How to Rebase a Long-Standing PR on GitHub: A Case Study with OpenSSL

Hello, fellow developers! I’m Mounir IDRASSI, and today I want to share an experience I had with an old pull request (PR) on the OpenSSL repository. This post will walk you through the steps I took to rebase my fork and resolve conflicts, ensuring that my contributions could finally be merged.

The Background

On January 17, 2021, I opened a PR titled “Allow MinGW build to use BCryptGenRandom like MSVC build [master]” on the OpenSSL GitHub repository. The PR aimed to improve the MinGW build by dynamically loading bcrypt.dll and calling BCryptGenRandom at runtime, similar to the MSVC ...

We use LoadLibraryA to load bcrypt.dll from Windows System32 directory and 
retrieve the function pointer to BCryptGenRandom in order to call it 
dynamically at runtime. We also use GetModuleHandleExA to pin bcrypt.dll 
in the process memory in order to replicate the previous behavior where 
bcrypt.dll was linked against explicitly at link time as dependency. This 
also protected from unexpected external unloading of bcrypt.dll.

Fixes #13878
Fixes #11757
        

However, as often happens with open-source projects, time passed, and the PR remained unmerged for over three years. On July 3, 2024, an OpenSSL maintainer requested that I rebase the PR to resolve conflicts:

Could you please rebase the PR to resolve conflicts?
        

The Problem

After more than three years, my PR had accumulated conflicts due to the numerous updates to the OpenSSL master branch. These conflicts needed to be resolved before my changes could be merged. The process of rebasing seemed daunting, but I documented the steps to help others facing a similar challenge.

The Solution: Step-by-Step Guide to Rebase Your PR

Here’s how you can rebase your forked repository and resolve conflicts, just as I did for my OpenSSL PR:

1. Clone Your Forked Repository

If you haven't already cloned your fork, start by doing so:

git clone https://github.com/yourusername/openssl.git
cd openssl

2. Add the Upstream Repository

Link your local repository to the original OpenSSL repository to fetch the latest changes:

git remote add upstream https://github.com/openssl/openssl.git

3. Fetch the Latest Changes from Upstream

Pull in the latest updates from the original repository:

git fetch upstream

4. Checkout Your PR Branch

Switch to the branch where you made the changes for the PR. In my case, it was the master branch:

git checkout master

5. Rebase Your Branch onto the Latest Upstream Master

Rebase your branch to incorporate the latest changes from the upstream repository:

git rebase upstream/master

During this step, you may encounter conflicts. Git will pause the rebase process and mark the conflicting files.

6. Resolve Conflicts

Open the conflicting files in your preferred text editor and look for conflict markers (<<<<<<<, =======, >>>>>>>). Manually resolve the conflicts by choosing the correct code to keep.

In my case, only the file providers/implementations/rands/seeding/rand_win.c was affected by the conflit so resolving them was easy.

After resolving the conflicts, stage the resolved files:

git add <resolved_file>

7. Continue the Rebase

After staging the resolved files, continue the rebase process:

git rebase --continue

Repeat the conflict resolution and rebase continuation steps until the rebase is complete.

8. Push the Rebases Branch to Your Fork

After successfully rebasing, push the changes to your GitHub fork. Use the --force option because you have rewritten the commit history:

git push origin master --force

The --force option is necessary as the history of your branch has changed due to the rebase.

Conclusion

By following these steps, I was able to resolve the conflicts in my PR and bring it up to date with the latest changes in the OpenSSL master branch. If you find yourself in a similar situation, I hope this guide helps you navigate the rebasing process smoothly.

Happy coding!

Making VeraCrypt better

When I started VeraCrypt back in 2013, the project attracted little attention but after the collapse of the TrueCrypt the number of users started to grow.
This prompted me to publish Linux and MacOSX version of VeraCrypt as requested by many, and to add other security enhancements by fixing a long list of vulnerabilities in the original TrueCrypt source, either discovered by the Open Crypto Audit project (https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf), found by running Static Code Analysis tools or found by internal review of the source.

The result was VeraCrypt 1.0e which was published on September 4th 2014. It can be downloaded on CodePlex or Sourceforce.

After the publication of the interview I had with Paul Rubens from "eSecurity Planet", many people started asking about the list of enhancement implemented so far in VeraCrypt. I posted an answer to that in the Codeplex discussion forum : https://veracrypt.codeplex.com/discussions/569777#PostContent_1313325

And what's next? The next target is to deprecate the aging RIPEMD-160 especially in boot encryption and to replace it with SHA-256. This requires a lot of work because of the bootloader constraints but hopefully I'll be able to publish a beta version soon.

Also, in order to give the users the freedom of choosing the security level they need and for those who complain about the slowness of VeraCrypt, a security level choice will be introduced : when creating VeraCrypt encrypted containers or when encryption the system partition, the user can choose between a high security level (equivalent to what VeraCrypt does now), a medium level and a low security level.
Hopefully, this will help accelerate the adoption of VeraCrypt among a wider segment of users.

Fixing Virtualbox mounting shared folders issue

As a VirtualBox user, I started to encounter recently issues related to mounting shared folders into Linux guest VMs. The usual mount command started to fail with "wrong fs type" error after updating the Virtualbox Guest Additions and I couldn't understand why.

After some research, I found that this was due to the fact that the upgrade script of the Guest Additions was confused by the fact that there were many VBoxGuestAdditions-4.XXX under /opt and it failed to pick up the most recent one in order to create the symbolic link under /usr/lib.

So, in order to solve the issue, you have to manually create symbolic link using the command :

sudo ln -s /opt/VBoxGuestAdditions-4.3.10/lib/VBoxGuestAdditions /usr/lib/.

In the above, "4.3.10" is the latest version of the Guest Additions I installed. Replace it with the correct version in your case (list all the directories under /opt and pickup the latest one starting by VBoxGuestAdditions).

Compiling ARM desktop applications for Windows 8 RT?

Microsoft has disabled compiling ARM desktop application on Visual Studio 2012 even if it is possible technically and the binaries can run without an issue (provided that they are signed by Microsoft).

In order to re-enable the support for ARM desktop application building in Visual Studio 2012, you have to follow these two steps :

• Edit the file "C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\V110\Platforms\ARM\Microsoft.Cpp.ARM.Common.props" and add the following line to the section PropertyGroup : "< WindowsSDKDesktopARMSupport > true < / WindowsSDKDesktopARMSupport > "
• Add the following define to your project, Makefile or command line through the /D switch: _ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE.

Backup and restore Windows 7 activation status (Offline activation after reinstall)

This post is just a reminder of the necessary steps in order to backup Windows 7 activation status before doing a clean re-install and then restoring it back.
They are taken from post on the following link : http://www.mydigitallife.info/how-to-backup-and-restore-windows-7-and-server-2008-r2-activation-status-activate-offline-on-reinstall/

1. Copy and save or backup the following activation-related files to external storage medium such as USB flash drive or portable hard disk drive: C:\Windows\ServiceProfiles\NetWorkService\
   AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Tokens.dat
   and,C:\Windows\System32\spp\tokens\pkeyconfig\pkeyconfig.xrm-ms
   Note: For 64-bit (x64) OS, C:\Windows\SysWOW64\spp\tokens\pkeyconfig\pkeyconfig.xrm-ms have to be backed up too.
2. Retrieve and record the product key used to install and activate the current Windows 7 or Windows Server 2008 R2.
3. Reinstall Windows 7 or Windows Server 2008 R2. When installation wizard prompts for a product key for activation, leave it blank (do not enter anything).
4. In the newly installed Windows operating system, stop the Software Protection Service in Services.msc or with the following command (run in elevated command prompt): net stop sppsvc
   
5. Navigate to the following folder: C:\Windows\System32\spp\tokens\pkeyconfig\
   Note: In 64-bit (x64) operating system, also perform the action in C:\Windows\SysWOW64\spp\tokens\pkeyconfig\ folder.
6. Take ownership and give user full control permissions (alternatively add grant full control right click menu item) to pkeyconfig.xrm-ms file.
7. Delete the original default pkeyconfig.xrm-ms file, and replace with the backup copy.
8. Navigate to the following folder: C:\Windows\ServiceProfiles\NetWorkService\
   AppData\Roaming\Microsoft\SoftwareProtectionPlatform\
   
9. Take ownership and give user full control permissions (alternatively add grant full control right click menu item) to tokens.dat file.
10. Delete the original default tokens.dat file, and replace with the backup copy.
11. Restart the Software Protection Service in Services.msc or with the following command (run in elevated command prompt): net start sppsvc
    
12. Register the product key for Windows 7 or Windows Server 2008 R2 with the following command (run in elevated command prompt): slmgr.vbs -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
    Replace xxxxx-xxxxx-xxxxx-xxxxx-xxxxx with the actual product key.
13. Windows will activated instantly, off-line. To check activation status, uses of of the following commands: 
• slmgr.vbs -dlv
• slmgr.vbs -dli
• slmgr.vbs -ato