From: Kevin D Davis <kevin.davis@insyde.com>
To: "Tomas Pilar (tpilar)" <tpilar@solarflare.com>,
<edk2-devel@lists.01.org>
Subject: Re: Pkcs7 crypto verification without openSSL
Date: Wed, 28 Nov 2018 19:40:40 +0000 (UTC) [thread overview]
Message-ID: <3FEC98D0C33031D6.ECA1E851-8FDA-41DC-95BD-C8AC139D248D@mail.outlook.com> (raw)
In-Reply-To: <1d931e1b-a9fb-1f44-cbbb-20971b9a344b@solarflare.com>
Tom,
Let me know if you get any useful offline answers. From our experience, there are some licensed 3rd party solutions that are tiny but aren’t cheap.
The problem is parts of any encryption runs the risk of triggering government laws about encryption. So the owners of Tianocore made the decision to pull in OpenSSL as a whole to put the problem onto the user of TC.
Making smaller versions of OpenSSL means you have a lot of work to incorporate newer versions.
Kevin
From: edk2-devel <edk2-devel-bounces@lists.01.org> on behalf of Tomas Pilar (tpilar) <tpilar@solarflare.com>
Sent: Wednesday, November 28, 2018 11:40 AM
To: edk2-devel@lists.01.org
Subject: [edk2] Pkcs7 crypto verification without openSSL Hi,
Are there any plans for a crypto library that does not pull in openSSL? When I try to add BaseCryptLib to be able to use FmpAuthenticationLib, my driver size baloons significantly (increase of ~0x30000) and it seems like a basic public SHA256 crypto check library should not be _that_ large?
Cheers,
Tom
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
next prev parent reply other threads:[~2018-11-28 19:41 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-28 17:31 Pkcs7 crypto verification without openSSL Tomas Pilar (tpilar)
2018-11-28 19:40 ` Kevin D Davis [this message]
2018-12-03 12:40 ` Ard Biesheuvel
2018-12-03 12:55 ` Tomas Pilar (tpilar)
2018-12-03 15:26 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3FEC98D0C33031D6.ECA1E851-8FDA-41DC-95BD-C8AC139D248D@mail.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox