From nobody Wed May 15 10:11:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+102474+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+102474+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1680602087; cv=none; d=zohomail.com; s=zohoarc; b=AY0ip0nV8bAS4eJxGvdlr28dcgDwZdB8OPCxB5scBW4gobSyaklqF9CyPkPDSQl0Fyhuxb12okvA7HXlVr8cupvUWVs26DRXVP1z85duMiMrkPXVAi2fKB5JDNHtHMFIAEDHCB11i16lgeBXui4a2i4kpncI9MmTLeTAjTyLPDg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1680602087; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=zH2hKyRwpMrcEwgnUJgGU4nbOVUcQlQbO+mA7l4ybXI=; b=mRMJLbW7c3+p4nNdz0Nroox9m9pGbE5HVDONNawEh8ffUATEGYk3TfZT4QPjMQyz0hy1/WHgRyutASN/13TWG2D4LUXA+w+ulFV9zpFoMZ9V9J52omzZToSbAjnv4hrFfeLWLSsf5vhg913wCcvrmGhFvsrO3/7s49DoXj5cixQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+102474+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1680602086999150.63470660938128; Tue, 4 Apr 2023 02:54:46 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id xEeXYY1788612xdfMCMAIvrS; Tue, 04 Apr 2023 02:54:46 -0700 X-Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web11.97328.1680602083482260372 for ; Tue, 04 Apr 2023 02:54:43 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10669"; a="339626621" X-IronPort-AV: E=Sophos;i="5.98,317,1673942400"; d="scan'208";a="339626621" X-Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Apr 2023 02:54:43 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10669"; a="688830685" X-IronPort-AV: E=Sophos;i="5.98,317,1673942400"; d="scan'208";a="688830685" X-Received: from liyi4-desktop.ccr.corp.intel.com ([10.239.153.82]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Apr 2023 02:54:42 -0700 From: "Li, Yi" To: devel@edk2.groups.io Cc: Yi Li Subject: [edk2-devel] [edk2-staging/OpenSSL11_EOL][PATCH 1/4] CryptoPkg: disabled ssl server Date: Tue, 4 Apr 2023 17:54:30 +0800 Message-Id: <9afb573183eff52468b511160d3fa6bc6b525a7a.1680601312.git.yi1.li@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,yi1.li@intel.com X-Gm-Message-State: CUsO1xKwAlmbhqEJwhb8e6syx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1680602086; bh=M1v0PFlfxtY8Hz8oCjmikJ0M6UrmgwQ4EFj8+xohp8o=; h=Cc:Date:From:Reply-To:Subject:To; b=G9xwEXxqDq6AgPBGOziV8mcNJAFzPkumljT4rRKrqZ3e6tQkXkisLufGrnKPydhuExq AP8Fz2X6pGgT7MxMBxRTqW76wkA3z14zQm1gC0uamUnUIa/cr/7u1iog10HkDOVhsdlX/ ShmU38My3ceefWWrTb/tLF86qBtyJzAa95I= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1680602088214100003 Content-Type: text/plain; charset="utf-8" Signed-off-by: Yi Li --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 6 +- .../Library/OpensslLib/OpensslLibFull.inf | 6 +- CryptoPkg/Library/OpensslLib/SslExtServNull.c | 329 ++++++++++++++++++ .../Library/OpensslLib/SslStatServNull.c | 219 ++++++++++++ 4 files changed, 556 insertions(+), 4 deletions(-) create mode 100644 CryptoPkg/Library/OpensslLib/SslExtServNull.c create mode 100644 CryptoPkg/Library/OpensslLib/SslStatServNull.c diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Librar= y/OpensslLib/OpensslLib.inf index 8641cd2521..048d804292 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -700,12 +700,12 @@ $(OPENSSL_PATH)/providers/implementations/kdfs/pbkdf2.h $(OPENSSL_PATH)/providers/implementations/rands/drbg_local.h $(OPENSSL_PATH)/providers/implementations/storemgmt/file_store_local.h - $(OPENSSL_PATH)/ssl/statem/statem_srvr.c + # $(OPENSSL_PATH)/ssl/statem/statem_srvr.c $(OPENSSL_PATH)/ssl/statem/statem_lib.c $(OPENSSL_PATH)/ssl/statem/statem_dtls.c $(OPENSSL_PATH)/ssl/statem/statem_clnt.c $(OPENSSL_PATH)/ssl/statem/statem.c - $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c + # $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c $(OPENSSL_PATH)/ssl/statem/extensions_cust.c $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c $(OPENSSL_PATH)/ssl/statem/extensions.c @@ -757,6 +757,8 @@ ossl_store.c rand_pool.c # SslNull.c + SslStatServNull.c + SslExtServNull.c EcSm2Null.c DhNull.c EncoderNull.c diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf b/CryptoPkg/Li= brary/OpensslLib/OpensslLibFull.inf index 8cea86e6f0..7ad3c3fb85 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf @@ -705,12 +705,12 @@ $(OPENSSL_PATH)/providers/implementations/kdfs/pbkdf2.h $(OPENSSL_PATH)/providers/implementations/rands/drbg_local.h $(OPENSSL_PATH)/providers/implementations/storemgmt/file_store_local.h - $(OPENSSL_PATH)/ssl/statem/statem_srvr.c + # $(OPENSSL_PATH)/ssl/statem/statem_srvr.c $(OPENSSL_PATH)/ssl/statem/statem_lib.c $(OPENSSL_PATH)/ssl/statem/statem_dtls.c $(OPENSSL_PATH)/ssl/statem/statem_clnt.c $(OPENSSL_PATH)/ssl/statem/statem.c - $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c + # $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c $(OPENSSL_PATH)/ssl/statem/extensions_cust.c $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c $(OPENSSL_PATH)/ssl/statem/extensions.c @@ -824,6 +824,8 @@ ossl_store.c rand_pool.c # SslNull.c + SslStatServNull.c + SslExtServNull.c # EcSm2Null.c DhNull.c EncoderNull.c diff --git a/CryptoPkg/Library/OpensslLib/SslExtServNull.c b/CryptoPkg/Libr= ary/OpensslLib/SslExtServNull.c new file mode 100644 index 0000000000..c256f17667 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/SslExtServNull.c @@ -0,0 +1,329 @@ +/* + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "../ssl_local.h" +#include "statem_local.h" +#include "internal/cryptlib.h" + +#define COOKIE_STATE_FORMAT_VERSION 1 + +/* + * Parse the client's renegotiation binding and abort if it's not right + */ +int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + return -1; +} + +/*- + * The servername extension is treated as follows: + * + * - Only the hostname type is supported with a maximum length of 255. + * - The servername is rejected if too long or if it contains zeros, + * in which case an fatal alert is generated. + * - The servername field is maintained together with the session cache. + * - When a session is resumed, the servername call back invoked in order + * to allow the application to position itself to the right context. + * - The servername is acknowledged if it is new for a session or when + * it is identical to a previously used for the same session. + * Applications can control the behaviour. They can at any time + * set a 'desirable' servername for a new SSL object. This can be the + * case for example with HTTPS when a Host: header field is received and + * a renegotiation is requested. In this case, a possible servername + * presented in the new client hello is only acknowledged if it matches + * the value of the Host: field. + * - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + * if they provide for changing an explicit servername context for the + * session, i.e. when the session has been established with a servername + * extension. + * - On session reconnect, the servername extension may be absent. + */ +int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + return 0; +} + +int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int contex= t, + X509 *x, size_t chainidx) +{ + return 0; +} + +#ifndef OPENSSL_NO_SRP +int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + return 0; +} +#endif + +int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + return 0; +} + +int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int contex= t, + X509 *x, size_t chainidx) +{ + return 0; +} + +int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, + ossl_unused unsigned int context, + ossl_unused X509 *x, + ossl_unused size_t chainidx) +{ + return 0; +} + +int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X50= 9 *x, + size_t chainidx) +{ + return 0; +} + +#ifndef OPENSSL_NO_OCSP +int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int contex= t, + X509 *x, size_t chainidx) +{ + return 0; +} +#endif + +#ifndef OPENSSL_NO_NEXTPROTONEG +int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + return 0; +} +#endif + +/* + * Save the ALPN extension in a ClientHello.|pkt| holds the contents of th= e ALPN + * extension, not including type and length. Returns: 1 on success, 0 on e= rror. + */ +int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + return 0; +} + +#ifndef OPENSSL_NO_SRTP +int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X50= 9 *x, + size_t chainidx) +{ + return 0; +} +#endif + +int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + return 0; +} + +/* + * Process a psk_kex_modes extension received in the ClientHello. |pkt| co= ntains + * the raw PACKET data for the extension. Returns 1 on success or 0 on fai= lure. + */ +int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + return 0; +} + +/* + * Process a key_share extension received in the ClientHello. |pkt| contai= ns + * the raw PACKET data for the extension. Returns 1 on success or 0 on fai= lure. + */ +int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X5= 09 *x, + size_t chainidx) +{ + return 0; +} + +int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 = *x, + size_t chainidx) +{ + return 0; +} + +int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int cont= ext, + X509 *x, size_t chainidx) +{ + return 0; +} + +int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + return 0; +} + + +int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + return 0; +} + +static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick, + SSL_SESSION **sess) +{ + return SSL_TICKET_NO_DECRYPT; +} + +int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + return 0; +} + +int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt, + ossl_unused unsigned int context, + ossl_unused X509 *x, + ossl_unused size_t chainidx) +{ + return 0; +} + +/* + * Add the server's renegotiation binding + */ +EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + return EXT_RETURN_FAIL; +} + +EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + return EXT_RETURN_FAIL; +} + +/* Add/include the server's max fragment len extension into ServerHello */ +EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + return EXT_RETURN_FAIL; +} + +EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + return EXT_RETURN_FAIL; +} + +EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, + unsigned int context, X509 = *x, + size_t chainidx) +{ + return EXT_RETURN_FAIL; +} + +EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + return EXT_RETURN_FAIL; +} + +#ifndef OPENSSL_NO_OCSP +EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + return EXT_RETURN_FAIL; +} +#endif + +#ifndef OPENSSL_NO_NEXTPROTONEG +EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + return EXT_RETURN_FAIL; +} +#endif + +EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int cont= ext, + X509 *x, size_t chainidx) +{ + return EXT_RETURN_FAIL; +} + +#ifndef OPENSSL_NO_SRTP +EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + return EXT_RETURN_FAIL; +} +#endif + +EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int conte= xt, + X509 *x, size_t chainidx) +{ + return EXT_RETURN_FAIL; +} + +EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int conte= xt, + X509 *x, size_t chainidx) +{ + return EXT_RETURN_FAIL; +} + +EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, + unsigned int context, X50= 9 *x, + size_t chainidx) +{ + return EXT_RETURN_FAIL; +} + +EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + return EXT_RETURN_FAIL; +} + +EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int co= ntext, + X509 *x, size_t chainidx) +{ + return EXT_RETURN_FAIL; +} + +EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + return EXT_RETURN_FAIL; +} + +EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + return EXT_RETURN_FAIL; +} + +EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int conte= xt, + X509 *x, size_t chainidx) +{ + return EXT_RETURN_FAIL; +} diff --git a/CryptoPkg/Library/OpensslLib/SslStatServNull.c b/CryptoPkg/Lib= rary/OpensslLib/SslStatServNull.c new file mode 100644 index 0000000000..bb05ca772f --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/SslStatServNull.c @@ -0,0 +1,219 @@ +/* + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "../ssl_local.h" +#include "statem_local.h" +#include "internal/constant_time.h" +#include "internal/cryptlib.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define TICKET_NONCE_SIZE 8 + +typedef struct { + ASN1_TYPE *kxBlob; + ASN1_TYPE *opaqueBlob; +} GOST_KX_MESSAGE; + +int ossl_statem_server_read_transition(SSL *s, int mt) +{ + return 0; +} + +/* + * Should we send a CertificateRequest message? + * + * Valid return values are: + * 1: Yes + * 0: No + */ +int send_certificate_request(SSL *s) +{ + return 0; +} + +/* + * ossl_statem_server_write_transition() works out what handshake state to= move + * to next when the server is writing messages to be sent to the client. + */ +WRITE_TRAN ossl_statem_server_write_transition(SSL *s) +{ + return WRITE_TRAN_ERROR; +} + +WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) +{ + return WORK_ERROR; +} +/* + * Perform any work that needs to be done after sending a message from the + * server to the client. + */ +WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) +{ + return WORK_ERROR; +} + +/* + * Get the message construction function and message type for sending from= the + * server + * + * Valid return values are: + * 1: Success + * 0: Error + */ +int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt, + confunc_f *confunc, int *mt) +{ + return 0; +} + +/* + * Returns the maximum allowed length for the current message that we are + * reading. Excludes the message header. + */ +size_t ossl_statem_server_max_message_size(SSL *s) +{ + return 0; +} + +/* + * Process a message that the server has received from the client. + */ +MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt) +{ + return MSG_PROCESS_ERROR; +} + +/* + * Perform any further processing required following the receipt of a mess= age + * from the client + */ +WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst) +{ + return WORK_ERROR; +} + +int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, + size_t cookie_len) +{ + return 0; +} + +int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt) +{ + return 0; +} + +MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) +{ + return MSG_PROCESS_ERROR; +} + +/* + * Call the alpn_select callback if needed. Upon success, returns 1. + * Upon failure, returns 0. + */ +int tls_handle_alpn(SSL *s) +{ + return 0; +} + +WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) +{ + return WORK_ERROR; +} + +int tls_construct_server_hello(SSL *s, WPACKET *pkt) +{ + return 0; +} + +int tls_construct_server_done(SSL *s, WPACKET *pkt) +{ + return 0; +} + +int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) +{ + return 0; +} + +int tls_construct_certificate_request(SSL *s, WPACKET *pkt) +{ + return 0; +} + +MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) +{ + return MSG_PROCESS_ERROR; +} + +WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst) +{ + return WORK_ERROR; +} + +MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) +{ + return MSG_PROCESS_ERROR; +} + +int tls_construct_server_certificate(SSL *s, WPACKET *pkt) +{ + return 0; +} + +int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) +{ + return 0; +} + +/* + * In TLSv1.3 this is called from the extensions code, otherwise it is use= d to + * create a separate message. Returns 1 on success or 0 on failure. + */ +int tls_construct_cert_status_body(SSL *s, WPACKET *pkt) +{ + return 0; +} + +int tls_construct_cert_status(SSL *s, WPACKET *pkt) +{ + return 0; +} + +#ifndef OPENSSL_NO_NEXTPROTONEG +/* + * tls_process_next_proto reads a Next Protocol Negotiation handshake mess= age. + * It sets the next_proto member in s if found + */ +MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt) +{ + return MSG_PROCESS_ERROR; +} +#endif + +MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt) +{ + return MSG_PROCESS_ERROR; +} --=20 2.31.