[PATCH 0/4] CryptoPkg/BaseCryptLib: avoid certain openssl library calls

[PATCH 0/4] CryptoPkg/BaseCryptLib: avoid certain openssl library calls

[Gerd Hoffmann]

In preparation for the openssl 3.0 switch ...

openssl 3.0 sneak preview (WIP still, does not yet pass CI) is at
https://github.com/kraxel/edk2/commits/openssl3

Gerd Hoffmann (4):
  CryptoPkg/BaseCryptLib: avoid using SHA1()
  CryptoPkg/BaseCryptLib: avoid using SHA256()
  CryptoPkg/BaseCryptLib: avoid using SHA384()
  CryptoPkg/BaseCryptLib: avoid using SHA512()

 .../Library/BaseCryptLib/Hash/CryptSha1.c     | 16 ++++++++--
 .../Library/BaseCryptLib/Hash/CryptSha256.c   | 16 ++++++++--
 .../Library/BaseCryptLib/Hash/CryptSha512.c   | 32 +++++++++++++++----
 3 files changed, 52 insertions(+), 12 deletions(-)

-- 
2.39.1

[PATCH 1/4] CryptoPkg/BaseCryptLib: avoid using SHA1()

[Gerd Hoffmann]

In openssl 3.0 SHA1() goes through the provider logic,
requiring a huge amount of openssl code.  The individual
functions do not, so use them instead.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
index 1e071ce2b325..cfe1f4bc44c9 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
@@ -204,6 +204,8 @@ Sha1HashAll (
   OUT  UINT8       *HashValue
   )
 {
+  SHA_CTX  Context;
+
   //
   // Check input parameters.
   //
@@ -218,11 +220,19 @@ Sha1HashAll (
   //
   // OpenSSL SHA-1 Hash Computation.
   //
-  if (SHA1 (Data, DataSize, HashValue) == NULL) {
+  if (!SHA1_Init (&Context)) {
     return FALSE;
-  } else {
-    return TRUE;
   }
+
+  if (!SHA1_Update (&Context, Data, DataSize)) {
+    return FALSE;
+  }
+
+  if (!SHA1_Final (HashValue, &Context)) {
+    return FALSE;
+  }
+
+  return TRUE;
 }
 
 #endif
-- 
2.39.1

Re: [edk2-devel] [PATCH 1/4] CryptoPkg/BaseCryptLib: avoid using SHA1()

[Michael D Kinney]

Hi Gerd,

This is an interesting pattern for the openssl 3.0 size issues.

It looks like the 1.1.1 APIs we are currently using are still available.
Are those legacy APIs guaranteed to be supported under openssl 3.0?

Mike

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gerd Hoffmann
> Sent: Monday, February 13, 2023 11:20 AM
> To: devel@edk2.groups.io
> Cc: Oliver Steffen <osteffen@redhat.com>; Pawel Polawski <ppolawsk@redhat.com>; Gerd Hoffmann <kraxel@redhat.com>
> Subject: [edk2-devel] [PATCH 1/4] CryptoPkg/BaseCryptLib: avoid using SHA1()
> 
> In openssl 3.0 SHA1() goes through the provider logic,
> requiring a huge amount of openssl code.  The individual
> functions do not, so use them instead.
> 
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>  CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c | 16 +++++++++++++---
>  1 file changed, 13 insertions(+), 3 deletions(-)
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
> index 1e071ce2b325..cfe1f4bc44c9 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
> @@ -204,6 +204,8 @@ Sha1HashAll (
>    OUT  UINT8       *HashValue
>    )
>  {
> +  SHA_CTX  Context;
> +
>    //
>    // Check input parameters.
>    //
> @@ -218,11 +220,19 @@ Sha1HashAll (
>    //
>    // OpenSSL SHA-1 Hash Computation.
>    //
> -  if (SHA1 (Data, DataSize, HashValue) == NULL) {
> +  if (!SHA1_Init (&Context)) {
>      return FALSE;
> -  } else {
> -    return TRUE;
>    }
> +
> +  if (!SHA1_Update (&Context, Data, DataSize)) {
> +    return FALSE;
> +  }
> +
> +  if (!SHA1_Final (HashValue, &Context)) {
> +    return FALSE;
> +  }
> +
> +  return TRUE;
>  }
> 
>  #endif
> --
> 2.39.1
> 
> 
> 
> 
> 

Re: [edk2-devel] [PATCH 1/4] CryptoPkg/BaseCryptLib: avoid using SHA1()

[Yao, Jiewen]

I think so, we can still use 1.1 APIs in compatible mode. Please refer to:
https://www.openssl.org/docs/man3.0/man7/OPENSSL_API_COMPAT.html
https://github.com/openssl/openssl/blob/openssl-3.0.8/INSTALL.md#api-level
as recommended in https://github.com/openssl/openssl/issues/17930

Thank you
Yao, Jiewen

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael D
> Kinney
> Sent: Tuesday, February 14, 2023 6:14 AM
> To: devel@edk2.groups.io; kraxel@redhat.com
> Cc: Oliver Steffen <osteffen@redhat.com>; Pawel Polawski
> <ppolawsk@redhat.com>; Kinney, Michael D <michael.d.kinney@intel.com>
> Subject: Re: [edk2-devel] [PATCH 1/4] CryptoPkg/BaseCryptLib: avoid using
> SHA1()
> 
> Hi Gerd,
> 
> This is an interesting pattern for the openssl 3.0 size issues.
> 
> It looks like the 1.1.1 APIs we are currently using are still available.
> Are those legacy APIs guaranteed to be supported under openssl 3.0?
> 
> Mike
> 
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gerd
> Hoffmann
> > Sent: Monday, February 13, 2023 11:20 AM
> > To: devel@edk2.groups.io
> > Cc: Oliver Steffen <osteffen@redhat.com>; Pawel Polawski
> <ppolawsk@redhat.com>; Gerd Hoffmann <kraxel@redhat.com>
> > Subject: [edk2-devel] [PATCH 1/4] CryptoPkg/BaseCryptLib: avoid using SHA1()
> >
> > In openssl 3.0 SHA1() goes through the provider logic,
> > requiring a huge amount of openssl code.  The individual
> > functions do not, so use them instead.
> >
> > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> > ---
> >  CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c | 16 +++++++++++++---
> >  1 file changed, 13 insertions(+), 3 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
> b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
> > index 1e071ce2b325..cfe1f4bc44c9 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
> > +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c
> > @@ -204,6 +204,8 @@ Sha1HashAll (
> >    OUT  UINT8       *HashValue
> >    )
> >  {
> > +  SHA_CTX  Context;
> > +
> >    //
> >    // Check input parameters.
> >    //
> > @@ -218,11 +220,19 @@ Sha1HashAll (
> >    //
> >    // OpenSSL SHA-1 Hash Computation.
> >    //
> > -  if (SHA1 (Data, DataSize, HashValue) == NULL) {
> > +  if (!SHA1_Init (&Context)) {
> >      return FALSE;
> > -  } else {
> > -    return TRUE;
> >    }
> > +
> > +  if (!SHA1_Update (&Context, Data, DataSize)) {
> > +    return FALSE;
> > +  }
> > +
> > +  if (!SHA1_Final (HashValue, &Context)) {
> > +    return FALSE;
> > +  }
> > +
> > +  return TRUE;
> >  }
> >
> >  #endif
> > --
> > 2.39.1
> >
> >
> >
> >
> >
> 
> 
> 
> 
> 

[PATCH 2/4] CryptoPkg/BaseCryptLib: avoid using SHA256()

[Gerd Hoffmann]

In openssl 3.0 SHA256() goes through the provider logic,
requiring a huge amount of openssl code.  The individual
functions do not, so use them instead.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 .../Library/BaseCryptLib/Hash/CryptSha256.c      | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c
index f105e6e57708..4d7d92812c4d 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c
@@ -202,6 +202,8 @@ Sha256HashAll (
   OUT  UINT8       *HashValue
   )
 {
+  SHA256_CTX  Context;
+
   //
   // Check input parameters.
   //
@@ -216,9 +218,17 @@ Sha256HashAll (
   //
   // OpenSSL SHA-256 Hash Computation.
   //
-  if (SHA256 (Data, DataSize, HashValue) == NULL) {
+  if (!SHA256_Init (&Context)) {
     return FALSE;
-  } else {
-    return TRUE;
   }
+
+  if (!SHA256_Update (&Context, Data, DataSize)) {
+    return FALSE;
+  }
+
+  if (!SHA256_Final (HashValue, &Context)) {
+    return FALSE;
+  }
+
+  return TRUE;
 }
-- 
2.39.1

[PATCH 3/4] CryptoPkg/BaseCryptLib: avoid using SHA384()

[Gerd Hoffmann]

In openssl 3.0 SHA384() goes through the provider logic,
requiring a huge amount of openssl code.  The individual
functions do not, so use them instead.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 .../Library/BaseCryptLib/Hash/CryptSha512.c      | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha512.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha512.c
index 59e570846588..2ab7188035e8 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha512.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha512.c
@@ -204,6 +204,8 @@ Sha384HashAll (
   OUT  UINT8       *HashValue
   )
 {
+  SHA512_CTX  Context;
+
   //
   // Check input parameters.
   //
@@ -218,11 +220,19 @@ Sha384HashAll (
   //
   // OpenSSL SHA-384 Hash Computation.
   //
-  if (SHA384 (Data, DataSize, HashValue) == NULL) {
+  if (!SHA384_Init (&Context)) {
     return FALSE;
-  } else {
-    return TRUE;
   }
+
+  if (!SHA384_Update (&Context, Data, DataSize)) {
+    return FALSE;
+  }
+
+  if (!SHA384_Final (HashValue, &Context)) {
+    return FALSE;
+  }
+
+  return TRUE;
 }
 
 /**
-- 
2.39.1

[PATCH 4/4] CryptoPkg/BaseCryptLib: avoid using SHA512()

[Gerd Hoffmann]

In openssl 3.0 SHA512() goes through the provider logic,
requiring a huge amount of openssl code.  The individual
functions do not, so use them instead.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 .../Library/BaseCryptLib/Hash/CryptSha512.c      | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha512.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha512.c
index 2ab7188035e8..dee8f35c41ad 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha512.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha512.c
@@ -430,6 +430,8 @@ Sha512HashAll (
   OUT  UINT8       *HashValue
   )
 {
+  SHA512_CTX  Context;
+
   //
   // Check input parameters.
   //
@@ -444,9 +446,17 @@ Sha512HashAll (
   //
   // OpenSSL SHA-512 Hash Computation.
   //
-  if (SHA512 (Data, DataSize, HashValue) == NULL) {
+  if (!SHA512_Init (&Context)) {
     return FALSE;
-  } else {
-    return TRUE;
   }
+
+  if (!SHA512_Update (&Context, Data, DataSize)) {
+    return FALSE;
+  }
+
+  if (!SHA512_Final (HashValue, &Context)) {
+    return FALSE;
+  }
+
+  return TRUE;
 }
-- 
2.39.1

Re: [edk2-devel] [PATCH 0/4] CryptoPkg/BaseCryptLib: avoid certain openssl library calls

[Yao, Jiewen]

Good work, Gerd!

Do you have any data on how many K can be saved?

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gerd
> Hoffmann
> Sent: Tuesday, February 14, 2023 3:20 AM
> To: devel@edk2.groups.io
> Cc: Oliver Steffen <osteffen@redhat.com>; Pawel Polawski
> <ppolawsk@redhat.com>; Gerd Hoffmann <kraxel@redhat.com>
> Subject: [edk2-devel] [PATCH 0/4] CryptoPkg/BaseCryptLib: avoid certain
> openssl library calls
> 
> In preparation for the openssl 3.0 switch ...
> 
> openssl 3.0 sneak preview (WIP still, does not yet pass CI) is at
> https://github.com/kraxel/edk2/commits/openssl3
> 
> Gerd Hoffmann (4):
>   CryptoPkg/BaseCryptLib: avoid using SHA1()
>   CryptoPkg/BaseCryptLib: avoid using SHA256()
>   CryptoPkg/BaseCryptLib: avoid using SHA384()
>   CryptoPkg/BaseCryptLib: avoid using SHA512()
> 
>  .../Library/BaseCryptLib/Hash/CryptSha1.c     | 16 ++++++++--
>  .../Library/BaseCryptLib/Hash/CryptSha256.c   | 16 ++++++++--
>  .../Library/BaseCryptLib/Hash/CryptSha512.c   | 32 +++++++++++++++----
>  3 files changed, 52 insertions(+), 12 deletions(-)
> 
> --
> 2.39.1
> 
> 
> 
> 
> 

Re: [edk2-devel] [PATCH 0/4] CryptoPkg/BaseCryptLib: avoid certain openssl library calls

[Gerd Hoffmann]

On Tue, Feb 14, 2023 at 01:17:55AM +0000, Yao, Jiewen wrote:
> Good work, Gerd!
> 
> Do you have any data on how many K can be saved?

Essentially we are down to a handfull of source files for SEC and PEI,
assuming both only need hash functions for tdx/tpm measurements.

https://github.com/kraxel/edk2/commit/58f323f68dfaeaf4b88a8658790f0b0a4b578642

SMM and DXE are still a significant increase in size and I don't see an
easy way around that.  Switching to the crypto driver should mitigate
that somewhat.  Don't have detailed numbers at hand.

take care,
  Gerd

> 
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gerd
> > Hoffmann
> > Sent: Tuesday, February 14, 2023 3:20 AM
> > To: devel@edk2.groups.io
> > Cc: Oliver Steffen <osteffen@redhat.com>; Pawel Polawski
> > <ppolawsk@redhat.com>; Gerd Hoffmann <kraxel@redhat.com>
> > Subject: [edk2-devel] [PATCH 0/4] CryptoPkg/BaseCryptLib: avoid certain
> > openssl library calls
> > 
> > In preparation for the openssl 3.0 switch ...
> > 
> > openssl 3.0 sneak preview (WIP still, does not yet pass CI) is at
> > https://github.com/kraxel/edk2/commits/openssl3
> > 
> > Gerd Hoffmann (4):
> >   CryptoPkg/BaseCryptLib: avoid using SHA1()
> >   CryptoPkg/BaseCryptLib: avoid using SHA256()
> >   CryptoPkg/BaseCryptLib: avoid using SHA384()
> >   CryptoPkg/BaseCryptLib: avoid using SHA512()
> > 
> >  .../Library/BaseCryptLib/Hash/CryptSha1.c     | 16 ++++++++--
> >  .../Library/BaseCryptLib/Hash/CryptSha256.c   | 16 ++++++++--
> >  .../Library/BaseCryptLib/Hash/CryptSha512.c   | 32 +++++++++++++++----
> >  3 files changed, 52 insertions(+), 12 deletions(-)
> > 
> > --
> > 2.39.1
> > 
> > 
> > 
> > 
> > 
> 

-- 

Re: [edk2-devel] [PATCH 0/4] CryptoPkg/BaseCryptLib: avoid certain openssl library calls

[Yao, Jiewen]

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gerd
> Hoffmann
> Sent: Tuesday, February 14, 2023 3:20 AM
> To: devel@edk2.groups.io
> Cc: Oliver Steffen <osteffen@redhat.com>; Pawel Polawski
> <ppolawsk@redhat.com>; Gerd Hoffmann <kraxel@redhat.com>
> Subject: [edk2-devel] [PATCH 0/4] CryptoPkg/BaseCryptLib: avoid certain
> openssl library calls
> 
> In preparation for the openssl 3.0 switch ...
> 
> openssl 3.0 sneak preview (WIP still, does not yet pass CI) is at
> https://github.com/kraxel/edk2/commits/openssl3
> 
> Gerd Hoffmann (4):
>   CryptoPkg/BaseCryptLib: avoid using SHA1()
>   CryptoPkg/BaseCryptLib: avoid using SHA256()
>   CryptoPkg/BaseCryptLib: avoid using SHA384()
>   CryptoPkg/BaseCryptLib: avoid using SHA512()
> 
>  .../Library/BaseCryptLib/Hash/CryptSha1.c     | 16 ++++++++--
>  .../Library/BaseCryptLib/Hash/CryptSha256.c   | 16 ++++++++--
>  .../Library/BaseCryptLib/Hash/CryptSha512.c   | 32 +++++++++++++++----
>  3 files changed, 52 insertions(+), 12 deletions(-)
> 
> --
> 2.39.1
> 
> 
> 
> 
> 

Re: [edk2-devel] [PATCH 0/4] CryptoPkg/BaseCryptLib: avoid certain openssl library calls

[Gerd Hoffmann]

  Hi,

Ping.  Code freeze is over, can we merge this now?

thanks,
  Gerd

On Wed, Feb 15, 2023 at 08:15:32AM +0000, Yao, Jiewen wrote:
> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> 
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gerd
> > Hoffmann
> > Sent: Tuesday, February 14, 2023 3:20 AM
> > To: devel@edk2.groups.io
> > Cc: Oliver Steffen <osteffen@redhat.com>; Pawel Polawski
> > <ppolawsk@redhat.com>; Gerd Hoffmann <kraxel@redhat.com>
> > Subject: [edk2-devel] [PATCH 0/4] CryptoPkg/BaseCryptLib: avoid certain
> > openssl library calls
> > 
> > In preparation for the openssl 3.0 switch ...
> > 
> > openssl 3.0 sneak preview (WIP still, does not yet pass CI) is at
> > https://github.com/kraxel/edk2/commits/openssl3
> > 
> > Gerd Hoffmann (4):
> >   CryptoPkg/BaseCryptLib: avoid using SHA1()
> >   CryptoPkg/BaseCryptLib: avoid using SHA256()
> >   CryptoPkg/BaseCryptLib: avoid using SHA384()
> >   CryptoPkg/BaseCryptLib: avoid using SHA512()
> > 
> >  .../Library/BaseCryptLib/Hash/CryptSha1.c     | 16 ++++++++--
> >  .../Library/BaseCryptLib/Hash/CryptSha256.c   | 16 ++++++++--
> >  .../Library/BaseCryptLib/Hash/CryptSha512.c   | 32 +++++++++++++++----
> >  3 files changed, 52 insertions(+), 12 deletions(-)
> > 
> > --
> > 2.39.1
> > 
> > 
> > 
> > 
> > 
> 

-- 

Re: [edk2-devel] [PATCH 0/4] CryptoPkg/BaseCryptLib: avoid certain openssl library calls

[Yao, Jiewen]

Sure.
Thanks to remind me.
https://github.com/tianocore/edk2/pull/4104.

Thank you
Yao, Jiewen

> -----Original Message-----
> From: kraxel@redhat.com <kraxel@redhat.com>
> Sent: Tuesday, March 7, 2023 2:54 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>
> Cc: devel@edk2.groups.io; Oliver Steffen <osteffen@redhat.com>; Pawel
> Polawski <ppolawsk@redhat.com>
> Subject: Re: [edk2-devel] [PATCH 0/4] CryptoPkg/BaseCryptLib: avoid certain
> openssl library calls
> 
>   Hi,
> 
> Ping.  Code freeze is over, can we merge this now?
> 
> thanks,
>   Gerd
> 
> On Wed, Feb 15, 2023 at 08:15:32AM +0000, Yao, Jiewen wrote:
> > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> >
> > > -----Original Message-----
> > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gerd
> > > Hoffmann
> > > Sent: Tuesday, February 14, 2023 3:20 AM
> > > To: devel@edk2.groups.io
> > > Cc: Oliver Steffen <osteffen@redhat.com>; Pawel Polawski
> > > <ppolawsk@redhat.com>; Gerd Hoffmann <kraxel@redhat.com>
> > > Subject: [edk2-devel] [PATCH 0/4] CryptoPkg/BaseCryptLib: avoid certain
> > > openssl library calls
> > >
> > > In preparation for the openssl 3.0 switch ...
> > >
> > > openssl 3.0 sneak preview (WIP still, does not yet pass CI) is at
> > > https://github.com/kraxel/edk2/commits/openssl3
> > >
> > > Gerd Hoffmann (4):
> > >   CryptoPkg/BaseCryptLib: avoid using SHA1()
> > >   CryptoPkg/BaseCryptLib: avoid using SHA256()
> > >   CryptoPkg/BaseCryptLib: avoid using SHA384()
> > >   CryptoPkg/BaseCryptLib: avoid using SHA512()
> > >
> > >  .../Library/BaseCryptLib/Hash/CryptSha1.c     | 16 ++++++++--
> > >  .../Library/BaseCryptLib/Hash/CryptSha256.c   | 16 ++++++++--
> > >  .../Library/BaseCryptLib/Hash/CryptSha512.c   | 32 +++++++++++++++---
> -
> > >  3 files changed, 52 insertions(+), 12 deletions(-)
> > >
> > > --
> > > 2.39.1
> > >
> > >
> > >
> > > 
> > >
> >
> 
> --