first place (and get rid of ArmSoftFloatLib entirely)
> > > >
> > >
> > > BaseCryptLib provides RandSeed/RandBytes interface which wrap openssl
> rand
> > > functionalities. These interfaces are used by following components in edk2
> > >
> > > - CryptoPkg\Library\TlsLib\TlsInit.c
> > > - SecurityPkg\HddPassword\HddPasswordDxe.c
> > >
> > > Openssl components, like asn1, bn, evp, ocsp, pem, pkcs7, pkcs12, rsa, ssl (in
> > > addition
> > > to cms, dsa, srp, which are disabled in edk2) will call rand_* interface as well.
> > >
>
> If we have both internal (to Openssl) and external users of the RNG
> api, then I guess there is no way to work around this. It is
> unfortunate, since the RNG code in OpenSSL doesn't actually use double
> types except for keeping an entropy count, which could just as easily
> be kept in an integer variable.
>
> So we will need to fix ArmSoftFloatLib before we can merge this
> OpenSSL update. I'm happy to help doing that, could you please
> summarize what we are missing today?
>
Great. I think there're two intrinsic functions missing here
__aeabi_ui2d
__aeabi_d2uiz
Laszlo, please double check if these two are enough.
Thanks for doing this.
Regards,
Jian
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#41118): https://edk2.groups.io/g/devel/message/41118
Mute This Topic: https://groups.io/mt/31638503/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list