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#102474): https://edk2.groups.io/g/devel/message/102474 Mute This Topic: https://groups.io/mt/98056477/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed May 15 10:11:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+102475+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+102475+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1680602089; cv=none; d=zohomail.com; s=zohoarc; b=N+yhZyXK+1itpwvVWWCipqYamzQljFWuZkiue7aYJGnA3nUYqoDtnUM8hTtWfoE9NDAHgH76w2ppyfYSL1oT5EML5xfWXDyf1D1bj1BtYSFjDrgvU8vT98eCUQ7WiA+zhC15hyPqrK0xIblyRQXGIy7WCJbgVAU+yaR4XzsMbQI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1680602089; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=3J0GcCqOwuiOcNjLecROLJtXq6DqsF2Mr93KKPuTTvU=; b=DdGQgrPXLuXbTG3Mnq0uO9mP057HhwdmcXQKq6mojuEXdcxrMDZ8NdxfzLb6qecIzKdk3Lpss4Nx8rDX1Jt0sAeCV2+235FFbuUIQXYrwDH6t6Zqb+d8UiERDV5kHImgfAlauBKcVBW7pXqJ7eNyM6O37O7ZmiOFlCmKBZzeN3E= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+102475+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1680602089723450.70929116344576; Tue, 4 Apr 2023 02:54:49 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id kdLqYY1788612xHsLgl6KC1i; Tue, 04 Apr 2023 02:54:49 -0700 X-Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web11.97329.1680602084744828981 for ; Tue, 04 Apr 2023 02:54:44 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10669"; a="339626630" X-IronPort-AV: E=Sophos;i="5.98,317,1673942400"; d="scan'208";a="339626630" X-Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Apr 2023 02:54:44 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10669"; a="688830696" X-IronPort-AV: E=Sophos;i="5.98,317,1673942400"; d="scan'208";a="688830696" X-Received: from liyi4-desktop.ccr.corp.intel.com ([10.239.153.82]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Apr 2023 02:54:43 -0700 From: "Li, Yi" To: devel@edk2.groups.io Cc: Yi Li Subject: [edk2-devel] [edk2-staging/OpenSSL11_EOL][PATCH 2/4] CryptoPkg: sync latest change in uefiprov to minprov Date: Tue, 4 Apr 2023 17:54:31 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,yi1.li@intel.com X-Gm-Message-State: x8snW2ayHY22knhcbQTxYp0Kx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1680602089; bh=cHyE5/vo3WQPoyyCGRxBGjmeeIaPIHhBDy6NUPSSs6M=; h=Cc:Date:From:Reply-To:Subject:To; b=qTx2/HWHccVT4McBIAQfuYxyotWm89TGQomc4SeuBn8hfFeb8pw5ftsTbyPWRPXjwm0 X1T/6DVaI6hbCuEqIj6A1iBudwXGrB1PT0iuDxKd++exPO+ViTyVFza4J7xOXfugiKdA/ TD1gmJW5tr1fSJ4kdyO3yjAp51UmGZOLa74= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1680602099008100004 Content-Type: text/plain; charset="utf-8" Signed-off-by: Yi Li --- .../Library/OpensslLib/OpensslStub/minprov.c | 30 +++++-------------- 1 file changed, 7 insertions(+), 23 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslStub/minprov.c b/CryptoPkg= /Library/OpensslLib/OpensslStub/minprov.c index 1ba4b4f669..26fad90408 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslStub/minprov.c +++ b/CryptoPkg/Library/OpensslLib/OpensslStub/minprov.c @@ -1,7 +1,5 @@ /** @file - Minimal UEFI Openssl provider implementation, only support PEI crypto fe= ature - without PKCS7. - + Minimal UEFI Openssl provider implementation, only support PEI crypto fe= ature. Copyright (c) 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -122,7 +120,6 @@ static const OSSL_ALGORITHM deflt_digests[] =3D { // { PROV_NAMES_MD5_SHA1, "provider=3Ddefault", ossl_md5_sha1_function= s }, #endif /* OPENSSL_NO_MD5 */ =20 - { PROV_NAMES_NULL, "provider=3Ddefault", ossl_nullmd_functions }, { NULL, NULL, NULL } }; @@ -165,16 +162,7 @@ static const OSSL_ALGORITHM deflt_rands[] =3D { { NULL, NULL, NULL } }; =20 -static const OSSL_ALGORITHM deflt_signature[] =3D { - { PROV_NAMES_RSA, "provider=3Ddefault", ossl_rsa_signature_functions }, - { NULL, NULL, NULL } -}; - static const OSSL_ALGORITHM deflt_keymgmt[] =3D { - { PROV_NAMES_RSA, "provider=3Ddefault", ossl_rsa_keymgmt_functions, - PROV_DESCS_RSA }, - { PROV_NAMES_RSA_PSS, "provider=3Ddefault", ossl_rsapss_keymgmt_functi= ons, - PROV_DESCS_RSA_PSS }, { PROV_NAMES_HKDF, "provider=3Ddefault", ossl_kdf_keymgmt_functions, PROV_DESCS_HKDF_SIGN }, { NULL, NULL, NULL } @@ -189,16 +177,16 @@ static const OSSL_ALGORITHM *deflt_query(void *provct= x, int operation_id, return deflt_digests; case OSSL_OP_CIPHER: return exported_ciphers; - case OSSL_OP_RAND: - return deflt_rands; case OSSL_OP_MAC: return deflt_macs; case OSSL_OP_KDF: return deflt_kdfs; - case OSSL_OP_KEYEXCH: - return deflt_keyexch; + case OSSL_OP_RAND: + return deflt_rands; case OSSL_OP_KEYMGMT: return deflt_keymgmt; + case OSSL_OP_KEYEXCH: + return deflt_keyexch; } return NULL; } @@ -229,10 +217,8 @@ int ossl_uefi_provider_init(const OSSL_CORE_HANDLE *ha= ndle, void **provctx) { OSSL_FUNC_core_get_libctx_fn *c_get_libctx =3D NULL; - BIO_METHOD *corebiometh; =20 - if (!ossl_prov_bio_from_dispatch(in) - || !ossl_prov_seeding_from_dispatch(in)) + if (!ossl_prov_seeding_from_dispatch(in)) return 0; for (; in->function_id !=3D 0; in++) { switch (in->function_id) { @@ -262,8 +248,7 @@ int ossl_uefi_provider_init(const OSSL_CORE_HANDLE *han= dle, * This only works for built-in providers. Most providers should * create their own library context. */ - if ((*provctx =3D ossl_prov_ctx_new()) =3D=3D NULL - || (corebiometh =3D ossl_bio_prov_init_bio_method()) =3D=3D NU= LL) { + if ((*provctx =3D ossl_prov_ctx_new()) =3D=3D NULL) { ossl_prov_ctx_free(*provctx); *provctx =3D NULL; return 0; @@ -271,7 +256,6 @@ int ossl_uefi_provider_init(const OSSL_CORE_HANDLE *han= dle, ossl_prov_ctx_set0_libctx(*provctx, (OSSL_LIB_CTX *)c_get_libctx(handle= )); ossl_prov_ctx_set0_handle(*provctx, handle); - ossl_prov_ctx_set0_core_bio_method(*provctx, corebiometh); =20 *out =3D deflt_dispatch_table; ossl_prov_cache_exported_algorithms(deflt_ciphers, exported_ciphers); --=20 2.31.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#102475): https://edk2.groups.io/g/devel/message/102475 Mute This Topic: https://groups.io/mt/98056479/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed May 15 10:11:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+102476+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+102476+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1680602089; cv=none; d=zohomail.com; s=zohoarc; b=Q6ZzH1jfOGhLqe2D7f2NCbbQfgfYX5rqI5Urd5T0aJvR8V8yZN9UVx9kkqGb3aa/QTYFxgWRs/tAlqaA9wnhCHsrlg2e1SqOT3pgj/RpNAU8IHLRrHMOGFJxGQ+eWlx9b7HSEx3geoWUdeeqKeaZD73nj+5c0v20JwSc1Vr3X0w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1680602089; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=GG8XmgHNw6CFHpqpHC3pg6OGNCfAhxjQazJGsw5UYao=; b=ZswrCVf/or5aNF/othOjufnNVIWNGSX3KNQkPZgtcaVdUQuH96TqIGO85gU6unmOagFPV88XJAROrWyuZjZtsGe+Sr//5M1JS+JLknSRMKbD3Ulj8oAl0f8Gv3UKu7CTE81m5SB9NOnFblwgFqsGS0UWix80/Jk+iDeXL1QXnh4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+102476+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1680602089725541.8469061828841; Tue, 4 Apr 2023 02:54:49 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id rLXfYY1788612x1AFYFHjbcU; Tue, 04 Apr 2023 02:54:49 -0700 X-Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web11.97329.1680602084744828981 for ; Tue, 04 Apr 2023 02:54:45 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10669"; a="339626650" X-IronPort-AV: E=Sophos;i="5.98,317,1673942400"; d="scan'208";a="339626650" X-Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Apr 2023 02:54:45 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10669"; a="688830702" X-IronPort-AV: E=Sophos;i="5.98,317,1673942400"; d="scan'208";a="688830702" X-Received: from liyi4-desktop.ccr.corp.intel.com ([10.239.153.82]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Apr 2023 02:54:44 -0700 From: "Li, Yi" To: devel@edk2.groups.io Cc: Yi Li Subject: [edk2-devel] [edk2-staging/OpenSSL11_EOL][PATCH 3/4] Readme: 0330 update Date: Tue, 4 Apr 2023 17:54:32 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,yi1.li@intel.com X-Gm-Message-State: hDYmM6pSS3NnhzEjPEzCdV0Ex1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1680602089; bh=hp+cBHvlnJJuA1r53ciHKljyHMvbBswTVKlTioEs3tk=; h=Cc:Date:From:Reply-To:Subject:To; b=TXfeA+zm0kXaQPOYZmBhm/Y3neZi5rLhLQdpUP9m69JX0GRGvvRLgP3Vs09ZkJ/TZJG qhzf2K85RFqrbkry6x1THkFPTTtVCkNExWzq0z/LzKSt1Ck/bytAxlJl02XE9ZJ36ErYX Xa5aHfcwG/QyKHd9y5z7qzfSndJBlPw2kOA= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1680602100413100006 Content-Type: text/plain; charset="utf-8" Signed-off-by: Yi Li --- CryptoPkg/Readme-OpenSSL3.0.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/CryptoPkg/Readme-OpenSSL3.0.md b/CryptoPkg/Readme-OpenSSL3.0.md index fc5d24d074..1c77628b75 100644 --- a/CryptoPkg/Readme-OpenSSL3.0.md +++ b/CryptoPkg/Readme-OpenSSL3.0.md @@ -20,17 +20,17 @@ Will update latest result here (Build based on Intel pl= atform). Binaries mode (use crypto drivers) =20 | Driver | 1.1.1 | 3.0 | percent | =20 |-----------------|------------|------------|------------| =20 -|CryptoPei | 386 | 398 | 3.1% | =20 +|CryptoPei | 386 | 400 | 3.6% | =20 |CryptoPeiPreMem | 31 | 31 | 0% | =20 -|CryptoDxeFull | 1014 | 997 | -1.6% | =20 -|CryptoDxe | 804 | 871 | 8.3% | =20 -|CryptoSmm | 558 | 581 | 4.1% | =20 +|CryptoDxeFull | 1014 | 935 | -7.7% | =20 +|CryptoDxe | 804 | 813 | 1.2% | =20 +|CryptoSmm | 558 | 587 | 5.2% | =20 =20 | LZMA Compressed | 1.1.1 | 3.0 | percent | =20 |-----------------|------------|------------|------------| =20 -|CryptoDxe | 311 | 346 | 11.2% | =20 +|CryptoDxe | 311 | 321 | 3.3% | =20 |CryptoSmm | 211 | 233 | 10.4% | =20 -|FV (Dxe+Smm) | 357 | 406 | 13.7% | =20 +|FV (Dxe+Smm) | 357 | 381 | 6.8% | =20 =20 Library mode (use crypto library) =20 | Driver | 1.1.1 | 3.0 | delta | =20 @@ -61,6 +61,7 @@ SM2, SM3 - 12KB, =20 MD5 - 8KB, =20 PEM - 19KB, =20 +TlsServer - 51KB (Only for DXE), ... =20 #### Risk: 1. SM3 =20 @@ -154,5 +155,8 @@ https://github.com/liyi77/openssl/commit/faa5d6781c3af6= 01bcbc11ff199e2955d7ff430 https://github.com/liyi77/openssl/commit/8488c75701cdd5e626785e6d9d002f6fb= 30ae0ff =20 (commit: x509: remove unused extentions 19KB) =20 https://github.com/liyi77/openssl/commit/c27b3428708eb240b626946ce10d42198= 06d8adf =20 +(commit: ssl: block out dtls code when OPENSSL_NO_DTLS defined 7KB) =20 +https://github.com/liyi77/openssl/commit/a92f19cb85232a153f20303d7c9035b2b= 614fdb3 =20 + ## Timeline Target for 2023 Q1 \ No newline at end of file --=20 2.31.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#102476): https://edk2.groups.io/g/devel/message/102476 Mute This Topic: https://groups.io/mt/98056480/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed May 15 10:11:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+102477+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+102477+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1680602092; cv=none; d=zohomail.com; s=zohoarc; b=Bg1syXGF4K8r1kyic6sKQZDKo2Z2iXcOhrnQ3d5UmgDMMV+qsBFCP6zphBxmQjyeyM6VQGSJ9EOnLArFBrpF29zz3MTmcrSqK43fcOMr7JRbcQ1wVOx1vTZYH3EB9hJqSni6XP+vQq88q3BTz+kGsk0bA8WvtBCrYewnEFOksg0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1680602092; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=EfjOnlO0SISbNZ/H1SyvJUuY4T5jFhZVlh+fBAj2exU=; b=nDT92hxl3loB7SGllHO309q8BH6TZ+6BcE908oX/XlSIy+zovt/8XnuxWWB9mCL3BFt7hVP14/q3fO6b9Z5Wyqd+kiLF1QBZXyv3ftX2RJgQqa0YPX5cOKp+LPsoVQHHLmf3beZkVAkMePLlf6XVFdVHWVWjt6NjKQYLGlt/zCU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+102477+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1680602092467905.704078031983; Tue, 4 Apr 2023 02:54:52 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id wb5wYY1788612xkREJ0MEymo; Tue, 04 Apr 2023 02:54:51 -0700 X-Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web11.97329.1680602084744828981 for ; Tue, 04 Apr 2023 02:54:47 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10669"; a="339626668" X-IronPort-AV: E=Sophos;i="5.98,317,1673942400"; d="scan'208";a="339626668" X-Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Apr 2023 02:54:46 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10669"; a="688830723" X-IronPort-AV: E=Sophos;i="5.98,317,1673942400"; d="scan'208";a="688830723" X-Received: from liyi4-desktop.ccr.corp.intel.com ([10.239.153.82]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Apr 2023 02:54:45 -0700 From: "Li, Yi" To: devel@edk2.groups.io Cc: Yi Li Subject: [edk2-devel] [edk2-staging/OpenSSL11_EOL][PATCH 4/4] Readme: update POC result and next step Date: Tue, 4 Apr 2023 17:54:33 +0800 Message-Id: <6c3b90518493fe6591cf100cda66e4e16dd09b0e.1680601312.git.yi1.li@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,yi1.li@intel.com X-Gm-Message-State: 7new2mAbazgixY11ML0gNXFEx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1680602091; bh=H3XjnVVkU7rka9l7q2let/tLdedFtwhO8sB5rGvMnPs=; h=Cc:Date:From:Reply-To:Subject:To; b=WNHOGmVEJRh6gGCsfR6+GPIxKEJQA5wJN/8gGrWX/rhhT+4fZD8PQxgYWUePP+IKHqs N5dmTWtpt20/aS5CqZh/tjbKHkiGBAhT4zd1uQBjquzGZE1Afv5BBwWhUinB/J9rOdWZc RqE+ntZBhYW+VCY2Lc05E1j58UzqB9xUWlw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1680602094141100005 Content-Type: text/plain; charset="utf-8" Signed-off-by: Yi Li --- CryptoPkg/Readme-OpenSSL3.0.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Readme-OpenSSL3.0.md b/CryptoPkg/Readme-OpenSSL3.0.md index 1c77628b75..5b660959e7 100644 --- a/CryptoPkg/Readme-OpenSSL3.0.md +++ b/CryptoPkg/Readme-OpenSSL3.0.md @@ -16,7 +16,18 @@ This branch is for investigating how to reduce the size = increase. The branch owner: Li Yi =20 =20 ## Latest update -Will update latest result here (Build based on Intel platform). =20 +The goal of POC has been reached, next step: +1. Optimize code quality =20 +2. Upstream OpenSsl code change =20 +3. Fully validation =20 + =20 +Risk: =20 +1. Upstream the openssl code is a long process. if all goes well, it can = be completed before the next openssl stable release (July 2023). =20 + If missed, the next stable release will be in September 2023. =20 +2. If bugs are found during validation, some size optimization work will = have to be discarded. =20 + This will result in that size increase greater than the current result. =20 + +## POC result Binaries mode (use crypto drivers) =20 | Driver | 1.1.1 | 3.0 | percent | =20 |-----------------|------------|------------|------------| =20 @@ -35,7 +46,8 @@ Binaries mode (use crypto drivers) Library mode (use crypto library) =20 | Driver | 1.1.1 | 3.0 | delta | =20 |--------------------|------------|------------|------------| =20 -| FV | 2377 | 2639 | 262 | =20 +| FV | 2377 | 2636 | 262 | =20 +| FV (LZMA) | 459 | 539 | 80 | =20 |SecurityStubDxe.efi | 562 | 605 | 43 | =20 =20 ## Limitation --=20 2.31.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#102477): https://edk2.groups.io/g/devel/message/102477 Mute This Topic: https://groups.io/mt/98056481/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-