From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by mx.groups.io with SMTP id smtpd.web10.8913.1651487683006170933
 for <devel@edk2.groups.io>;
 Mon, 02 May 2022 03:34:43 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=KfpT21K0;
 spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: kraxel@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1651487682;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=9jSGFI2EeCGgTYjWaLNctRwAOpWnssovXRXHdG6wVYs=;
	b=KfpT21K0iqTfhQVzBQVFmc9bNzn4xhxppznD2k9LIRxm/Z8nNmYxAR8lBef+IadBxIZK3N
	vv5e+DN3rXdZyjxaIi9OvbgDxGSocsD/XG4Suji6sNfBp+4f9ChszL1mDnRtJn+rPfMzaE
	cP6dbF0f7M7pLjCHgNa8vpJ2Zvp0rH0=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-422-XFFjHh3ROb-are6eLG88KA-1; Mon, 02 May 2022 06:34:39 -0400
X-MC-Unique: XFFjHh3ROb-are6eLG88KA-1
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 61AE585A5BE;
	Mon,  2 May 2022 10:34:38 +0000 (UTC)
Received: from sirius.home.kraxel.org (unknown [10.39.192.13])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 121AE432104;
	Mon,  2 May 2022 10:34:38 +0000 (UTC)
Received: by sirius.home.kraxel.org (Postfix, from userid 1000)
	id 8E8EA1800383; Mon,  2 May 2022 12:34:36 +0200 (CEST)
From: "Gerd Hoffmann" <kraxel@redhat.com>
To: devel@edk2.groups.io
Cc: Pawel Polawski <ppolawsk@redhat.com>,
	yi1.li@intel.com,
	Jiewen Yao <jiewen.yao@intel.com>,
	Oliver Steffen <osteffen@redhat.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Guomin Jiang <guomin.jiang@intel.com>,
	Xiaoyu Lu <xiaoyu1.lu@intel.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>
Subject: [PATCH 0/5] CryptoPkg/openssl: enable EC unconditionally.
Date: Mon,  2 May 2022 12:34:31 +0200
Message-Id: <20220502103436.3274412-1-kraxel@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.9
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Re-opening the elliptic curves debate after running into the recent
openssl changes.  The current implementation is IMHO rather messy.
It adds manual changes to a auto-generated files, which will make
any updates a rather hard and error-prone process.

I see two possible options how we can move forward:

  (1) Drop the idea to make EC configurable and just enable it
      unconditionally.  I think long-term there is no way around
      this anyway as EC is a hard requirement for TLS 1.3.
  (2) Keep the EC config option, but update process_files.pl to
      automatically add the PcdEcEnabled config option handling
      to the files it generates.

This patch set does (1).  It also tweaks ovmf firmware volumes
to make CI tests pass and it also excludes generated files from
codestyle checks.

take care,
  Gerd

Gerd Hoffmann (5):
  Revert "CryptoPkg: Declare PcdEcEnabled in Library consuming
    OpensslLib"
  Revert "CryptoPkg: Make EC source file config-able"
  OvmfPkg: make DXEFV larger
  CryptoPkg/openssl: update generated files
  CryptoPkg/openssl: disable codestyle checks for generated files

 CryptoPkg/CryptoPkg.dec                       |   4 -
 OvmfPkg/OvmfPkgIa32.fdf                       |   6 +-
 OvmfPkg/OvmfPkgIa32X64.fdf                    |   6 +-
 OvmfPkg/OvmfPkgX64.fdf                        |   6 +-
 .../Library/BaseCryptLib/BaseCryptLib.inf     |   3 -
 .../Library/BaseCryptLib/PeiCryptLib.inf      |   3 -
 .../Library/BaseCryptLib/RuntimeCryptLib.inf  |   3 -
 .../Library/BaseCryptLib/SmmCryptLib.inf      |   3 -
 .../BaseCryptLib/UnitTestHostBaseCryptLib.inf |   3 -
 CryptoPkg/Library/OpensslLib/OpensslLib.inf   |  99 ++++----
 .../Library/OpensslLib/OpensslLibCrypto.inf   |  99 ++++----
 CryptoPkg/Library/TlsLib/TlsLib.inf           |   3 -
 CryptoPkg/Library/Include/crypto/dso_conf.h   |   7 +-
 .../Library/Include/openssl/opensslconf.h     | 240 ++++++++----------
 CryptoPkg/CryptoPkg.ci.yaml                   |  10 +
 15 files changed, 234 insertions(+), 261 deletions(-)

-- 
2.35.1