Hi Liming and Mike,
For the PATCH: Add more crypt APIs based on Mbedtls
(https://edk2.groups.io/g/devel/message/118772),
I have fixed the code based on Mike’s feedback
and added the platform integration test table in commit message.
Could you approve this PATCH to catch this table tag?
Thanks,
Wenxing
From: gaoliming <gaolim...@byosoft.com.cn>
Sent: Wednesday, May 15, 2024 8:49 AM
To: Kinney, Michael D <michael.d.kin...@intel.com>; devel@edk2.groups.io;
'Andrew Fish' <af...@apple.com>; 'Leif Lindholm' <quic_llind...@quicinc.com>
Cc: 'Ard Biesheuvel' <a...@kernel.org>; sam.kay...@arm.com;
dougfl...@microsoft.com; Mathews, John <john.math...@intel.com>; Hou, Wenxing
<wenxing....@intel.com>; Li, Yi1 <yi1...@intel.com>; Yao, Jiewen
<jiewen....@intel.com>
Subject: 回复: [edk2-devel] Soft Feature Freeze starts now for edk2-stable202405
Mike:
Thanks for your comments. I update the status below.
Thanks
Liming
发件人: Kinney, Michael D
<michael.d.kin...@intel.com<mailto:michael.d.kin...@intel.com>>
发送时间: 2024年5月15日 0:35
收件人: gaoliming <gaolim...@byosoft.com.cn<mailto:gaolim...@byosoft.com.cn>>;
devel@edk2.groups.io<mailto:devel@edk2.groups.io>; 'Andrew Fish'
<af...@apple.com<mailto:af...@apple.com>>; 'Leif Lindholm'
<quic_llind...@quicinc.com<mailto:quic_llind...@quicinc.com>>
抄送: 'Ard Biesheuvel' <a...@kernel.org<mailto:a...@kernel.org>>;
sam.kay...@arm.com<mailto:sam.kay...@arm.com>;
dougfl...@microsoft.com<mailto:dougfl...@microsoft.com>; Mathews, John
<john.math...@intel.com<mailto:john.math...@intel.com>>; Hou, Wenxing
<wenxing....@intel.com<mailto:wenxing....@intel.com>>; Li, Yi1
<yi1...@intel.com<mailto:yi1...@intel.com>>; Yao, Jiewen
<jiewen....@intel.com<mailto:jiewen....@intel.com>>; Kinney, Michael D
<michael.d.kin...@intel.com<mailto:michael.d.kin...@intel.com>>
主题: RE: [edk2-devel] Soft Feature Freeze starts now for edk2-stable202405
Hi Liming,
My responses below in [Mike].
Mike
From: gaoliming <gaolim...@byosoft.com.cn<mailto:gaolim...@byosoft.com.cn>>
Sent: Friday, May 10, 2024 8:29 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Kinney, Michael D
<michael.d.kin...@intel.com<mailto:michael.d.kin...@intel.com>>; 'Andrew Fish'
<af...@apple.com<mailto:af...@apple.com>>; 'Leif Lindholm'
<quic_llind...@quicinc.com<mailto:quic_llind...@quicinc.com>>
Cc: 'Ard Biesheuvel' <a...@kernel.org<mailto:a...@kernel.org>>;
sam.kay...@arm.com<mailto:sam.kay...@arm.com>;
dougfl...@microsoft.com<mailto:dougfl...@microsoft.com>; Mathews, John
<john.math...@intel.com<mailto:john.math...@intel.com>>; Hou, Wenxing
<wenxing....@intel.com<mailto:wenxing....@intel.com>>
Subject: 回复: [edk2-devel] Soft Feature Freeze starts now for edk2-stable202405
Stewards:
Now, there are several patches to catch this table tag. Could you give the
comments for them?
1. Adding support for verbose UEFI Table dumping to Dmem.c
(https://edk2.groups.io/g/devel/message/118582)
[Liming] This patch set has been reviewed before soft feature freeze. It plans
to catch this stable tag.
[Mike] I see this PR: https://github.com/tianocore/edk2/pull/5653 that is not
passing CI and appears it will require additional code changes
[Mike] Reject for edk2-stable202405
2. MdePkg/BaseLib: Fix AARCH64 compilation error
(https://edk2.groups.io/g/devel/message/118690)
[Liming] This bug fix is reviewed in soft feature freeze phase. It plans to
catch this stable tag.
[Mike] Approved for edk2-stable202405
[Liming] I add push label for https://github.com/tianocore/edk2/pull/5642
3. MdeModulePkg: Potential UINT32 overflow in S3 ResumeCount
(https://edk2.groups.io/g/devel/message/118745)
[Liming] This security fix is reviewed in soft feature freeze phase. It plans
to catch this stable tag.
[Mike] Approved for edk2-stable202405
[Liming] I add push label for https://github.com/tianocore/edk2/pull/5659
4. NetworkPkg: CVE-2023-45236 and CVE-2023-45237
(https://edk2.groups.io/g/devel/message/118768)
[Liming] This security fix is still under code review. It plans to catch this
stable tag.
[Mike] Is the code review complete? Is there a link to the PR?
[Liming] NetworkPkg reviewer will review this patch set this week.
Thanks
5. Add more crypt APIs based on Mbedtls
(https://edk2.groups.io/g/devel/message/118772)
[Liming] This patch set passes code review in soft feature freeze phase. It
plans to catch this stable tag.
[Mike] This patch series uses ‘..’ in INF to access source files in another
component. This is not legal. I am surprised this was not caught in code
review.
DEFINE OPENSSL_PATH = ../OpensslLib/openssl
DEFINE BASE_CRYPT_PATH = ../BaseCryptLib
[Mike] I see a reference to some “platform integration” testing. Given that
this patch series implements a number of
crypto service APIs and is a large number of new lines of code, it would be
good to know if all of the newly added APIs
were tested in a platform integration. A table of the added APIs and the
platform integration test status would be good to
know if there was any functional testing of each API. If there are APIs that
are not covered by any platform integration
testing, then I would be concerned with such a large change with limited
testing.
Thanks
Liming
发件人: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
<devel@edk2.groups.io<mailto:devel@edk2.groups.io>> 代表 gaoliming via groups.io
发送时间: 2024年5月7日 9:25
收件人: devel@edk2.groups.io<mailto:devel@edk2.groups.io>;
annou...@edk2.groups.io<mailto:annou...@edk2.groups.io>
抄送: 'Michael D Kinney'
<michael.d.kin...@intel.com<mailto:michael.d.kin...@intel.com>>; 'Andrew Fish'
<af...@apple.com<mailto:af...@apple.com>>; 'Leif Lindholm'
<quic_llind...@quicinc.com<mailto:quic_llind...@quicinc.com>>
主题: [edk2-devel] Soft Feature Freeze starts now for edk2-stable202405
Hi, all
We enter into Soft Feature Freeze phase now. In this phase,
the feature under review will not be allowed to be pushed. The feature
passed review can still be merged.
The patch review can continue without break in edk2 community. If the
patch is sent before Soft Feature Freeze, and plans to catch this stable tag,
the
patch contributor need reply to his patch and notify edk2 community. If the
patch is sent after Soft Feature Freeze, and plans to catch this stable tag,
please add edk2-stable202405 key words in the patch title and BZ, so the
community know this patch target and give the feedback.
To avoid the unnecessary changes to be merged in edk2 stable tag release,
all edk2 maintainers' write access will be temporarily disabled until stable
tag is released on 05-24. That means edk2 maintainer can't set push label in
pull request after soft feature freeze starts.
If the change wants to catch this stable tag 202405, please follow above
rules, then send the merge request to
gaolim...@byosoft.com.cn<mailto:gaolim...@byosoft.com.cn> or
michael.d.kin...@intel.com<mailto:michael.d.kin...@intel.com>.
We will help merge the code change in soft feature freeze and hard feature
freeze phase.
Below is edk2-stable202405 tag planning Proposed Schedule
Date (00:00:00 UTC-8) Description
2024-02-23 Beginning of development
2024-05-06 Soft Feature Freeze
2024-05-10 Hard Feature Freeze
2024-05-24 Release
Thanks
Liming
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119050): https://edk2.groups.io/g/devel/message/119050
Mute This Topic: https://groups.io/mt/106155556/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
--- Begin Message ---
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More
RSA/PKCS5/pKCS7/Authenticode/Timestamp
implementation based on Mbedtls.
The patch has passed the EDKII CI check:
https://github.com/tianocore/edk2/pull/5645
And the patch has passed unit_test in EDKII and integration test for platform.
And the patch hass passed the fuzz test:
https://github.com/tianocore/edk2-staging/commit/4f19398053c92e4f7791d468a184530b6ab89128
There are three types of newly implemented APIs.
1. First type of APIs pass the platform integration test by some secure
features, such as Secure Boot, RPMC, etc.These APIs are:
Sm3GetContextSize/ Sm3Init/Sm3Duplicate/
Sm3Update/Sm3Final/Sm3HashAll/RsaGetPrivateKeyFromPem/AuthenticodeVerify
Pkcs5HashPassword/Pkcs7GetSigners/Pkcs7FreeSigners/Pkcs7Sign/Pkcs7Verify/VerifyEKUsInPkcs7Signature/Pkcs7GetAttachedContent
RsaGetKey/ImageTimestampVerify/X509GetCommonName/X509GetTBSCert/RandomBytes
2. Second type of APIs pass the platform integration test by
DevieSecurity. These APIs are:
AeadAesGcmEncrypt/AeadAesGcmDecrypt/RsaGenerateKey/RsaCheckKey/RsaPkcs1Sign/RsaPssSign/X509GetSubjectName
X509GetOrganizationName/X509VerifyCert/X509ConstructCertificate/X509ConstructCertificateStackV/X509ConstructCertificateStack
X509Free/X509StackFree
3. Third type of APIs don't have platform integration, but the API passed
the EDKII uint_test. The API is:
Pcs1v2Encrypt
v2 changes:
- Fix format variable name/hardcode number issue;
- Fix Pkcs7 memory leak;
v3 changes:
- Fix some issues form reviewer;
- Add SHA3/SM3 implementation;
- Update *.inf files;
v4 changes:
- Delete SHA3 implementation;
- Complete Sm3 by linking OopensslLib;
- collection data for platform integration test for newly implemented APIs;
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Yi Li <yi1...@intel.com>
Signed-off-by: Wenxing Hou <wenxing....@intel.com>
Reviewed-by: Yi Li <yi1...@intel.com>
Acked-by: Jiewen Yao <jiewen....@intel.com>
Wenxing Hou (11):
CryptoPkg: Add AeadAesGcm based on Mbedtls
CryptoPkg: Add rand function for BaseCryptLibMbedTls
CryptoPkg: Add Pem APIs based on Mbedtls
CryptoPkg: Add X509 functions based on Mbedtls
CryptoPkg: Add Pkcs7 related functions based on Mbedtls
CryptoPkg: Add Pkcs5 functions based on Mbedtls
CryptoPkg: Add more RSA related functions based on Mbedtls
CryptoPkg: Add AuthenticodeVerify based on Mbedtls
CryptoPkg: Add ImageTimestampVerify based on Mbedtls
CryptoPkg: Update *.inf in BaseCryptLibMbedTls
Add SM3 functions with openssl for Mbedtls
CryptoPkg/CryptoPkgMbedTls.dsc | 1 +
CryptoPkg/Include/Library/BaseCryptLib.h | 4 +
.../BaseCryptLibMbedTls/BaseCryptLib.inf | 43 +-
.../Cipher/CryptAeadAesGcm.c | 227 ++
.../BaseCryptLibMbedTls/Hash/CryptSm3.c | 235 ++
.../BaseCryptLibMbedTls/InternalCryptLib.h | 49 +
.../BaseCryptLibMbedTls/PeiCryptLib.inf | 23 +-
.../BaseCryptLibMbedTls/Pem/CryptPem.c | 138 ++
.../Pk/CryptAuthenticode.c | 214 ++
.../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c | 278 +++
.../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c | 100 +
.../Pk/CryptPkcs7Internal.h | 29 +-
.../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c | 635 ++++++
.../Pk/CryptPkcs7VerifyBase.c | 113 +
.../Pk/CryptPkcs7VerifyCommon.c | 1354 ++++++++++++
.../Pk/CryptPkcs7VerifyEku.c | 689 ++++++
.../BaseCryptLibMbedTls/Pk/CryptRsaExt.c | 352 +++
.../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c | 140 ++
.../Library/BaseCryptLibMbedTls/Pk/CryptTs.c | 381 ++++
.../BaseCryptLibMbedTls/Pk/CryptX509.c | 1940 +++++++++++++++++
.../BaseCryptLibMbedTls/Rand/CryptRand.c | 114 +
.../BaseCryptLibMbedTls/Rand/CryptRandTsc.c | 114 +
.../BaseCryptLibMbedTls/RuntimeCryptLib.inf | 27 +-
.../BaseCryptLibMbedTls/SecCryptLib.inf | 1 -
.../BaseCryptLibMbedTls/SmmCryptLib.inf | 32 +-
.../SysCall/BaseMemAllocation.c | 122 ++
.../SysCall/DummyOpensslSupport.c | 571 +++++
.../SysCall/UnitTestHostCrtWrapper.c | 63 +
.../BaseCryptLibMbedTls/TestBaseCryptLib.inf | 40 +-
29 files changed, 7946 insertions(+), 83 deletions(-)
create mode 100644
CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSm3.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c
create mode 100644
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c
create mode 100644
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
create mode 100644
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEku.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c
create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c
create mode 100644
CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/BaseMemAllocation.c
create mode 100644
CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/DummyOpensslSupport.c
create mode 100644
CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/UnitTestHostCrtWrapper.c
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119027): https://edk2.groups.io/g/devel/message/119027
Mute This Topic: https://groups.io/mt/106151214/6360182
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [wenxing....@intel.com]
-=-=-=-=-=-=-=-=-=-=-=-
--- End Message ---
