From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Zurcher, Christopher J" <christopher.j.zurcher@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: Laszlo Ersek <lersek@redhat.com>,
"Wang, Jian J" <jian.j.wang@intel.com>,
"Lu, XiaoyuX" <xiaoyux.lu@intel.com>
Subject: Re: [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
Date: Tue, 15 Sep 2020 01:21:49 +0000 [thread overview]
Message-ID: <CY4PR11MB1288AC4183AE900A3F65A6A78C200@CY4PR11MB1288.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20200915005749.5331-1-christopher.j.zurcher@intel.com>
Hi Zurcher:
Thanks for your work.
1) Please share with us what unit test you have done for all new APIs.
2) Please add comment on what is the valid DigestName in EvpMdInit(). Otherwise, people will have no idea on that.
3) I assume the size will be unchanged if a module does not use the new EVPMD API, such as UEFI secure boot, TCG trusted boot. Please double confirm if that is right understanding.
Hi all:
I would like collect feedback on below:
-- "I replaced the MD5 and SHAx functions with EVP functions in Hash2DxeCrypto, and it grew from ~26k to ~253k."
If there is negative size impact for the platform BIOS that is using Hash2DxeCrypto, please share with the community.
Thank you
Yao Jiewen
> -----Original Message-----
> From: Christopher J Zurcher <christopher.j.zurcher@intel.com>
> Sent: Tuesday, September 15, 2020 8:58 AM
> To: devel@edk2.groups.io
> Cc: Laszlo Ersek <lersek@redhat.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>
> Subject: [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest
> interface
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545
>
> V2 changes:
> Added NullLib implementation
> Added Crypto Service implementation
> Rebased Hash2DxeCrypto to use EVP interface instead of low-level functions
> Removed unnecessary casts
> Added "HashAll" utility function
> Merged "New" and "Init" functions as well as "Final" and "Free" functions
> Retained "Init/Update/Final" naming instead of "New/Update/Free" as this
> conforms with common usage
>
> Low-level interfaces to message digest (hash) functions have been deprecated
> in OpenSSL 3. In order to upgrade to OpenSSL 3, all direct calls to
> low-level functions (such as SHA256_Init() in CryptSha256.c) will need to
> be replaced by EVP inteface calls.
>
> References:
> https://www.openssl.org/docs/manmaster/man7/evp.html
> https://www.openssl.org/docs/manmaster/man3/SHA256_Init.html
>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
>
> Christopher J Zurcher (3):
> CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
> CryptoPkg: Add EVP to Crypto Service driver interface
> SecurityPkg/Hash2DxeCrypto: Rebase Hash2DxeCrypto onto the EVP
> interface
>
> CryptoPkg/CryptoPkg.dsc | 3 +
> CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 +
> CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 +
> CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 +
> CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 +
> CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | 1 +
> CryptoPkg/Include/Library/BaseCryptLib.h | 125 +++++++
> CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h | 10 +
> CryptoPkg/Private/Protocol/Crypto.h | 127 +++++++
> SecurityPkg/Hash2DxeCrypto/Driver.h | 1 -
> CryptoPkg/Driver/Crypto.c | 148 ++++++++-
> CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c | 253 ++++++++++++++
> CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c | 124 +++++++
> CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 140 ++++++++
> SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 345 ++------------------
> 15 files changed, 965 insertions(+), 316 deletions(-)
> create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c
> create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c
>
> --
> 2.28.0.windows.1
next prev parent reply other threads:[~2020-09-15 1:21 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-15 0:57 [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface Zurcher, Christopher J
2020-09-15 0:57 ` [PATCH v2 1/3] " Zurcher, Christopher J
2020-09-15 0:57 ` [PATCH v2 2/3] CryptoPkg: Add EVP to Crypto Service driver interface Zurcher, Christopher J
2020-09-15 0:57 ` [PATCH v2 3/3] SecurityPkg/Hash2DxeCrypto: Rebase Hash2DxeCrypto onto the EVP interface Zurcher, Christopher J
2020-09-15 1:21 ` Yao, Jiewen [this message]
2020-09-15 2:54 ` [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface Zurcher, Christopher J
2020-09-15 2:58 ` Yao, Jiewen
2020-09-15 8:01 ` [edk2-devel] " Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CY4PR11MB1288AC4183AE900A3F65A6A78C200@CY4PR11MB1288.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox