From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29])
 by mx.groups.io with SMTP id smtpd.web11.28100.1680373642088892848
 for <devel@edk2.groups.io>;
 Sat, 01 Apr 2023 11:27:22 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="signature has expired" header.i=@bsdio.com header.s=fm3 header.b=a5XWRl9i;
 spf=pass (domain: bsdio.com, ip: 66.111.4.29, mailfrom: rebecca@bsdio.com)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
	by mailout.nyi.internal (Postfix) with ESMTP id 5E7525C0064;
	Sat,  1 Apr 2023 14:27:21 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
  by compute5.internal (MEProxy); Sat, 01 Apr 2023 14:27:21 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdio.com; h=cc
	:cc:content-transfer-encoding:content-type:content-type:date
	:date:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:sender:subject:subject:to:to; s=fm3; t=
	1680373641; x=1680460041; bh=djGmW2jJSDhnIELxa5IGjOuky8RJKrpbcam
	bIgwI5OQ=; b=a5XWRl9iHHLNblG3QgozxYKGoyCDRqP9gsJTcNJy1CktvhPueaz
	2uuO2vujXZ8cIF992FCk3ocD+hlrqLZIS5L26bkRGnTEkHeq1w7UEw/zB/1G932R
	iaJrKiYtzSWyRH+YB4cJgmqPTOKleSyJtdRJatUOL4eRnSmJqiR+DS7mG4RpvE/G
	QGyxuCrEtLc2+MiLq4VkeSiDFonN+nimFzkZ4a5AULsaqXnVC1jjnH7VWnZ884pX
	bzC6zOMwCQE8m1YnULX2RdfpPKum88hP3PFiC6i/7Vc+4jzWHoSg3TpWQGuJPkqV
	o5CutaEd2QcZYSdJ2MJH/6Hkv+Z8dFA8KCA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-transfer-encoding
	:content-type:content-type:date:date:feedback-id:feedback-id
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:sender:subject:subject:to:to:x-me-proxy
	:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=
	1680373641; x=1680460041; bh=djGmW2jJSDhnIELxa5IGjOuky8RJKrpbcam
	bIgwI5OQ=; b=IpBLqzUlnqpZlomFhLgyklGO2HLn1GDbRgEA9aLuM/MoNjcYHIe
	J8PrxdJvEkSyxioPZWLHPc9vWLVMWAm0/o5Q/742+VriGx3lclznUEcO0R6XlmHe
	d+8Icu+jX3BJZutS8xprlpUMitK/oQAQh2UDN5gCsAXwTaOVkoEz1ZcJJYqxKsIV
	SZ1M+2ee9Wqh1wxF8nvD7PXiOd0qw7+RdKKT/RX4OfFY7AENc9B/u+NMNiNf0KLu
	p694qnKVurX7EkvfnuvY9rdbJKcZhX0PHaRGWtSL8C3Ho/Bfaf97pxXbJR/e7QQT
	vLZNbQkJxkrd6sU/jvusCtkCNhB5RpCNFhQ==
X-ME-Sender: <xms:iXcoZC9nCTKRh2PkjJICix9FrgWNtSGGnA-h6vaJlEv48yvXciLAlQ>
    <xme:iXcoZCtF_-mmovyGiPBT9h40qMjVuHNxuArPA_9gm7YeA6VjKh5CaSrW8jpCE9Yht
    KXFBMflrGl3q10p2ac>
X-ME-Received: <xmr:iXcoZIBt2f54sU8yLARw_1KcyhzIx6YECKhi9Po1COIZU8U5ol7Bubuv-EqHKvKDPaAP-rxwJABgU0gCI215KO-cJr6u-vGF_vNcdw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrvdeifedguddvhecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
    necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
    enucfjughrpefkffggfgfuvfevfhfhjggtgfesthejredttdefjeenucfhrhhomheptfgv
    sggvtggtrgcuvehrrghnuceorhgvsggvtggtrgessghsughiohdrtghomheqnecuggftrf
    grthhtvghrnhepteeljeehkeefgfdufedvleetgfekvdeiiedtvddtueefvdefgffgvddv
    ffehledtnecuffhomhgrihhnpehophgvnhhsshhlrdhorhhgpdhgihhthhhusgdrtghomh
    enucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehrvggs
    vggttggrsegsshguihhordgtohhm
X-ME-Proxy: <xmx:iXcoZKcL2BEtJfnrwy9G86Hxl_x3jIKfXUejvY3LbBvWZsfrNaI-Fg>
    <xmx:iXcoZHPErH8HDlbrK2tljH3Po1uPqsoyoWM_VZOKaQ_pomN3UKPVcw>
    <xmx:iXcoZEmT-eliNd-GBW1ONocitb-Ha_YHT1kLtr0xfcBfuOQISbXenw>
    <xmx:iXcoZAq527HaiOaWMQ7KrURmgiIF0JPj5X3smJYuEn6HTUDnb5MypQ>
Feedback-ID: i5b994698:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat,
 1 Apr 2023 14:27:20 -0400 (EDT)
Message-ID: <7cdc9738-b888-eb80-6f79-02ccb8b7ece6@bsdio.com>
Date: Sat, 1 Apr 2023 12:27:19 -0600
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0)
 Gecko/20100101 Thunderbird/102.9.1
Subject: Re: [edk2-devel] [edk2-staging/OpenSSL11_EOL 0/7] Openssl 3.0 POC update Mar 17
To: devel@edk2.groups.io, yi1.li@intel.com
Cc: Jiewen Yao <jiewen.yao@intel.com>, Wenxing Hou <wenxing.hou@intel.com>,
 Gerd Hoffmann <kraxel@redhat.com>
References: <cover.1679026329.git.yi1.li@intel.com>
From: "Rebecca Cran" <rebecca@bsdio.com>
In-Reply-To: <cover.1679026329.git.yi1.li@intel.com>
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

This is going to be needed in the next 6 months because OpenSSL 1.1.1 is 
going EOL.

>>From https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/ :


"We are now less than 6 months away from the End Of Life (EOL) date for 
the OpenSSL 1.1.1 series. Users of OpenSSL 1.1.1 should consider their 
options and plan any actions they might need to take.

OpenSSL 1.1.1 is a Long Term Support (LTS) release. Our policy is to 
support LTS releases for a period of 5 years. During the last year of 
that we typically only backport security fixes to a release.

OpenSSL 1.1.1 was released on 11th September 2018, and so it will be 
considered EOL on 11th September 2023. It will no longer be receiving 
publicly available security fixes after that date."


-- 
Rebecca Cran


On 3/16/23 10:28 PM, Li, Yi wrote:
> Please check the patch series if interested.
> PR: https://github.com/tianocore/edk2-staging/pull/359
>
> Latest size data:
> Binaries:				
> 	CryptoDxeFull		->	1.7%	17KB (New)
> 	CryptoDxe		14%	->	10.10%	82KB
> 	CryptoSmm		14%	->	8.20%	46KB
> After LZMA:			
> 	CryptoDxe		15%	->	12.20%	39KB
> 	CryptoSmm		17%	->	12.80%	27KB
> 	FV (Dxe+Smm)	18%	->	15.40%	55KB
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Wenxing Hou <wenxing.hou@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Signed-off-by: Yi Li <yi1.li@intel.com>
>
> Yi Li (7):
>    OpensslLib: remove bio prov
>    CryptoPkg/Test: Remove Pem and Pkcs7Sign func in test
>    CryptoPkg/OpensslLib: enable no autoalginit
>    Readme: 0315 update
>    bugfix: The order of NIDs should remain the same as before
>    CryptoPkg/OpensslLibFull: apply all work to full inf
>    Readme: 0317 update
>
>   CryptoPkg/Library/OpensslLib/OpensslLib.inf   |    4 +-
>   .../Library/OpensslLib/OpensslLibFull.inf     |  171 +-
>   .../OpensslStub/crypto/objects/obj_dat.h      | 6474 ++++++++---------
>   .../OpensslStub/crypto/objects/obj_xref.h     |   72 +-
>   .../OpensslLib/OpensslStub/openssl/obj_mac.h  | 1397 ++--
>   .../Library/OpensslLib/OpensslStub/uefiprov.c |    8 +-
>   CryptoPkg/Readme-OpenSSL3.0.md                |   22 +-
>   .../Library/BaseCryptLib/RsaPkcs7Tests.c      |  145 +-
>   8 files changed, 4197 insertions(+), 4096 deletions(-)
>