From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=148.163.129.52; helo=dispatch1-us1.ppe-hosted.com; envelope-from=tpilar@solarflare.com; receiver=edk2-devel@lists.01.org Received: from dispatch1-us1.ppe-hosted.com (dispatch1-us1.ppe-hosted.com [148.163.129.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2A04C211982D9 for ; Mon, 3 Dec 2018 04:55:37 -0800 (PST) X-Virus-Scanned: Proofpoint Essentials engine Received: from webmail.solarflare.com (webmail.solarflare.com [12.187.104.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1-us3.ppe-hosted.com (Proofpoint Essentials ESMTP Server) with ESMTPS id 61DA4B40057; Mon, 3 Dec 2018 12:55:36 +0000 (UTC) Received: from tp-desktop.uk.solarflarecom.com (10.17.20.51) by ocex03.SolarFlarecom.com (10.20.40.36) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 3 Dec 2018 04:55:28 -0800 To: Ard Biesheuvel CC: "edk2-devel@lists.01.org" References: <1d931e1b-a9fb-1f44-cbbb-20971b9a344b@solarflare.com> From: "Tomas Pilar (tpilar)" Message-ID: <44a366e7-c782-683e-7831-bd6caf0ec3d0@solarflare.com> Date: Mon, 3 Dec 2018 12:55:26 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 MIME-Version: 1.0 In-Reply-To: X-Originating-IP: [10.17.20.51] X-TM-AS-Product-Ver: SMEX-12.5.0.1300-8.5.1010-24258.000 X-TM-AS-Result: No-14.593400-4.000000-10 X-TMASE-MatchedRID: HXSqh3WYKfsOwH4pD14DsPHkpkyUphL9HTzSJQBZgdFhb6wYa04uHU4E s9V6oOLInV2ypbJ+aIQY6G+qe6yzTw9FV6kNYiPHsyNb+yeIRAq4vBuE2X0HlRS11FlOYRohIgS MFZ6qosVNruseEXuqZCUPrqZPyrg/EUubDEShcPNor4yxPAz7WZ7wR6/2hZzOHJdx28JCAFVBD+ z28Qkmd5hHT6ywyiXt9YqLCkDkeR45pL1TtnjZ/p4CIKY/Hg3AtOt1ofVlaoJlgn288nW9IN5/H gWYxplM5MIx11wv+CM7AFczfjr/7KHn+/hKIdD9adN9KVgX9UVDRH56zPNYZ8rGfHIz93nUgmmF 3FOKNgo= X-TM-AS-User-Approved-Sender: No X-TM-AS-User-Blocked-Sender: No X-TMASE-Result: 10--14.593400-4.000000 X-TMASE-Version: SMEX-12.5.0.1300-8.5.1010-24258.000 X-MDID: 1543841737-O8KBzaDBEc5Y Subject: Re: Pkcs7 crypto verification without openSSL X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Dec 2018 12:55:38 -0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Language: en-US On 03/12/2018 12:40, Ard Biesheuvel wrote: > On Wed, 28 Nov 2018 at 18:40, Tomas Pilar (tpilar) > wrote: >> Hi, >> >> Are there any plans for a crypto library that does not pull in openSSL? When I try to add BaseCryptLib to be able to use FmpAuthenticationLib, my driver size baloons significantly (increase of ~0x30000) and it seems like a basic public SHA256 crypto check library should not be _that_ large? > Well, I'd expect the code size to come from the asymmetric crypto, not > from the SHA256 hash code. Which FmpAuthenticationLib are you using? Yes, that makes sense. I am using the FmpAuthenticationLibPkcs7 from SecurityPkg which pulls in BaseCryptLib. I would assume that the linker only links the functions which are referenced so it should not pull in the entire library but I expect some overgeneric helpers might be quite large. Cheers, Tom