From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id E16AEAC180A for ; Thu, 31 Aug 2023 17:24:25 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=f3UUR1srG5jhvpGx/5Q2RxpEvP2xfCZGZ7HiJqTw7EI=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1693502664; v=1; b=ivHyaOnVA7Vs7vipn3YL20zVLVcNQRg67me6uZK388TRHvWj4iQHHcnfEpHcD/SV++rVzzc2 /EIsRpyt6+xB0dS6lQNXn6dlURpkOvCEMaDmaRDMgKeH60iqU1UwZsI+1sQJipAqvvhB4ILP0C8 oodF4mbV23mCRo3h40XZjnzQ= X-Received: by 127.0.0.2 with SMTP id eUCeYY7687511xfJquFKQu2a; Thu, 31 Aug 2023 10:24:24 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web10.539.1693502663604816316 for ; Thu, 31 Aug 2023 10:24:23 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10819"; a="355509016" X-IronPort-AV: E=Sophos;i="6.02,217,1688454000"; d="scan'208";a="355509016" X-Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Aug 2023 10:24:22 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10819"; a="986321504" X-IronPort-AV: E=Sophos;i="6.02,217,1688454000"; d="scan'208";a="986321504" X-Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by fmsmga006.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 31 Aug 2023 10:24:22 -0700 X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Thu, 31 Aug 2023 10:24:21 -0700 X-Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by ORSMSX610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Thu, 31 Aug 2023 10:24:20 -0700 X-Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27 via Frontend Transport; Thu, 31 Aug 2023 10:24:20 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.100) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.27; Thu, 31 Aug 2023 10:24:20 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mHvNfRHmSKkw1cH5bOvfWd03MPCD1xv8icL279cyMa13VlB9IFxfE2Y/V03P7jynvJgVxWAmsGavUHsedOI1cDmnJp4MgDjygi/C6YKsf36Jpq9jTkjyh2Jgqp82tlOb1R9ORfQMh6gtrHH31Ond2FLq5mjni64gkmaz9rDpol/55SLsb55xwRS1mWbt3A6XsESTYM7RsbFfhtFEXKMbf46VcemwdldTJH4k8BfIq0SwSetT0DPoEKO2bNLPRKlZ7Mv+TlrYklRqPXv0HZEzGCwGKKIQaqIE/pye80Ink2HwELlqGWoO1OgwWQvzUP7rNrTXZkUeKBCEU4QqXL2vRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RvIfVyWxAhrWT6/89J1mXw/YghpC+Gm6CAcB8v4Eq+Q=; b=dBfrxcpHPReyTebcK3KWYlDDEU6Whk1u3piouxugigscK3XQQYMbVINXDKYoL/vw0hKax9vCFeplsropLAJv8119Gb0ICOyIBAqxAcyeQIj7s//6a7VNxvzmV0RICDk2QidJDrQB1b3uCF/ec33ogzILbPkpFGLOjoc73dl5XVEG6hiAiF5tLeXixjPq/ryva5Qh5M8AXUu1DpduacHjMfYrH5Pl/51w6OsnSbSqTOlz/Bbp7cMM3h9BFZGBHdn/UhN8+OifUNO8/sK04MndT/jKMgj7uD9zn7iKxUqCeu+e5NpKqoMyp396g0O54qAUkCeqyNxYBYgZ55yviJxLeA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from CO1PR11MB4929.namprd11.prod.outlook.com (2603:10b6:303:6d::19) by BN9PR11MB5338.namprd11.prod.outlook.com (2603:10b6:408:137::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.21; Thu, 31 Aug 2023 17:24:12 +0000 X-Received: from CO1PR11MB4929.namprd11.prod.outlook.com ([fe80::eaa6:1c0:c33f:2a11]) by CO1PR11MB4929.namprd11.prod.outlook.com ([fe80::eaa6:1c0:c33f:2a11%2]) with mapi id 15.20.6699.035; Thu, 31 Aug 2023 17:24:12 +0000 From: "Michael D Kinney" To: "Yao, Jiewen" , Leif Lindholm , "devel@edk2.groups.io" , "spbrogan@outlook.com" , "Hou, Wenxing" CC: "afish@apple.com" , "Kinney, Michael D" Subject: Re: [edk2-devel] [edk2/add_mbedtls PATCH 0/9] *** Add HMAC/HKDF/RSA/HASH features based on Mbedtls *** Thread-Topic: [edk2-devel] [edk2/add_mbedtls PATCH 0/9] *** Add HMAC/HKDF/RSA/HASH features based on Mbedtls *** Thread-Index: AQHZ2xbxGsRfuM/1g0OuLAY5sQl5KbADMTsAgABXfQCAACiEgIAAkUgAgABJz0CAAAf3gIAAFInQ Date: Thu, 31 Aug 2023 17:24:12 +0000 Message-ID: References: <20230830075220.2070-1-wenxing.hou@intel.com> <0cca40e7-d050-4e2b-bbdd-ebdc800124e5@quicinc.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: CO1PR11MB4929:EE_|BN9PR11MB5338:EE_ x-ms-office365-filtering-correlation-id: 53bf2a48-e0c1-4ba1-b95f-08dbaa471829 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: E0B/YKhp9TkxhKAlv0brgY+U8HIoMeVi+hRGDbyg/H0j68N2dOhyCMti0gpsXVLdbs9YTo3Q76GBTTBWuT8kLkaJwC535Xv3f/xfwmKQMKY37Arcv8lYRaB/D1b2CpXGXLeJn5NFoZetZpnDJdQQvzeN1Z4vDd2GkXM/nO5OmK3GOgyIV2RqOtnuyNYtqo+T9vRhH0Qvnl/ipyDtFyZ0O76UlB5pthp3WnLU2vFnUSPfSuxfN8BbEgpomRFr6cijSddS2NDEeKrXOS8Le5LezRmhE09cFUcaryk+MDscMwFdzNJO5WSSykehhdDrCY3yagY9tNjIs1BEKOLjZSyA3Z5AcZXlCmWLMI89+JDaI88dkYmtWCZBEfSSuW41UmSfEUSJRx7lQoDq9qzBEntq3jmnC1M3KiFrHi8kjyu8aZFtXPl4+cn5wObb0FDtKJgqYJoCK2SBzjSM1QcgF7z74n77JGjIBGqxC6V+dZvf7N0F2yI6JZ0c52MTJs/zty3Us6rHPnntFKcOQDgH1GQRsrKhc9dIpvduA6aZHMI+Jbgl/DzF35sCIG2tC6qsL22j2hzbVGpmfAR01B4s68hxwXakNMuokrRVFsYDbehgJXGWJWa0n0poHlm0uroHvQieQP4AAbCUuj5CvhL7smj6cw== x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?I8bW0G+DRrPsy54Moop3bFHuUIqENANZNe1eRU7Dltr211NEgOAxswtbcj?= =?iso-8859-1?Q?DwH+Xpw0YMqnQofGanU9u3VGzptfnHt8K5XND2XionSsZVcJn7s5bRi2nG?= =?iso-8859-1?Q?96vQYr09PPt+3BXNCvoinwLTzy4GpoITNyOYJxWx43PaFdMvOcG09bY3xJ?= =?iso-8859-1?Q?z3zgGtIsp6zqd2G6E/2RetLagSntbkTAX9EsNKs6sE1S/DoqEDFDAPXMKz?= =?iso-8859-1?Q?zZKll75eTJPYH4mwm9NM8UgmJY7RuWyWc6+w/5ZEJAL6NWk7YrWoudKqj+?= =?iso-8859-1?Q?LUpsnx5IZHFUgCmOEg1x1IBoxZPRVFZyvdmYdVOBSqHUEtAI0HHjYWR+mO?= =?iso-8859-1?Q?fTI9A5CURNwfYrJFK0g8c5og1qSoq+bnSLKVwkdr7IVoaTIYsZyDsAfY1x?= =?iso-8859-1?Q?6MdYixGkwlOWeUv8jlKE/L197qjlBrnVcJD/HYDIWDm4owc9HLq1NeIt2T?= =?iso-8859-1?Q?JAESFlIsbEZ7zjv4U4LC53b5MaMplQ9WOEoxypeiIwzfn+2Jdx4zSIP5BS?= =?iso-8859-1?Q?2+ObiP3SDhNAsmt4x+fdgs+OtbQm9c4hBXuy0OCM0kGYkwiNdeLThWdrhe?= =?iso-8859-1?Q?KZXTuoDbDKpnyutcZqlFAwMdldtGKsa7zlv5HMeDzzncT36yM+AzyQWiXF?= =?iso-8859-1?Q?lHNnzSR+3gi+EFxzMSUZqIV18cMo/ExE7gx1FHJhD+RUF6hrc07dvxSese?= =?iso-8859-1?Q?JV1voivdrwJq2q85yOnkSqbnPiOZv7CQy0twfjZl2JoKAtsysB1pEviaUq?= =?iso-8859-1?Q?UCidlixHha6NtAgx318W61cNdD/SP24sfPevOkrKkw1K795d3fPRbK+ubF?= =?iso-8859-1?Q?kkJBzX7W4LFUFceIBsvtZVBp/mHTTKycxRtq0Okt1mJnkSoplc2AB7Jb+E?= =?iso-8859-1?Q?ILYM77RNwaofpEdRYkga9CDzsCou21YWYY2LAOp6ubTgG/zyDnkl1pWA7z?= =?iso-8859-1?Q?KuVhg4KWl4uNhQVaa+OnY4M46Cf645mzoM1KWrpU6o4eOYn6G2/e5mcuch?= =?iso-8859-1?Q?+sXsdB+vnGsdIzzeC5a1xJMdpeRQEdsZu2EwPd8NW4CzDBqiAh1jJ9KExW?= =?iso-8859-1?Q?u3gRKrhJ81/v8Da5Aha239mMIonkEkKfcSpEQbB2jPH91OSE9Dx1kZVElY?= =?iso-8859-1?Q?igXWvhFib6OnTffqOL2zE6aKjJ1DUHFjalXOQI5A6H6ejqp3WrPWr3Uip0?= =?iso-8859-1?Q?8rYPmcM1mTZnnZhukhZ04QJyNrlHUIoW0fm667125rE6aX6b+OvSyRW3Kx?= =?iso-8859-1?Q?Ytjoou5/DoLy8aV3WS/1f2C9sG1/Rak579O6ukdrXNpzUwY2XFp3uqvlgi?= =?iso-8859-1?Q?9scJVTAHLJ4x7/mu3f4WDsfilMQh5oGkZ0miiK2awAVxOs2rzsOccIi/Bi?= =?iso-8859-1?Q?gwRfty7eu2k+zul8VRB0JZEsop5QyInMIS32tOAsBZuPUWRGm6EG3M/W7A?= =?iso-8859-1?Q?uAt6gcEJ4sy6lGYOD30fURt03Jf46ifJT4CAmJn7cpWLPbfUkoa6oWuK2G?= =?iso-8859-1?Q?ReDrkH31HGqc0OVflAh/iXYaussfju0+UpY+f6Ct3heq7UgTadVPyzZHvc?= =?iso-8859-1?Q?NUf5a4sWaV1ROGR8MfG4BtONX4eI+14Q/GxuwQBBGQstJKuXrKLp3CkK25?= =?iso-8859-1?Q?e6F9Ub6oCFR6/Re5jj5h2NhylW2ydFAkd5sK5w+EkSo3YRFiGQx5kQ4g?= =?iso-8859-1?Q?=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4929.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 53bf2a48-e0c1-4ba1-b95f-08dbaa471829 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Aug 2023 17:24:12.7480 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: JYQL/2ZcraT/uYQ1gR7UeIEmFAOgNYHLQRmSjgZDypcGvQlOctBVLRe7cqaVPA1DVPfCGbhhgRHejuqfA1U6LPUP+ESFvOSzUiLolGSeQNw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN9PR11MB5338 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: QiQ301KeUw5C0G8YZpqG6fvQx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=ivHyaOnV; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Jiewen, Thanks. Option #1 makes more sense if it is the Mbedtls wrapper code. I prefer Option #1. Breaking out into multiple repos also makes it hard to align Releases across multiple repos. We already have this as an=20 unsolved problem for edk2-platforms repo, and I am not interested in adding more repos until we have a complete solution to do edk2-platforms releases in place. Mike > -----Original Message----- > From: Yao, Jiewen > Sent: Thursday, August 31, 2023 9:07 AM > To: Kinney, Michael D ; Leif Lindholm > ; devel@edk2.groups.io; spbrogan@outlook.com; > Hou, Wenxing > Cc: afish@apple.com > Subject: RE: [edk2-devel] [edk2/add_mbedtls PATCH 0/9] *** Add > HMAC/HKDF/RSA/HASH features based on Mbedtls *** >=20 > Hi Mike > We are using submodule for mbedtls in this patch. Copying source code is > not preferred. >=20 > I think we are discussing multiple ways to layout the *mbedtls crypto > wrapper*. See following 4 options. >=20 > Thank you > Yao, Jiewen >=20 >=20 > > -----Original Message----- > > From: Kinney, Michael D > > Sent: Thursday, August 31, 2023 11:45 PM > > To: Leif Lindholm ; Yao, Jiewen > > ; devel@edk2.groups.io; spbrogan@outlook.com; > Hou, > > Wenxing > > Cc: afish@apple.com; Kinney, Michael D > > Subject: RE: [edk2-devel] [edk2/add_mbedtls PATCH 0/9] *** Add > > HMAC/HKDF/RSA/HASH features based on Mbedtls *** > > > > I have not looked at the Mbedtls patches in detail yet, but I > > am curious if it is possible to add the mbedtls based library > > instances of the edk2 crypto libraries to the existing > > CryptoPkg and pull the mbedtls sources into the CryptoPkg using > > a submodule just like openssl? This way, platforms can choose > > either openssl or mbedtls library instances from CryptoPkg and > > all INFs would continue to only list CryptoPkg.dec. > > > > I think use of submodules makes the most sense for content that > > edk2 consumes as read-only and edk2 makes decisions to jump from > > one validated release to the next validated release of the submodule > > content. > > > > In general, we do not want to copy source from a different project > > into TianoCore repos because of the overhead to keep them in sync. > > An exception to this is something like cmocka where this was done > > for CI stability issues and the copy in TianoCore is an automated > > sync of the upstream repo. > > > > Thanks, > > > > Mike > > > > > > > -----Original Message----- > > > From: Leif Lindholm > > > Sent: Thursday, August 31, 2023 4:15 AM > > > To: Yao, Jiewen ; devel@edk2.groups.io; > > > spbrogan@outlook.com; Hou, Wenxing > > > Cc: afish@apple.com; Kinney, Michael D > > > Subject: Re: [edk2-devel] [edk2/add_mbedtls PATCH 0/9] *** Add > > > HMAC/HKDF/RSA/HASH features based on Mbedtls *** > > > > > > Like Sean, I'm very positive to the work - and I'm excited about the > > > opportunity to formalise the abstractions. > > > > > > But Sean is also asking to import the mbedTLS code outright instead > of > > > using submodules, which adds an additional dimension to the matrix > below. > > > > > > I'm not too concerned over the infrastructure change as such, but I > > > would prefer to not move the dial even further in the direction of > > > "upstream is a swarm of repositories". This adds complexity for new > > > developers. And submodules are way easier for upstream to track > external > > > projects through. At the cost of complicating the maintenance process > > > for released products. Which isn't great. > > > > > > Am I kicking the can too far down the road if I suggest we do some > > > brainstorming around ways to achieve this with the least amount of > > > friction for everyone at the plugfest in October? > > > > > > Regards, > > > > > > Leif > > > > > > On 2023-08-31 03:34, Yao, Jiewen wrote: > > > > Hi Sean/Andrew/Leif/Mike > > > > Now, I think we actually have multiple options to handle this: > > > > > > > > 1) CryptoPkg in edk2 repo (add MbedTls to existing CryptoPkg) > > > > > > > > 2) CryptoPkg in edk2 repo + a new MbedTlsCryptoPkg in edk2 repo > > > > > > > > 3) CryptoPkg in edk2 repo + MbedTlsCryptoPkg in a new repo > > > > > > > > 4) Move CryptoPkg from edk2 repo to OpensslCryptoPkg in a new repo > + > > > MbedTlsCryptoPkg in another new repo > > > > > > > > > > > > > > > > Current patch is for option 1). > > > > Sean's proposal is for option 4). > > > > > > > > I feel 4) is very aggressive. My worry is that it will involve many > > > infrastructure change such as CI, and all edk2 platforms. > > > > > > > > What about 2) or 3) ? > > > > > > > > Thank you > > > > Yao, Jiewen > > > > > > > > > > > >> -----Original Message----- > > > >> From: Yao, Jiewen > > > >> Sent: Thursday, August 31, 2023 8:10 AM > > > >> To: devel@edk2.groups.io; spbrogan@outlook.com; Hou, Wenxing > > > >> > > > >> Cc: afish@apple.com; quic_llindhol@quicinc.com; Kinney, Michael D > > > >> > > > >> Subject: RE: [edk2-devel] [edk2/add_mbedtls PATCH 0/9] *** Add > > > >> HMAC/HKDF/RSA/HASH features based on Mbedtls *** > > > >> > > > >> Hi Sean > > > >> Thanks for the feedback. Personally, I don't have strong opinion > on this. > > > >> > > > >> Since this is a big change, I would like to have Steward member's > opinion. > > > >> > > > >> Hi Andrew/Leif/Mike > > > >> What do you think? > > > >> > > > >> Thank you > > > >> Yao, Jiewen > > > >> > > > >> > > > >>> -----Original Message----- > > > >>> From: devel@edk2.groups.io On Behalf Of > Sean > > > >>> Sent: Thursday, August 31, 2023 2:57 AM > > > >>> To: devel@edk2.groups.io; Hou, Wenxing > > > >>> Subject: Re: [edk2-devel] [edk2/add_mbedtls PATCH 0/9] *** Add > > > >>> HMAC/HKDF/RSA/HASH features based on Mbedtls *** > > > >>> > > > >>> I appreciate and really like this work to enable mbedtls but I > don't > > > >>> like the idea of adding another submodule to edk2. > > > >>> > > > >>> For a long time there has been discussion about formalizing the > > > >>> abstraction of the edk2 crypto api so that it would be practical > to > > > >>> implement edk2's crypto using various libraries.=A0=A0 I propose = we > remove > > > >>> openssl from the edk2 CryptoPkg and into the OpenSslCryptoPkg in > another > > > >>> new tianocore repository dedicated to OpenSsl.=A0 MbedTls could > then be > > > >>> checked into the MbedTlsCryptoPkg and added to another new > repository. > > > >>> This would also have the benefit of breaking the tight coupling > of edk2 > > > >>> stable tags from the crypto used in the code base (crypto has > more > > > >>> widely tracked vulnerabilities). > > > >>> > > > >>> Happy to discuss more if others have different ideas. > > > >>> > > > >>> Thanks > > > >>> > > > >>> Sean > > > >>> > > > >>> > > > >>> > > > >>> On 8/30/2023 12:52 AM, Wenxing Hou wrote: > > > >>>> *** Add BaseCryptLibMbedTls for CryptoPkg, which can be an > alternative > > > to > > > >>> OpenSSL in some scenarios. There are four features in the patch: > > > >>> HMAC/HKDF/RSA/HASH.*** > > > >>>> > > > >>>> Wenxing Hou (9): > > > >>>> CryptoPkg: Add mbedtls submodule for EDKII > > > >>>> CryptoPkg: Add mbedtls_config and MbedTlsLib.inf > > > >>>> CryptoPkg: Add HMAC functions based on Mbedtls > > > >>>> CryptoPkg: Add HKDF functions based on Mbedtls > > > >>>> CryptoPkg: Add RSA functions based on Mbedtls > > > >>>> CryptoPkg: Add all .inf files for BaseCryptLibMbedTls > > > >>>> CryptoPkg: Add Null functions for building pass > > > >>>> CryptoPkg: Add MD5/SHA1/SHA2 functions based on Mbedtls > > > >>>> CryptoPkg: Add Mbedtls submodule in CI > > > >>>> > > > >>>> .gitmodules | 3 + > > > >>>> .pytool/CISettings.py | 2 + > > > >>>> CryptoPkg/CryptoPkg.ci.yaml | 66 +- > > > >>>> CryptoPkg/CryptoPkg.dec | 4 + > > > >>>> CryptoPkg/CryptoPkgMbedTls.dsc | 280 ++ > > > >>>> .../BaseCryptLibMbedTls/BaseCryptLib.inf | 81 + > > > >>>> .../BaseCryptLibMbedTls/Bn/CryptBnNull.c | 520 +++ > > > >>>> .../Cipher/CryptAeadAesGcmNull.c | 100 + > > > >>>> .../BaseCryptLibMbedTls/Cipher/CryptAesNull.c | 159 + > > > >>>> .../BaseCryptLibMbedTls/Hash/CryptMd5.c | 234 + > > > >>>> .../BaseCryptLibMbedTls/Hash/CryptMd5Null.c | 163 + > > > >>>> .../Hash/CryptParallelHashNull.c | 40 + > > > >>>> .../BaseCryptLibMbedTls/Hash/CryptSha1.c | 234 + > > > >>>> .../BaseCryptLibMbedTls/Hash/CryptSha1Null.c | 166 + > > > >>>> .../BaseCryptLibMbedTls/Hash/CryptSha256.c | 227 + > > > >>>> .../Hash/CryptSha256Null.c | 162 + > > > >>>> .../BaseCryptLibMbedTls/Hash/CryptSha512.c | 447 ++ > > > >>>> .../Hash/CryptSha512Null.c | 275 ++ > > > >>>> .../BaseCryptLibMbedTls/Hash/CryptSm3Null.c | 164 + > > > >>>> .../BaseCryptLibMbedTls/Hmac/CryptHmac.c | 620 +++ > > > >>>> .../BaseCryptLibMbedTls/Hmac/CryptHmacNull.c | 359 ++ > > > >>>> .../BaseCryptLibMbedTls/InternalCryptLib.h | 44 + > > > >>>> .../BaseCryptLibMbedTls/Kdf/CryptHkdf.c | 372 ++ > > > >>>> .../BaseCryptLibMbedTls/Kdf/CryptHkdfNull.c | 192 + > > > >>>> .../BaseCryptLibMbedTls/PeiCryptLib.inf | 101 + > > > >>>> .../BaseCryptLibMbedTls/PeiCryptLib.uni | 25 + > > > >>>> .../BaseCryptLibMbedTls/Pem/CryptPemNull.c | 69 + > > > >>>> .../Pk/CryptAuthenticodeNull.c | 45 + > > > >>>> .../BaseCryptLibMbedTls/Pk/CryptDhNull.c | 150 + > > > >>>> .../BaseCryptLibMbedTls/Pk/CryptEcNull.c | 578 +++ > > > >>>> .../Pk/CryptPkcs1OaepNull.c | 51 + > > > >>>> .../Pk/CryptPkcs5Pbkdf2Null.c | 48 + > > > >>>> .../Pk/CryptPkcs7Internal.h | 83 + > > > >>>> .../Pk/CryptPkcs7SignNull.c | 53 + > > > >>>> .../Pk/CryptPkcs7VerifyEkuNull.c | 152 + > > > >>>> .../Pk/CryptPkcs7VerifyEkuRuntime.c | 56 + > > > >>>> .../Pk/CryptPkcs7VerifyNull.c | 163 + > > > >>>> .../Pk/CryptPkcs7VerifyRuntime.c | 38 + > > > >>>> .../BaseCryptLibMbedTls/Pk/CryptRsaBasic.c | 268 ++ > > > >>>> .../Pk/CryptRsaBasicNull.c | 121 + > > > >>>> .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c | 337 ++ > > > >>>> .../BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c | 117 + > > > >>>> .../BaseCryptLibMbedTls/Pk/CryptRsaPss.c | 164 + > > > >>>> .../BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c | 46 + > > > >>>> .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c | 231 + > > > >>>> .../Pk/CryptRsaPssSignNull.c | 60 + > > > >>>> .../BaseCryptLibMbedTls/Pk/CryptTsNull.c | 42 + > > > >>>> .../BaseCryptLibMbedTls/Pk/CryptX509Null.c | 753 ++++ > > > >>>> .../BaseCryptLibMbedTls/Rand/CryptRandNull.c | 56 + > > > >>>> .../BaseCryptLibMbedTls/RuntimeCryptLib.inf | 92 + > > > >>>> .../BaseCryptLibMbedTls/RuntimeCryptLib.uni | 22 + > > > >>>> .../BaseCryptLibMbedTls/SecCryptLib.inf | 84 + > > > >>>> .../BaseCryptLibMbedTls/SecCryptLib.uni | 17 + > > > >>>> .../BaseCryptLibMbedTls/SmmCryptLib.inf | 92 + > > > >>>> .../BaseCryptLibMbedTls/SmmCryptLib.uni | 22 + > > > >>>> .../SysCall/ConstantTimeClock.c | 75 + > > > >>>> .../BaseCryptLibMbedTls/SysCall/CrtWrapper.c | 58 + > > > >>>> .../SysCall/RuntimeMemAllocation.c | 462 ++ > > > >>>> .../SysCall/TimerWrapper.c | 198 + > > > >>>> .../BaseCryptLibMbedTls/TestBaseCryptLib.inf | 78 + > > > >>>> CryptoPkg/Library/MbedTlsLib/CrtWrapper.c | 96 + > > > >>>> CryptoPkg/Library/MbedTlsLib/EcSm2Null.c | 495 +++ > > > >>>> .../Include/mbedtls/mbedtls_config.h | 3823 > > > +++++++++++++++++ > > > >>>> CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf | 173 + > > > >>>> .../Library/MbedTlsLib/MbedTlsLibFull.inf | 177 + > > > >>>> CryptoPkg/Library/MbedTlsLib/mbedtls | 1 + > > > >>>> 66 files changed, 14683 insertions(+), 3 deletions(-) > > > >>>> create mode 100644 CryptoPkg/CryptoPkgMbedTls.dsc > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Bn/CryptBnNull.c > > > >>>> create mode 100644 > > > >>> > CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcmNull.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAesNull.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptMd5.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptMd5Null.c > > > >>>> create mode 100644 > > > >>> > CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptParallelHashNull.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha1.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha1Null.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha256.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha256Null.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha512.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha512Null.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSm3Null.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmac.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Hmac/CryptHmacNull.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Kdf/CryptHkdf.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Kdf/CryptHkdfNull.c > > > >>>> create mode 100644 > > > >> CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf > > > >>>> create mode 100644 > > > >> CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.uni > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPemNull.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticodeNull.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptDhNull.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptEcNull.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2Null.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7SignNull.c > > > >>>> create mode 100644 > > > >>> > CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuNull.c > > > >>>> create mode 100644 > > > >>> > > CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEkuRuntime.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyNull.c > > > >>>> create mode 100644 > > > >>> > CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyRuntime.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTsNull.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509Null.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandNull.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.uni > > > >>>> create mode 100644 > > > >> CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf > > > >>>> create mode 100644 > > > >> CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.uni > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.uni > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/ConstantTimeClock.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/CrtWrapper.c > > > >>>> create mode 100644 > > > >>> > CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/RuntimeMemAllocation.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/TimerWrapper.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf > > > >>>> create mode 100644 CryptoPkg/Library/MbedTlsLib/CrtWrapper.c > > > >>>> create mode 100644 CryptoPkg/Library/MbedTlsLib/EcSm2Null.c > > > >>>> create mode 100644 > > > >>> CryptoPkg/Library/MbedTlsLib/Include/mbedtls/mbedtls_config.h > > > >>>> create mode 100644 > CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf > > > >>>> create mode 100644 > CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf > > > >>>> create mode 160000 CryptoPkg/Library/MbedTlsLib/mbedtls > > > >>>> > > > >>> > > > >>> > > > >>>=20 > > > >>> > > > > -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108201): https://edk2.groups.io/g/devel/message/108201 Mute This Topic: https://groups.io/mt/101048094/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/19134562= 12/xyzzy [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-