Re: [edk2] [PATCH] Maintainers.txt: Change package maintainer and reviewer of CryptoPkg.

Confirmed by Long, Qin mailto:qin.l...@intel.com>> (And sorry for this rule breaking caused by me. I didn't notice this updates.) Best Regards & Thanks, LONG, Qin From: Gao, Liming Sent: Thursday, December 13, 2018 9:15 PM To: Laszlo Ersek ; Ye, Ting ; Long, Qin Cc: edk2-devel@li

[edk2] [PATCH v2] CryptoPkg/BaseCryptLib: Fix potential integer overflow issue.

Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Long Qin --- .../Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c| 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c b/CryptoPkg

Re: [edk2] [PATCH] CryptoPkg/BaseCryptLib: Fix potential integer overflow issue.

Thanks, Laszlo. From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Thursday, October 25, 2018 12:59 AM To: Long, Qin ; edk2-devel@lists.01.org Cc: Ye, Ting Subject: Re: [edk2] [PATCH] CryptoPkg/BaseCryptLib: Fix potential integer overflow issue. On 10/24/18 15:22, Long Qin wrote

[edk2] [PATCH] CryptoPkg/BaseCryptLib: Fix potential integer overflow issue.

is to add the extra parameter checks to remove this possible overflow risk. Cc: Ye Ting Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Long Qin --- .../Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c| 14 +- 1 file changed, 13 insertions(+), 1 deletion

Re: [edk2] [staging/MicroPythonTestFramework]: MicroPython Test Framework for UEFI

uma --> Oniguruma-v6.8.2 And use update command to init and sync-up all submodules: $ git submodule update --init --recursive (Will update the README for more clear information later . Thanks) Best Regards & Thanks, LONG, Qin From: Leif Lindholm [mailto:leif.lindh...@linaro.org] Sent

Re: [edk2] [staging/MicroPythonTestFramework][PATCH] MpyTestFrameworkPkg: use minified jquery source

Reviewed-by: Long Qin Best Regards & Thanks, LONG, Qin > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Stephano Cetola > Sent: Tuesday, September 4, 2018 10:51 AM > To: edk2-devel@lists.01.org > Cc: Long, Qin >

Re: [edk2] [Patch] SecurityPkg: HashLib: Update HashLib file GUID

Chao, Please change the lowercase letters in the new GUID to uppercase letters when committing this. Reviewed-by: Long Qin Best Regards & Thanks, LONG, Qin > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Zhang, > Chao B >

Re: [edk2] [Patch] SecurityPkg: HashLib: Add SHA384, SHA512 HashLib

Reviewed-by: Long Qin Best Regards & Thanks, LONG, Qin > -Original Message- > From: Zhang, Chao B > Sent: Friday, July 27, 2018 11:21 AM > To: edk2-devel@lists.01.org > Cc: Long, Qin ; Zhang, Chao B > > Subject: [Patch] SecurityPkg: HashLib: Add SHA384, SHA51

Re: [edk2] [Patch] SecurityPkg: TcgSmm: Handle invalid parameter in MOR SMI handler

Reviewed-by: Long Qin Best Regards & Thanks, LONG, Qin > -Original Message- > From: Zhang, Chao B > Sent: Thursday, July 19, 2018 6:00 PM > To: edk2-devel@lists.01.org > Cc: Long, Qin ; Yao, Jiewen ; > Zhang, Chao B > Subject: [Patch] SecurityPkg: TcgSmm:

Re: [edk2] [Patch] SecurityPkg:Tcg: Fix comment typos

Reviewed-by: Long Qin (BTW: Please remove the extra "Signed-off-by" signature) Best Regards & Thanks, LONG, Qin > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Zhang, Chao B > Sent: Monday, July 16, 2018 3:21 PM

Re: [edk2] [Patch 0/2] Add CRB IdleByPass Support

Series Reviewed-by: Long Qin Best Regards & Thanks, LONG, Qin > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Zhang, Chao B > Sent: Monday, June 25, 2018 12:44 PM > To: edk2-devel@lists.01.org > Subject: [edk

Re: [edk2] [Patch V2] SecurityPkg: Cache TPM interface type info

Reviewed-by: Long Qin Please correct the typos: + @retval EFI_SUCCESS DTPM2.0 instance is registered, or system dose not surpport registr DTPM2.0 instance

Re: [edk2] [PATCH 08/37] CryptoPkg: Removing ipf which is no longer supported from edk2.

;Include/Protocol" folder; 4. Remove "[Protocols]" section from CryptoPkg.dec; 5. Remove whole "Library/BaseCryptLibRuntimeCryptProtocol" folder; Best Regards & Thanks, LONG, Qin > -Original Message- > From: Chen, Chen A > Sent: Wedne

Re: [edk2] [Patch] CryptoPkg PeiCryptLib: Enable SHA384/512 support

Hi, Chao, The update from NULL to real wrapper looks good to me. Please also update the "Note" part in this INF's comment before your commit, since SHA384/512 was noted as "not supported" before. Reviewed-by: Long Qin Best Regards & Thanks, LONG, Qin > -O

Re: [edk2] [Patch] SecurityPkg/Tcg2Smm: Correct function parameter attribute

Reviewed-by: Long Qin Best Regards & Thanks, LONG, Qin > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Zhang, Chao B > Sent: Monday, May 28, 2018 10:10 PM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen ; Long,

[edk2] [PATCH] CryptoPkg: Remove deprecated function usage in X509GetCommonName()

<ting...@intel.com> Cc: Michael Turner <michael.tur...@microsoft.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long Qin <qin.l...@intel.com> --- CryptoPkg/Include/Library/BaseCryptLib.h | 4 +- CryptoPkg/Library/BaseCryptLib/Pk/Cr

Re: [edk2] [Patch] SecurityPkg:Tcg2Smm: Update TcgNvs info after memory is allocated

Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin > -Original Message- > From: Zhang, Chao B > Sent: Sunday, May 20, 2018 10:42 PM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen <jiewen@intel.com>; Long, Qin <qin

Re: [edk2] [PATCH] SecurityPkg: fix sha256 signature check

gt; > +++ b/CryptoPkg/Library/OpensslLib/openssl > > @@ -1 +1 @@ > > -Subproject commit b2758a2292aceda93e9f44c219b94fe21bb9a650 > > +Subproject commit d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 > > This hunk should not be necessary; please see edk2 commit b85b20fba42e &

Re: [edk2] [PATCH] CryptoPkg/CrtLibSupport: add secure_getenv() stub function

It's OK for me to add this NULL wrapper. Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Tuesday, May 8, 2018 4:21 AM To: edk2-devel-01 <edk2-devel@lists.01.org> Cc:

Re: [edk2] [Patch] NetworkPkg/NetworkPkg.dsc: Add the instance of library class [SafeIntLib].

Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Jiaxin Wu Sent: Friday, May 4, 2018 11:53 AM To: edk2-devel@lists.01.org Cc: Ye, Ting <ting...@intel.com

Re: [edk2] Set "db" variable in secure boot setup mode still requires generating PKCS#7?

? The data initialization from code snippet looks good. What's the returned errcode value? (And one reminder is that KEK and DB are binding with different vendor GUID: gEfiGlobalVariableGuid, and gEfiImageSecurityDatabaseGuid). Best Regards & Thanks, LONG, Qin From: edk2-devel [mailto:edk2-d

Re: [edk2] [PATCH] CryptoPkg/OpensslLib: remove OpenSSL version number from OpenSSL-HOWTO.txt

Yes, this was not refreshed at last upgrade. And I agree it's better to remove this statement. Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Thursday, April 26, 2018 1:58 A

Re: [edk2] [PATCH v2 2/2] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h

Thanks, Laszlo! Pushed these two fixes with updates by the commits: a701ea0fe1d5178eb4fd2659d83461751cb9e7c9 b85b20fba42e25ff658ed1a470250d530c189027 Best Regards & Thanks, LONG, Qin From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Saturday, April 14, 2018 4:08 AM To: Long, Qin &l

Re: [edk2] [PATCH v2 1/2] CryptoPkg/OpensslLib: Fix the documentation about submodule update

Ah, "it's wrong here" means "the existence of "--remote" in original suggested command is wrong". "It's important" looks also make sense to address the "update" goal. I can update that, if old message will cause confusion. Best Regards &a

Re: [edk2] [PATCH v2 0/9] {Ovmf, Mde, Network, Crypto}Pkg: fixes+features for setting HTTPS cipher suites

Hi, Laszlo, The updated patch series looks good to me. Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Wednesday, April 11, 2018 6:43 PM To: edk2-devel@lists.01.org Cc: Ard

Re: [edk2] [PATCH] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h

Hi, Laszlo, You are right. "--remote" is really incorrect here. And thanks you so much to point out this. Best Regards & Thanks, LONG, Qin -Original Message----- From: Long, Qin Sent: Wednesday, April 11, 2018 4:39 PM To: 'Laszlo Ersek' <ler...@redhat.com>; Ye, Tin

[edk2] [PATCH v2 2/2] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h

y. use the following commend to make your existing submodule track this update: $ git submodule update -–recursive Cc: Laszlo Ersek <ler...@redhat.com> Cc: Ye Ting <ting...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long Qin <qin.l...@intel.com

[edk2] [PATCH v2 1/2] CryptoPkg/OpensslLib: Fix the documentation about submodule update

ssue here. Cc: Laszlo Ersek <ler...@redhat.com> Cc: Ye Ting <ting...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long Qin <qin.l...@intel.com> --- CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletio

[edk2] [PATCH v2 0/2] Update OpenSSL version to 1.1.0h

Updating the supported OpenSSL version to 1.1.0h release. Additional patch is to address / fix one HOWTO documentation issue about submodule update command which used the wrong "--remote" option. (Thanks Laszlo's catch). Long Qin (2): CryptoPkg/OpensslLib: Fix the documentation about

Re: [edk2] [PATCH] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h

Thank you so much about this clarification, Laszlo. The submodule maintenance (commands for update / sync) looks a little confused to me. Let me check more locally before the V2. Best Regards & Thanks, LONG, Qin -Original Message- From: Laszlo Ersek [mailto:ler...@redhat.com]

[edk2] [PATCH] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h

under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long Qin <qin.l...@intel.com> --- CryptoPkg/Library/OpensslLib/openssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl index b2758a2

Re: [edk2] [PATCH 00/13] {Ovmf, Mde, Network, Crypto}Pkg: fixes+features for setting HTTPS cipher suites

& IETF-RFCs & EDKII-openssl build options. Best Regards & Thanks, LONG, Qin From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Laszlo Ersek Sent: Tuesday, April 10, 2018 5:48 PM To: Wu, Jiaxin <jiaxin...@intel.com>; edk2-devel-01 <edk2-devel@lists.01.or

Re: [edk2] [PATCH 00/13] {Ovmf, Mde, Network, Crypto}Pkg: fixes+features for setting HTTPS cipher suites

Thanks, Laszlo. In fact, these implementation optimizations are good to me. ☺ On 04/10/18 12:02, Laszlo Ersek wrote: > On 04/10/18 09:40, Long, Qin wrote: >> #0005, #0006, #0007, #0012， #0013: >> These implementation looks good to me. >> But some

Re: [edk2] [PATCH 00/13] {Ovmf, Mde, Network, Crypto}Pkg: fixes+features for setting HTTPS cipher suites

ed, and then added into this table. #0005, #0006, #0007, #0012， #0013: These implementation looks good to me. But some of updates were based on the assumption of #0008-0009. I have no strong opinion if some original light implementation are good enough currently. Best Regards &

Re: [edk2] [Patch] BaseTools: Update Rsa2048Sha256Sign to use openssl dgst option

Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Gao, Liming Sent: Tuesday, March 27, 2018 8:59 PM To: edk2-devel@lists.01.org Cc: Zhu, Yonghong <yonghong@intel.com>; Long, Qin <qin.l...@intel.com> Subj

Re: [edk2] [PATCH v2] BaseTools: Update Rsa2048Sha256Sign to use openssl standard options

This ("sha1 -sha256") looks a little odd. Could we try "openssl dgst -sha256 "? Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Zhu, Yonghong Sent: Tuesday, March 27, 2018 3:56 PM

Re: [edk2] [Patch] SecurityPkg Tpm12CommandLib: Fix TPM12 GetCapability response error

Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Zhang, Chao B Sent: Tuesday, March 20, 2018 11:12 PM To: edk2-devel@lists.01.org Cc: Yao, Jiewen <jiewen.

Re: [edk2] [Patch] SecurityPkg Tpm2CommandLib: Fix TPM2.0 response memory overflow

Hi, Chao, One minor suggestion to add the comment to explain the following value "8": the number of digests in list is not greater than 8 per TPML_DIGEST definition. + if (PcrValues->count > 8) { +return EFI_DEVICE_ERROR; + } Other looks good to me. Reviewed-by:

Re: [edk2] Why does EDK2 disable time checks on certificates?

ils). I am not sure if current OS will enforce any periodical update. Currently, UEFI is just distributing the revocation list file to address possible security risks (http://www.uefi.org/revocationlistfile). Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk

Re: [edk2] [PATCH] SecurityPkg: Support PP version lower than 1.3

Could you update the AsciiStrLen usage with safe version, or direct "sizeof()"? Others looks good to me. Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Monday, February 5, 2018 10:32 AM To:

Re: [edk2] Why does EDK2 disable time checks on certificates?

certificate revocation case, the UEFI introduced the DBX database (forbidden list) to address this. Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Bryan Rosario Sent: Tuesday, February 6, 2018 5:52 AM To:

Re: [edk2] [PATCH] SecurityPkg: Disable TPM interrupt in DEC

Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Tuesday, January 30, 2018 9:17 AM To: edk2-devel@lists.01.org Cc: Yao, Jiewen <jiewen@intel.com>; Long, Qin <qin.l...@intel.com>; Zha

Re: [edk2] [PATCH] SecurityPkg: Update package version to 0.98

Reviewed-by: Qin Long <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Monday, January 22, 2018 10:11 PM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com> Subjec

[edk2] [PATCH] CryptoPkg: Update package version to 0.98

Update package version of CryptoPkg to 0.98. Cc: Ting Ye Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long --- CryptoPkg/CryptoPkg.dec | 4 ++-- CryptoPkg/CryptoPkg.dsc | 4 ++-- 2 files changed, 4 insertions(+), 4

Re: [edk2] [PATCH] CryptoPkg/BaseCryptLib: Add error handling for time() wrapper

Yes, and the function comment were already there. -Original Message- From: Ni, Ruiyu Sent: Friday, January 19, 2018 3:16 PM To: Zeng, Star <star.z...@intel.com>; Long, Qin <qin.l...@intel.com>; edk2-devel@lists.01.org Cc: Ye, Ting <ting...@intel.com>; Zeng, Star &l

Re: [edk2] [PATCH] CryptoPkg/BaseCryptLib: Add error handling for time() wrapper

It's legal to continue the calculation about the seconds elapsed since 1970.01.01 00:00:00. -Original Message- From: Zeng, Star Sent: Friday, January 19, 2018 3:10 PM To: Long, Qin <qin.l...@intel.com>; edk2-devel@lists.01.org Cc: Ye, Ting <ting...@intel.com>; Zeng,

[edk2] [PATCH] CryptoPkg/BaseCryptLib: Add error handling for time() wrapper

In time() wrapper implementation, the gRT->GetTime() call may be not available. This patch adds the extra error handling to avoid the potential dead loop. Cc: Star Zeng Cc: Ting Ye Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin

Re: [edk2] [PATCH] CryptoPkg/OpensslLib: ignore uninitialized warning

Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Heyi Guo [mailto:heyi@linaro.org] Sent: Tuesday, January 16, 2018 4:02 PM To: edk2-devel@lists.01.org Cc: Heyi Guo <heyi@linaro.org>; Long, Qin <qin.l...@i

[edk2] [PATCH] CryptoPkg: Adding OpenSSL as one submodule of EDKII repo

A submodule allows to keep another Git repository in a subdirectory of main repository. The submodule repository has its own history, which does not interfere with the history of the current repository. This can be used to have external dependencies such as third party libraries. After the extra

Re: [edk2] [PATCH] SecurityPkg/PhysicalPresenceLib: Reject illegal PCR bank allocation

Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Zhang, Chao B Sent: Monday, January 15, 2018 3:29 PM To: edk2-devel@lists.01.org Cc: Yao, Jiewen <jiewen.

Re: [edk2] [PATCH] CrptoPkg/BaseCryptLib: Fix type mismatch when calling OpenSSL function

Chao, Could you leverage the EFI type instead of C type here for consistence? We can use "INT32" type for Asn1Tag and ObjClass, and one "UINTN" Length should be OK with one extra zeroing here. Best Regards & Thanks, LONG, Qin -Original Message- From: Zha

[edk2] [PATCH] CryptoPkg/OpensslLib: Suppress format warning with extra flag.

liming@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Long Qin <qin.l...@intel.com> --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 +- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 2 +- 2 files changed, 2 insertions(+), 2 deletio

Re: [edk2] [PATCH] CryptoPkg/OpensslLib AARCH64: disable rather than demote format warning

This makes sense to me. Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org] Sent: Wednesday, December 27, 2017 5:27 PM To: edk2-devel@lists.01.org; Long, Qin <qin.l...@i

Re: [edk2] [PATCH] CryptoPkg/OpensslLib AARCH64: suppress format string warning

Thanks, Ard. Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Ard Biesheuvel Sent: Wednesday, December 27, 2017 4:05 PM To: edk2-devel@lists.01.org; Long,

Re: [edk2] [PATCH] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0g

Hi, Ard, Could you kindly help to produce one extra patch to fix and validate this ARM & AARCH64 build? Thanks. Best Regards & Thanks, LONG, Qin From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org] Sent: Wednesday, December 27, 2017 3:25 AM To: Ye, Ting <ting...@intel.com>

[edk2] [PATCH] SecurityPkg: Remove RngTest Application from SecurityPkg

BZ#: https://bugzilla.tianocore.org/show_bug.cgi?id=820 Remove the RngTest application from SecurityPkg, which was only for unit test. Cc: Chao Zhang <chao.b.zh...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long Qin <qin.l...@intel.com> ---

[edk2] [PATCH] CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0g

, since we have no real printf usage in BaseCryptLib, and BIO_printf() was already wrappered as the dummy implementation in CryptoPkg. Cc: Ye Ting <ting...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Long Qin <qin.l...@intel.com> --- Cr

Re: [edk2] [Patch] CryptoPkg/TlsLib: Add some parameter check and clarification.

Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Wu, Jiaxin Sent: Thursday, December 21, 2017 1:17 PM To: edk2-devel@lists.01.org Cc: Ye, Ting <ting...@intel.com>; Long, Qin <qin.l...@intel.com>; Fu, Siyuan <

Re: [edk2] [PATCH] SecurityPkg:Tcg2Smm: Update Interrupt resource name

Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Zhang, Chao B Sent: Tuesday, December 12, 2017 3:41 PM To: edk2-devel@lists.01.org Cc: Yao, Jiew

Re: [edk2] Timebased Auth Variable driver should ensure AuthAlgorithm is SHA256 before further verification

need to strip-off some bytes. See more discussion & clarifications from https://bugzilla.tianocore.org/show_bug.cgi?id=586 And share us the binary data for more analysis if you still have verification issues. Best Regards & Thanks, LONG, Qin -Original Message- From: ed

Re: [edk2] [PATCH] SecurityPkg:Tcg2Smm: Add MSFT copyright

Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Monday, December 11, 2017 9:34 AM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com>; Yao, Jiewen <jiewen@intel.com>; Zha

Re: [edk2] [PATCH] CryptoPkg/IntrinsicLib: Fix the warning on memset

Reviewed-by: Long Qin <qin.l...@intel.com> (Thanks, Gary. I cannot recall why we used "char" instead of "int" here. Obviously, the prototype of CRT memset should use "int"). Best Regards & Thanks, LONG, Qin -Original Message- From: Gary Lin

Re: [edk2] [Patch] CryptoPkg/TlsLib: Change the return type of TlsInitialize().

Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Wu, Jiaxin Sent: Friday, November 17, 2017 11:57 AM To: edk2-devel@lists.01.org Cc: Ye, Ting <ting...@intel.com>; Long, Qin <qin.l...@intel.com>; Fu, Siyuan <

Re: [edk2] [PATCH 1/2] CryptoPkg/BaseCryptLib: Add C-structure to matching certificate stack

Reviewed-by: Long Qin <qin.l...@intel.com> One minor comment: please leave one space before the structure name: +} EFI_CERT_DATA; and +} EFI_CERT_STACK; Best Regards & Thanks, LONG, Qin -Original Message- From: Chen, Chen A Sent: Tuesday, November 7, 2017 9:05 AM To: edk2-d

Re: [edk2] [PATCH 2/2] SecurityPkg/AuthVariableLib: Use EFI_CERT_DATA to parse certificate

Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of chenc2 Sent: Tuesday, November 7, 2017 9:05 AM To: edk2-devel@lists.01.org Cc: Zhang, Chao B <chao.b.zh

Re: [edk2] [PATCH 3/3] MdeModulePkg: Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS

Reviewed-by: Long Qin <qin.l...@intel.com> -Original Message- From: Zhang, Chao B Sent: Tuesday, October 31, 2017 2:35 PM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com>; Zeng, Star <star.z...@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com

Re: [edk2] [PATCH 1/3] SecurityPkg: Remove Counter Based AuthVariable support

Reviewed-by: Long Qin <qin.l...@intel.com> -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Zhang, Chao B Sent: Tuesday, October 31, 2017 2:35 PM To: edk2-devel@lists.01.org Cc: Zhang, Chao B <chao.b.zh...@intel.com>; Zeng,

Re: [edk2] [PATCH 2/3] MdePkg: Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS

Reviewed-by: Long Qin <qin.l...@intel.com> -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Zhang, Chao B Sent: Tuesday, October 31, 2017 2:35 PM To: edk2-devel@lists.01.org Cc: Zhang, Chao B <chao.b.zh...@intel.com>; Zeng,

[edk2] [PATCH v2 1/2] CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper

There is one long-standing problem in CRT realloc wrapper, which will cause the obvious buffer overflow issue when re-allocating one bigger memory block: void *realloc (void *ptr, size_t size) { // // BUG: hardcode OldSize == size! We have no any knowledge about // memory

[edk2] [PATCH v2 2/2] CryptoPkg/BaseCryptLib: Fix mismatched memory allocation/free

The malloc/free (instead of AllocatePool/FreePool) were used directly in some wrapper implementations, which was designed to leverage the light-weight memory management routines at Runtime phase. The malloc/free and AllocatePool/FreePool usages are required to be matched, after extra memory size

[edk2] [PATCH v2 0/2] CryptoPkg/BaseCryptLib: Correct CRT realloc Wrapper

This patch series is to fix this buffer overflow issue by introducing one extra header to record the memory buffer size information. And extra comments were also added to clarify the memory release routines if the caller is required to free the memory block outside the function. Long Qin (2): CryptoPkg

Re: [edk2] [PATCH 1/2] CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper

Thanks, Jian. It's great to pass the validation. And exactly, the null data checking was missed. I will re-produce the V2 patch. Best Regards & Thanks, LONG, Qin -Original Message- From: Wang, Jian J Sent: Wednesday, November 1, 2017 3:28 PM To: Long, Qin <qin.l...@intel.com

[edk2] [PATCH 0/2] CryptoPkg/BaseCryptLib: Correct CRT realloc Wrapper

by introducing one extra header to record the memory buffer size information. And extra comments were also added to clarify the memory release routines if the caller is required to free the memory block outside the function. Long Qin (2): CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper

[edk2] [PATCH 1/2] CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper

There is one long-standing problem in CRT realloc wrapper, which will cause the obvious buffer overflow issue when re-allocating one bigger memory block: void *realloc (void *ptr, size_t size) { // // BUG: hardcode OldSize == size! We have no any knowledge about // memory

Re: [edk2] [PATCH v1 1/1] CryptoPkg/BaseCryptLib: remove some duplicate initializations.

The patch was already push @b5a985ca9237b551618cd97b1b71af2fff55e209 I forgot to inform that. Thanks, Laszlo. Best Regards & Thanks, LONG, Qin -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Laszlo Ersek Sent: Tuesday, October 24, 2017 3:5

Re: [edk2] [PATCH v1 1/1] CryptoPkg/BaseCryptLib: remove some duplicate initializations.

This looks good to me. Reviewed-by: Long Qin qin.l...@intel.com<mailto:qin.l...@intel.com> Best Regards & Thanks, LONG, Qin From: Peter Jones [mailto:pjo...@redhat.com] Sent: Saturday, October 21, 2017 2:22 AM To: Laszlo Ersek <ler...@redhat.com> Cc: edk2-devel@lists.01.org; Shi

Re: [edk2] [Patch] NetworkPkg/TlsAuthConfigDxe: Remove the extra FreePool

Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Wu, Jiaxin Sent: Thursday, October 19, 2017 1:58 PM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com>; Fu, Siyuan <

Re: [edk2] [PATCH] SecurityPkg:AuthVariableLib:Fix GCC build error

Agree. It's better to use CHAR8 directly. From: Gary Lin [mailto:g...@suse.com] Sent: Tuesday, October 17, 2017 10:10 AM To: Zhang, Chao B <chao.b.zh...@intel.com> Cc: edk2-devel@lists.01.org; Long, Qin <qin.l...@intel.com> Subject: Re: [edk2] [PATCH] SecurityPkg:AuthVariableLib:F

Re: [edk2] [PATCH] SecurityPkg/Pkcs7Verify: Add the comments to address security problem

Thanks, Chao. The suggested change looks too neutral against this problem. I still prefer to keep the original language, which was also cited from the description of this spec ECR document. Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Monday, Oct

Re: [edk2] [PATCH V2] SecurityPkg\Tcg2Pei: FV measure performance enhancement

Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Friday, October 13, 2017 3:26 PM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com>; Yao, Jiewen <jiewen@intel.com>; sea

Re: [edk2] [PATCH] SecurityPkg:AuthVariableLib:Implement ECR1707 for Private Auth Variable

Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Thursday, October 12, 2017 5:14 PM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com>; Chen, Chen A <chen.a.c...@intel.com>; Zh

[edk2] [PATCH] SecurityPkg/Pkcs7Verify: Add the comments to address security problem

Add the comments to address security problems in the Pkcs7Verify Protocol per UEFI 2.7 updates. The Pkcs7Verifier function VerifySignature() has problematic use cases where it might be used to unwittingly bypass security checks. The specific problem is that if the supplied hash is a different

Re: [edk2] [PATCH] SecurityPkg\Tcg2Pei: FV measure performance enhancement

Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Monday, October 9, 2017 4:50 PM To: edk2-devel@lists.01.org Cc: Long, Qin <qin.l...@intel.com>; Yao, Jiewen <jiewen@intel.com>; sean.bro..

Re: [edk2] [PATCH v2 1/2] SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic

The patch looks good to me. Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin From: Yao, Jiewen Sent: Tuesday, October 10, 2017 9:47 PM To: Laszlo Ersek <ler...@redhat.com>; Long, Qin <qin.l...@intel.com> Cc: Brijesh Singh <brijesh.si...@amd.

Re: [edk2] [PATCH v3] CryptoPkg: Add new API to retrieve commonName of X.509 certificate

Yes, they are legacy version with old style alignment. It's first try to address this return status change in this new API. We may update some APIs depending on requirement and impacts evaluations later. Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B

Re: [edk2] [PATCH v2] CryptoPkg: Add new API to retrieve commonName of X.509 certificate

From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Thursday, September 21, 2017 12:38 AM To: Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com> Cc: edk2-devel@lists.01.org Subject: Re: [PATCH v2] CryptoPkg: Add new API to r

Re: [edk2] [PATCH] CryptoPkg: Add new API to retrieve commonName of X.509 certificate

suggestion. Thanks for raising this. Best Regards & Thanks, LONG, Qin From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Laszlo Ersek Sent: Wednesday, September 20, 2017 8:09 PM To: Long, Qin <qin.l...@intel.com>; Ye, Ting <ting...@intel.com>; Zhang, Chao B <cha

Re: [edk2] [PATCH] CryptoPkg: Add new API to retrieve commonName of X.509 certificate

Thanks, Chao. Cryptest just simply use the hard-coded test vectors for API usage demonstration. So 64 is big enough for the given test X.509 data. Best Regards & Thanks, LONG, Qin -Original Message- From: Zhang, Chao B Sent: Wednesday, September 20, 2017 2:57 PM To: Long, Qin &l

[edk2] [PATCH] CryptoPkg: Add new API to retrieve commonName of X.509 certificate

Add one new API (X509GetCommonName()) to retrieve the subject commonName string from one X.509 certificate. Cc: Ting Ye Cc: Chao Zhang Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long ---

[edk2] [PATCH] SecurityPkg: Add ARM/AARCH64 arch to enable RngTest module build.

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=680 Adding ARM and AARCH64 to SUPPORTED_ARCHITECTURES in SecurityPkg.dsc to enable RngTest module build, since this is one platform-independent application. Cc: Chao Zhang Cc: Laszlo Ersek

Re: [edk2] [Patch 1/2] CryptoPkg/TlsLib: Remove the redundant free of BIO objects

Reviewed-by: Long Qin <qin.l...@intel.com> -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Jiaxin Wu Sent: Monday, July 31, 2017 1:41 PM To: edk2-devel@lists.01.org Cc: Ye, Ting <ting...@intel.com>; Wu, Jiaxin <jiaxin...@intel.

Re: [edk2] Adding OpenSSL as the submodule of EDKII project...

Sean, Thank you for the comments. And for the submodule maintenance, do you have any BKMs (e.g. alias setting, any scripts for synchronous clone/pull...) for sharing? Best Regards & Thanks, LONG, Qin -Original Message- From: Sean Brogan [mailto:sean.bro...@microsoft.com]

[edk2] Adding OpenSSL as the submodule of EDKII project...

is change? Any impacts? ...). Thanks. Best Regards & Thanks, LONG, Qin ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [PATCH] CryptoPkg/OpensslLib AARCH64: clear XIP CC flags

Reviewed-by: Long Qin <qin.l...@intel.com> Best Regards & Thanks, LONG, Qin -Original Message- From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org] Sent: Saturday, July 15, 2017 1:19 AM To: edk2-devel@lists.01.org; Long, Qin <qin.l...@intel.com> Cc: Ye, Ting &l

[edk2] [PATCH] CryptoPkg/BaseCryptLib: Add NULL pointer checks in DH and P7Verify

Add more NULL pointer checks before using them in DhGenerateKey and Pkcs7GetCertificatesList functions to eliminate possible dereferenced pointer issue. Cc: Ting Ye Cc: Hao Wu Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long

Re: [edk2] [PATCH] SecurityPkg: Add TCG Spec info to TCG related modules

Reviewed-by: Qin Long <qin.l...@intel.com> > -Original Message- > From: Zhang, Chao B > Sent: Thursday, May 11, 2017 1:15 PM > To: edk2-devel@lists.01.org > Cc: Long, Qin; Yao, Jiewen; Zhang, Chao B > Subject: [PATCH] SecurityPkg: Add TCG Spec info to TCG rela

[edk2] [PATCH] CryptoPkg: Update package version to 0.97

Update package version of CryptoPkg to 0.97. Cc: Ting Ye Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long --- CryptoPkg/CryptoPkg.dec | 2 +- CryptoPkg/CryptoPkg.dsc | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)

[edk2] [Patch] CryptoPkg: Correct some minor issues in function comments

on Agreement 1.0 Signed-off-by: Qin Long <qin.l...@intel.com> Signed-off-by: Long Qin <qin.l...@intel.com> --- CryptoPkg/Include/Library/BaseCryptLib.h | 18 +- CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 2 +- 2 files changed, 10 insertions(+),

Re: [edk2] CryptoPkg compiles error: BIO_printf() andBIO_snprintf() redefined.

, …). Theprocss_files.pl was originally created in UNIX-like style (“#!/usr/bin/perl –w”). So no more validations on those third-party Perl utility (ActivePerl, Strawberry, etc). Of cause, I can take a look at those Perl environments later. Best Regards & Thanks, LONG, Qin From: winddy [mailto:windd

Re: [edk2] CryptoPkg compiles error: BIO_printf() and BIO_snprintf() redefined.

> -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > winddy > Sent: Thursday, April 13, 2017 10:39 AM > To: edk2-devel > Subject: [edk2] CryptoPkg compiles error: BIO_printf() and BIO_snprintf() > redefined. > > Hi

  1   2   3   >