From: "Michael D Kinney" <michael.d.kinney@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"Vang, Judah" <judah.vang@intel.com>,
"Kinney, Michael D" <michael.d.kinney@intel.com>
Subject: Re: [edk2-devel] [PATCH V1 0/2] CryptoPkg bug fixes
Date: Mon, 24 Oct 2022 17:21:49 +0000 [thread overview]
Message-ID: <CO1PR11MB49296D51382D57F86E40A8C7D22E9@CO1PR11MB4929.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20221024164139.792-1-judah.vang@intel.com>
Hi Judah,
There was an update to CryptoPkg pushed yesterday.
1) There is a CryptoPkg/Readme.md with tables and DSC content for services that are
enabled in each phase. I think that needs updates too for the AES and KDF features.
2) The CryptoPkg.dsc file has recommended settings for PEI, DXE, SMM. I think
they need to be updated for the AES and KDF features.
3) It looks like the SHA1 disable caused a build break. I would like to see the
standard package builds for EDK II CI be updated to cover the failure case so
we know that this case is covered in the future. It looks like the default is
for SHA1 enabled and the build break is when define for SHA1 disabled is
asserted.
4) There is an overlap between the defines to deprecate MD5 and SH1 and the
structured PCD that allows those services to be disabled in the Crypto
Protocol/PPI. The defines to deprecate MD5 and SH1 extend into the BaseCryptLib
instance implementations such that a call to those services when static linking
will generate a build error instead of a runtime ASSERT(). Which behavior do
you prefer?
Best regards,
Mike
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Judah Vang
> Sent: Monday, October 24, 2022 9:42 AM
> To: devel@edk2.groups.io
> Subject: [edk2-devel] [PATCH V1 0/2] CryptoPkg bug fixes
>
> https://bugzilla.tianocore.org/show_bug.cgi?id=3991
> https://bugzilla.tianocore.org/show_bug.cgi?id=3992
>
> There is a #define to deprecate Sha1 functions but not
> all the Sha1 function are wrapped around this #define causing
> a build error. The fix is to wrap all Sha1 functions with
> the #define.
>
> Need crypto AES to be supported for PEI phase and need
> crypto KDF to be supported for SMM phase.
>
> Judah Vang (2):
> CryptoPkg: Sha1 functions causing build errors
> CryptoPkg: Need to enable crypto functions
>
> CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 2 +-
> CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 2 +-
> CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c | 14 +++++++++++++-
> 3 files changed, 15 insertions(+), 3 deletions(-)
>
> --
> 2.35.1.windows.2
>
>
>
>
>
next prev parent reply other threads:[~2022-10-24 17:21 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-24 16:41 [PATCH V1 0/2] CryptoPkg bug fixes Judah Vang
2022-10-24 16:41 ` [PATCH V1 1/2] CryptoPkg: Sha1 functions causing build errors Judah Vang
2022-10-24 16:41 ` [PATCH V1 2/2] CryptoPkg: Need to enable crypto functions Judah Vang
2022-10-24 17:21 ` Michael D Kinney [this message]
2022-10-26 18:41 ` [edk2-devel] [PATCH V1 0/2] CryptoPkg bug fixes Judah Vang
2022-10-26 21:16 ` Michael D Kinney
2022-10-28 23:25 ` Judah Vang
2022-11-07 18:41 ` Judah Vang
2022-12-20 2:43 ` Michael D Kinney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CO1PR11MB49296D51382D57F86E40A8C7D22E9@CO1PR11MB4929.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox