From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:4864:20::144; helo=mail-it1-x144.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-it1-x144.google.com (mail-it1-x144.google.com [IPv6:2607:f8b0:4864:20::144]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id BFB8D211982C8 for ; Mon, 3 Dec 2018 07:26:41 -0800 (PST) Received: by mail-it1-x144.google.com with SMTP id c9so9099476itj.1 for ; Mon, 03 Dec 2018 07:26:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=geOEUHTrk03QF+2ME+vQq5RHYHY3MYZ50eP1Z31jGs0=; b=QNh5Axta+b2TfvEQ8P7S1DrhYlbJAWuPlOqBAnzxlyN3FGJ8oUiMizdaZJTj3uAej7 +NN7nAD2Z9BfEJLFiyHLIYX5lG35zDVsSNdnW8fH7Hzk0DgJYUEzkXAa1LiIHgL/lAR5 +FO1qZW7FxdF+do+Q7pTfrHCORiyY3liLSmOY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=geOEUHTrk03QF+2ME+vQq5RHYHY3MYZ50eP1Z31jGs0=; b=hmYKGj8bXOVq40ceVPpmDhiksE6896F9w3SlGgNEfpqI8/jdWfarA4/J2N3f4vUMZN Hw3W6L0f798puH2TSn6D+KwfBBrHz9UXKw+X2FTrzt/URK5wm+PAFhBCGUXQ5E/H6I6G EC7SvotZHPYixD4Y15yps8l65RMfiwTDhhDujVrwkk615dGCfaaFkE+iDsP8twWPR7O/ LzfFbQu/ehDF5ChIurIFsQlPcXILEnevalwCWFFY9hT3Qt0xer0B38efG5fp9BUr3aS4 xUM9/aMj5p/UaTdUPg1gYJJrsiO7fykG5Tkw7E2vgqOA6R+IL9EH5gdIoQJ5CR5fv9+k seTQ== X-Gm-Message-State: AA+aEWbLQ9ZiSERAyv1ICryvKm+JCRsrwmHJKupt+ZlCLsRLV/77bEDP 5OsxX5zvXvXK8S8UUKku4nLhn6i0UmoMgu3RgqKcBBo7Agw= X-Google-Smtp-Source: AFSGD/UefpT8DcU5ASR4da3w1a0CZriSpSjxbZV2io9Z0W1HSIz+vCj8l6DMCVmRQds1sdVKd/oqEOAKvaB2EgW3hEA= X-Received: by 2002:a02:4c9:: with SMTP id 192mr14710918jab.2.1543850800747; Mon, 03 Dec 2018 07:26:40 -0800 (PST) MIME-Version: 1.0 References: <1d931e1b-a9fb-1f44-cbbb-20971b9a344b@solarflare.com> <44a366e7-c782-683e-7831-bd6caf0ec3d0@solarflare.com> In-Reply-To: <44a366e7-c782-683e-7831-bd6caf0ec3d0@solarflare.com> From: Ard Biesheuvel Date: Mon, 3 Dec 2018 16:26:26 +0100 Message-ID: To: "Tomas Pilar (tpilar)" Cc: "edk2-devel@lists.01.org" Subject: Re: Pkcs7 crypto verification without openSSL X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Dec 2018 15:26:42 -0000 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, 3 Dec 2018 at 13:55, Tomas Pilar (tpilar) w= rote: > > > > On 03/12/2018 12:40, Ard Biesheuvel wrote: > > On Wed, 28 Nov 2018 at 18:40, Tomas Pilar (tpilar) > > wrote: > >> Hi, > >> > >> Are there any plans for a crypto library that does not pull in openSSL= ? When I try to add BaseCryptLib to be able to use FmpAuthenticationLib, my= driver size baloons significantly (increase of ~0x30000) and it seems like= a basic public SHA256 crypto check library should not be _that_ large? > > Well, I'd expect the code size to come from the asymmetric crypto, not > > from the SHA256 hash code. Which FmpAuthenticationLib are you using? > Yes, that makes sense. I am using the FmpAuthenticationLibPkcs7 from Secu= rityPkg which pulls in BaseCryptLib. I would assume that the linker only li= nks the functions which are referenced so it should not pull in the entire = library but I expect some overgeneric helpers might be quite large. > Just the arbitrary precision integer library needed for the modular exponentiation produces a fair chunk of code. You can check the .map file in the Build/ directory of your driver where all the memory is going, but all of the bn_xxx objects are probably required.