From: "Gerd Hoffmann" <kraxel@redhat.com>
To: devel@edk2.groups.io
Cc: Pawel Polawski <ppolawsk@redhat.com>,
yi1.li@intel.com, Jiewen Yao <jiewen.yao@intel.com>,
Oliver Steffen <osteffen@redhat.com>,
Jian J Wang <jian.j.wang@intel.com>,
Ard Biesheuvel <ardb+tianocore@kernel.org>,
Guomin Jiang <guomin.jiang@intel.com>,
Xiaoyu Lu <xiaoyu1.lu@intel.com>,
Jordan Justen <jordan.l.justen@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>
Subject: [PATCH 0/5] CryptoPkg/openssl: enable EC unconditionally.
Date: Mon, 2 May 2022 12:34:31 +0200 [thread overview]
Message-ID: <20220502103436.3274412-1-kraxel@redhat.com> (raw)
Re-opening the elliptic curves debate after running into the recent
openssl changes. The current implementation is IMHO rather messy.
It adds manual changes to a auto-generated files, which will make
any updates a rather hard and error-prone process.
I see two possible options how we can move forward:
(1) Drop the idea to make EC configurable and just enable it
unconditionally. I think long-term there is no way around
this anyway as EC is a hard requirement for TLS 1.3.
(2) Keep the EC config option, but update process_files.pl to
automatically add the PcdEcEnabled config option handling
to the files it generates.
This patch set does (1). It also tweaks ovmf firmware volumes
to make CI tests pass and it also excludes generated files from
codestyle checks.
take care,
Gerd
Gerd Hoffmann (5):
Revert "CryptoPkg: Declare PcdEcEnabled in Library consuming
OpensslLib"
Revert "CryptoPkg: Make EC source file config-able"
OvmfPkg: make DXEFV larger
CryptoPkg/openssl: update generated files
CryptoPkg/openssl: disable codestyle checks for generated files
CryptoPkg/CryptoPkg.dec | 4 -
OvmfPkg/OvmfPkgIa32.fdf | 6 +-
OvmfPkg/OvmfPkgIa32X64.fdf | 6 +-
OvmfPkg/OvmfPkgX64.fdf | 6 +-
.../Library/BaseCryptLib/BaseCryptLib.inf | 3 -
.../Library/BaseCryptLib/PeiCryptLib.inf | 3 -
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 3 -
.../Library/BaseCryptLib/SmmCryptLib.inf | 3 -
.../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 3 -
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 99 ++++----
.../Library/OpensslLib/OpensslLibCrypto.inf | 99 ++++----
CryptoPkg/Library/TlsLib/TlsLib.inf | 3 -
CryptoPkg/Library/Include/crypto/dso_conf.h | 7 +-
.../Library/Include/openssl/opensslconf.h | 240 ++++++++----------
CryptoPkg/CryptoPkg.ci.yaml | 10 +
15 files changed, 234 insertions(+), 261 deletions(-)
--
2.35.1
next reply other threads:[~2022-05-02 10:34 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-02 10:34 Gerd Hoffmann [this message]
2022-05-02 10:34 ` [PATCH 1/5] Revert "CryptoPkg: Declare PcdEcEnabled in Library consuming OpensslLib" Gerd Hoffmann
2022-05-02 10:34 ` [PATCH 2/5] Revert "CryptoPkg: Make EC source file config-able" Gerd Hoffmann
2022-05-02 10:34 ` [PATCH 3/5] OvmfPkg: make DXEFV larger Gerd Hoffmann
2022-05-02 19:39 ` Ard Biesheuvel
2022-05-02 10:34 ` [PATCH 4/5] CryptoPkg/openssl: update generated files Gerd Hoffmann
2022-05-02 10:34 ` [PATCH 5/5] CryptoPkg/openssl: disable codestyle checks for " Gerd Hoffmann
2022-05-03 15:39 ` [PATCH 0/5] CryptoPkg/openssl: enable EC unconditionally Yao, Jiewen
2022-05-05 8:06 ` Gerd Hoffmann
2022-05-05 9:15 ` [edk2-devel] " Gerd Hoffmann
2022-05-09 1:38 ` Yao, Jiewen
2022-05-09 9:45 ` Gerd Hoffmann
2022-05-09 10:17 ` Yao, Jiewen
2022-05-09 11:27 ` Gerd Hoffmann
2022-05-09 11:47 ` James Bottomley
2022-05-09 12:03 ` Yao, Jiewen
2022-05-09 13:41 ` James Bottomley
2022-05-10 10:40 ` Gerd Hoffmann
2022-05-10 11:20 ` Yao, Jiewen
2022-05-10 14:31 ` James Bottomley
[not found] ` <16ED6E30C7B1AB9D.18911@groups.io>
2022-05-09 12:12 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220502103436.3274412-1-kraxel@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox