Hi Gerd
Currently, the *blocking issue* for openssl 3.0 adoption in EDKII is *size*. The big size increase will break exist platforms easily. As such, we are not able to switch to openssl 3.0 directly.
I have written the proposal at https://github.com/tianocore/edk2-staging/blob/OpenSSL11_EOL/ReadMe.md
"It is possible that we may need add MACRO to OpenSSL 3.0 to reduce the size. We can do POC and submit to OpenSSL community."
My suggested plan is:
1) We do our best to reduce size, as much as possible.
2) We revisit openssl 3.0 change, to see if that is reasonable.
3) if we can figure out a better way to avoid the change, we redesign and avoid the change.
4) if we cannot figure out a better way, we submit the change to openssl 3.0 community.
You are welcome to review the change and send feedback.
Thank you
Yao, Jiewen
> -----Original Message-----
> From: Gerd Hoffmann <kraxel@redhat.com>
> Sent: Friday, March 17, 2023 6:03 PM
> To: Li, Yi1 <yi1.li@intel.com>
> Cc: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; Hou,
> Wenxing <wenxing.hou@intel.com>
> Subject: Re: [edk2-staging/OpenSSL11_EOL 0/7] Openssl 3.0 POC update Mar
> 17
>
> On Fri, Mar 17, 2023 at 12:28:12PM +0800, Yi Li wrote:
> > Please check the patch series if interested.
> > PR: https://github.com/tianocore/edk2-staging/pull/359
>
> So it seems you are doing a number of larger changes to the openssl
> code base. What is the plan for those?
>
> I'd prefer to not be in a situation where every openssl update needs
> alot of work in our edk2-specific adaptions, especially as openssl
> updates can be timing-sensitive when it comes to fixing security issues.
>
> For changes where we only need dummy stub functions which don't do
> anything is isn't a big problem. But when changing the provider logic
> to suit our needs it is probably much better to work with upstream
> openssl to get the changes we need merged.
>
> I did that in the past, worked fine. See for example openssl commit
> a28dbfe7c84b6a43746d0e2ef4153e2a13067c4a (change printf to not
> support
> floating point for --target=UEFI).
>
> take care,
> Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101327): https://edk2.groups.io/g/devel/message/101327
Mute This Topic: https://groups.io/mt/97666986/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-