On 05/17/19 15:04, Laszlo Ersek wrote: > On 05/17/19 07:11, Wang, Jian J wrote: >> Hi Laszlo, >> >> There's already a float library used in OpensslLib.inf. >> >> [LibraryClasses.ARM] >> ArmSoftFloatLib >> >> The problem is that the below instance doesn't implement __aeabi_ui2d >> and __aeabi_d2uiz (I encountered this one as well) >> >> ArmPkg\Library\ArmSoftFloatLib\ArmSoftFloatLib.inf >> >> I think we can update this library support those two APIs. So what about >> we still push the patch and file a BZ to fix this issue? > > I'm OK with that, but it will break ARM and AARCH64 platforms that > consume OpensslLib (directly or through BaseCryptLib), so this question > is up to Leif and Ard to decide.
Correction: break ARM platforms only, not AARCH64. Laszlo > Thanks > Laszlo > >>> -----Original Message----- >>> From: Laszlo Ersek [mailto:ler...@redhat.com] >>> Sent: Friday, May 17, 2019 2:26 AM >>> To: devel@edk2.groups.io; Lu, XiaoyuX <xiaoyux...@intel.com> >>> Cc: Wang, Jian J <jian.j.w...@intel.com>; Ye, Ting <ting...@intel.com>; Ard >>> Biesheuvel <ard.biesheu...@linaro.org>; Leif Lindholm >>> <leif.lindh...@linaro.org> >>> Subject: Re: [edk2-devel] [PATCH v4 0/7] CryptoPkg: Upgrade OpenSSL to >>> 1.1.1b >>> >>> Hi, >>> >>> (+ Ard and Leif) >>> >>> On 05/16/19 09:54, Xiaoyu lu wrote: >>>> This series is also available at: >>>> >>> https://github.com/xiaoyuxlu/edk2/tree/bz_1089_upgrade_to_openssl_1_1_1b >>> _v4 >>>> >>>> Changes: >>>> >>>> (1) CryptoPkgOpensslLib: Modify process_files.pl for upgrading OpenSSL >>>> >>>> (2) CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl >>>> crypto/store/* are excluded. >>>> crypto/rand/randfile.c is excluded. >>>> >>>> (3) CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue >>>> >>>> (4) CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL >>>> Disable warnings for buiding OpenSSL_1_1_1b >>>> >>>> (5) CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 >>>> >>>> (6) CryptoPkg: Upgrade OpenSSL to 1.1.1b >>>> The biggest change is use TSC as entropy source >>>> If TSC isn't avaiable, fallback to TimerLib(PerformanceCounter). >>>> >>>> (7) CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible >>>> >>>> >>>> Verification done for this series: >>>> * Https boot in OvmfPkg. >>>> * BaseCrypt Library test. (Ovmf, EmulatorPkg) >>>> >>>> Important notice: >>>> Nt32Pkg doesn't support TimerLib >>>>> >>> TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplat >>> e.inf >>>> So it will failed in Nt32Pkg. >>>> >>>> Cc: Jian J Wang <jian.j.w...@intel.com> >>>> Cc: Ting Ye <ting...@intel.com> >>>> >>>> Laszlo Ersek (1): >>>> CryptoPkg/OpensslLib: Fix cross-build problem for AARCH64 >>>> >>>> Xiaoyu Lu (6): >>>> CryptoPkg/OpensslLib: Modify process_files.pl for upgrading OpenSSL >>>> CryptoPkg/OpensslLib: Exclude unnecessary files in process_files.pl >>>> CryptoPkg/IntrinsicLib: Fix possible unresolved external symbol issue >>>> CryptoPkg/OpensslLib: Prepare for upgrading OpenSSL >>>> CryptoPkg: Upgrade OpenSSL to 1.1.1b >>>> CryptoPkg/BaseCryptLib: Make HMAC_CTX size backward compatible >>>> >>>> CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf | 4 +- >>>> CryptoPkg/Library/OpensslLib/OpensslLib.inf | 76 ++++- >>>> CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 67 ++++- >>>> CryptoPkg/Library/Include/CrtLibSupport.h | 13 +- >>>> CryptoPkg/Library/Include/openssl/opensslconf.h | 54 +++- >>>> CryptoPkg/Library/Include/sys/syscall.h | 11 + >>>> CryptoPkg/Library/OpensslLib/buildinf.h | 2 + >>>> CryptoPkg/Library/OpensslLib/rand_pool_noise.h | 29 ++ >>>> CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 8 +- >>>> .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 9 +- >>>> .../Library/BaseCryptLib/Hmac/CryptHmacSha256.c | 8 +- >>>> CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c | 22 ++ >>>> CryptoPkg/Library/OpensslLib/ossl_store.c | 17 ++ >>>> CryptoPkg/Library/OpensslLib/rand_pool.c | 316 >>> +++++++++++++++++++++ >>>> CryptoPkg/Library/OpensslLib/rand_pool_noise.c | 29 ++ >>>> CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c | 43 +++ >>>> CryptoPkg/Library/OpensslLib/openssl | 2 +- >>>> CryptoPkg/Library/OpensslLib/process_files.pl | 11 +- >>>> 18 files changed, 669 insertions(+), 52 deletions(-) >>>> create mode 100644 CryptoPkg/Library/Include/sys/syscall.h >>>> create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h >>>> create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c >>>> create mode 100644 CryptoPkg/Library/OpensslLib/ossl_store.c >>>> create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool.c >>>> create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c >>>> create mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c >>>> >>> >>> Unfortunately, I've found another build issue with this series. (My >>> apologies that I didn't discover it earlier.) It is reported in the >>> 32-bit (ARM) build of the ArmVirtQemu platform: >>> >>> CryptoPkg/Library/OpensslLib/openssl/crypto/rand/drbg_lib.c:1028: >>> undefined reference to `__aeabi_ui2d' >>> >>> The referenced line is from the drbg_add() function: >>> >>> if (buflen < seedlen || randomness < (double) seedlen) { >>> >>> Beyond the failure to resolve the "__aeabi_ui2d" symbol, the edk2 coding >>> style spec says, "Floating point operations are not recommended in UEFI >>> firmware." (Even though the UEFI spec describes the required floating >>> point environment for all architectures.) >>> >>> So, I'm not sure what we should do here. If we think that floating point >>> is plain evil in edk2, then we cannot rebase edk2 to OpenSSL-1.1.1b. >>> >>> ... Hmmm, this seems to be the 32-bit ARM variant of [PATCH v4 3/7]! >>> >>> If we find floating point generally acceptable in edk2, then Ard and >>> Leif could help us decide please whether this 32-bit ARM issue should be >>> fixed during the feature freeze (when fixes are still allowed), or if it >>> justifies postponing OpenSSL 1.1.1b to the next edk2 stable tag. >>> >>> Again, I'm sorry that I found this only now -- but >>> "CryptoPkg/CryptoPkg.dsc" is multi-arch: >>> >>> SUPPORTED_ARCHITECTURES = IA32|X64|ARM|AARCH64 >>> >>> thus, preferably, a CryptoPkg patch series should be at least build >>> tested (if not boot tested) for all arches, before being posted to the >>> mailing list. >>> >>> (Yes, CI would help a lot with such issues.) >>> >>> Thanks >>> Laszlo > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#40920): https://edk2.groups.io/g/devel/message/40920 Mute This Topic: https://groups.io/mt/31638503/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
