From: "yi1 li" <yi1.li@intel.com>
To: Gerd Hoffmann <kraxel@redhat.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Kovvuri, Vineel" <vineelko@microsoft.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
"Luo, Heng" <heng.luo@intel.com>
Subject: Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms
Date: Wed, 2 Mar 2022 04:23:31 +0000 [thread overview]
Message-ID: <DM5PR11MB1595F12CDBFB281D7F2D5B2CC5039@DM5PR11MB1595.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20220301140451.wtqcyt6vyus5klgw@sirius.home.kraxel.org>
Thanks for your information,
1.See also https://edk2.groups.io/g/devel/message/87130 & followups.
git branch here: https://github.com/kraxel/edk2/commits/intrinsics
It's good to me, make code more clear.
2. Jiewen (Cc'ed) suggested to look into using CryptoPkg/Driver instead of linking openssl as Library, so we have only one copy of the code. Not investigated yet.
Does it means OvmfPkg will use CryptDxe instead of BaseCryptoLib and OpensslLib directly? Sounds will be a big change.
Or a separate ECC Driver such CryptEcDxe and still use BaseCryptoLib and OpensslLib?
I would like to point out that once we close macro OPENSSL_NO_EC, The size of Openssllib will inevitably increase due to some enabled feature and exceed limit of Ovmf,
Such in x509_vry.c:
static int check_curve(X509 *cert)
{
#ifndef OPENSSL_NO_EC
EVP_PKEY *pkey = X509_get0_pubkey(cert);
/* Unsupported or malformed key */
if (pkey == NULL)
return -1;
if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
int ret;
ret = EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY(pkey));
return ret < 0 ? ret : !ret;
}
#endif
3. Also: what do you need ecc support for?
WPA3 needs ECC's support, and I think Vineel's work will be the foundation.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3828
Thanks!
Yi Li
-----Original Message-----
From: Gerd Hoffmann <kraxel@redhat.com>
Sent: Tuesday, March 1, 2022 10:05 PM
To: devel@edk2.groups.io; Li, Yi1 <yi1.li@intel.com>
Cc: Kovvuri, Vineel <vineelko@microsoft.com>; Yao, Jiewen <jiewen.yao@intel.com>
Subject: Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms
> CryptoPkg: Add instrinsics to support building ECC on IA32 windows
See also https://edk2.groups.io/g/devel/message/87130 & followups.
git branch here: https://github.com/kraxel/edk2/commits/intrinsics
> OvmfPkg: Increase DXEFV size to accommodate ECC ciphers related
> changes
Changing flash size breaks backward compatibility, so this is a problem.
openssl3 porting runs into this too, not solved yet.
Jiewen (Cc'ed) suggested to look into using CryptoPkg/Driver instead of linking openssl as Library, so we have only one copy of the code. Not investigated yet.
Also: what do you need ecc support for?
take care,
Gerd
next prev parent reply other threads:[~2022-03-02 4:23 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-12 5:38 [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Vineel Kovvuri
2021-10-12 5:38 ` [PATCH 2/2] Allow wildcards in hostname Vineel Kovvuri
2021-10-13 2:50 ` Yao, Jiewen
2021-10-13 2:45 ` [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Yao, Jiewen
2021-10-17 2:49 ` Yao, Jiewen
2021-10-18 20:06 ` vineelko
2021-11-03 0:37 ` Yao, Jiewen
2021-11-03 8:34 ` Vineel Kovvuri
2021-11-08 22:29 ` [edk2-devel] " Vineel Kovvuri
2021-11-09 8:06 ` Yao, Jiewen
2021-11-09 8:58 ` Gerd Hoffmann
2021-11-10 16:18 ` Vineel Kovvuri
2021-11-11 13:05 ` Gerd Hoffmann
2021-11-11 13:26 ` Yao, Jiewen
2021-11-18 18:40 ` Vineel Kovvuri
2022-02-23 2:32 ` yi1 li
2022-02-23 2:46 ` Vineel Kovvuri
2022-02-23 2:54 ` yi1 li
2022-02-24 6:51 ` Vineel Kovvuri
2022-02-24 8:20 ` yi1 li
2022-02-25 17:51 ` Vineel Kovvuri
2022-02-26 15:54 ` yi1 li
2022-02-28 8:24 ` yi1 li
2022-03-01 14:04 ` Gerd Hoffmann
2022-03-01 17:38 ` Sean
2022-03-02 4:23 ` yi1 li [this message]
2022-03-02 6:59 ` Yao, Jiewen
2022-03-02 7:42 ` Gerd Hoffmann
2022-03-02 11:56 ` Yao, Jiewen
2022-03-03 8:43 ` yi1 li
2022-03-03 10:05 ` Yao, Jiewen
2022-03-04 2:15 ` Vineel Kovvuri
2022-03-02 7:58 ` Gerd Hoffmann
2022-03-03 6:30 ` Vineel Kovvuri
2022-03-03 6:37 ` Vineel Kovvuri
2021-11-09 8:55 ` Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DM5PR11MB1595F12CDBFB281D7F2D5B2CC5039@DM5PR11MB1595.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox