From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web12.4215.1646195021763468450 for ; Tue, 01 Mar 2022 20:23:42 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=jhuNH8hn; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: yi1.li@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1646195021; x=1677731021; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=piolYquCKibhbOIdXfbnpF8sko2Z6dj6LP0jQlMKzH4=; b=jhuNH8hnBuhv7JzRvLNoWSXQQbL5hdX/jKr0TSPBWK1pgIxS8940f9bZ H8243ShyPnefzlyVKdkCilMGVNp0wgcB+Ar9beqtHuv6FOa5vHLyzZ3/g 3uTpx4Z+9PK2PafEsIwiAYe7X8qN8ZCiH5/nPX+l59gXz5GNhTRXsYIsd mxWVqSLfxVmjwduL1SZ4RXprkocH1SkH6jgy6RoEUx8Zr6Xrly88lY8tD /d2vJXw8/gmVR//dfCQFGdf7JNE/Hf7vgImDBY9XAAD/1ZnIRIctGJl8z kEmIIzBZ3HvjNNmET2xeWBPiQ0r3rENnZtrwaBr0eR7IbKiWnVdu1MUmW A==; X-IronPort-AV: E=McAfee;i="6200,9189,10273"; a="316522533" X-IronPort-AV: E=Sophos;i="5.90,148,1643702400"; d="scan'208";a="316522533" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Mar 2022 20:23:41 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,148,1643702400"; d="scan'208";a="510850022" Received: from orsmsx606.amr.corp.intel.com ([10.22.229.19]) by orsmga006.jf.intel.com with ESMTP; 01 Mar 2022 20:23:41 -0800 Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by ORSMSX606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Tue, 1 Mar 2022 20:23:40 -0800 Received: from orsmsx604.amr.corp.intel.com (10.22.229.17) by ORSMSX607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Tue, 1 Mar 2022 20:23:40 -0800 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21 via Frontend Transport; Tue, 1 Mar 2022 20:23:40 -0800 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (104.47.57.45) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.20; Tue, 1 Mar 2022 20:23:39 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ejANkpWfNMc+9cZDYTi0cHoDMZW8/kIHtwbTxE0SBh/BQXKlptSIQiWIWrmtYJU86IpRQWzdI/Qm/3qbp1KEPj5WPaHmZQMykhcXplQx7CAVmSMgoUbst4hcBNiSKrB/PhCJgjKPOEQFnHR7W7p4FpT1u3gp8+rew4yO1+dolTCswnbbXE87Kau8CHxQHiofrMk8zjYicsGS5HGEncvJY46ZPAZNVjD8J92smmL5o50jgsKEyzYRVNMQSq2VcKDMVwUSPdEjgG4uXeSfEz8/XDpYYxE6/1199B5EBK30VYiNQprDaKzjkeu5VaMqnHFA7WEEQsJSy8JfOCV1+DbBww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=z/Gj414BpUT4p7qMCItOD0Kq8mX50Vt/BYt/Vsp4qiE=; b=oDryTmAXs/rndik0bbf1Zo2F/UmCMYShY3MzcuiBDFTW2naXUiMsMbH8Aa8YPX8kJXIy2W9vBdwWOqZg6rh8lKHUF52+KkyVVbZhpQXRQrEMQ3l5+oqlFpqveo/fteW53y2E5HiwwMXsnksCRJSiEKRGAy5WTRZbZrlysK3GpcCLPLe/JBxagNjbTc83vjWuwMzYZy9hZA1FOjMJNyngvbPTfYfIcjjzK7iaFIAt1gcNgaiQFJag3XJT1C+lNwDok7DZDr15DoRxV7xpm6cqFGLrDeACNyB+ILzgJ3JWSGor80cUD2oJmGa/ohbGiXgGb/hc3klaYxb/6jDSfgSyFg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from DM5PR11MB1595.namprd11.prod.outlook.com (2603:10b6:4:c::14) by CY4PR11MB1560.namprd11.prod.outlook.com (2603:10b6:910:4::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.26; Wed, 2 Mar 2022 04:23:32 +0000 Received: from DM5PR11MB1595.namprd11.prod.outlook.com ([fe80::4951:2628:ae6a:6c67]) by DM5PR11MB1595.namprd11.prod.outlook.com ([fe80::4951:2628:ae6a:6c67%10]) with mapi id 15.20.5017.027; Wed, 2 Mar 2022 04:23:31 +0000 From: "yi1 li" To: Gerd Hoffmann , "devel@edk2.groups.io" CC: "Kovvuri, Vineel" , "Yao, Jiewen" , "Luo, Heng" Subject: Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Thread-Topic: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Thread-Index: AQHYKUr7vUGmNd7pj0+IVIzbTxqxk6yiT6WggAI+ioCABBhfoIAB8X+AgADcLaA= Date: Wed, 2 Mar 2022 04:23:31 +0000 Message-ID: References: <26433.1645811519240546455@groups.io> <20220301140451.wtqcyt6vyus5klgw@sirius.home.kraxel.org> In-Reply-To: <20220301140451.wtqcyt6vyus5klgw@sirius.home.kraxel.org> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ba7fcce9-3b3f-44ab-8dd6-08d9fc0468e9 x-ms-traffictypediagnostic: CY4PR11MB1560:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: gElpEeBaTyuirjB1FEeeVg23SpVU3CUl9DfQwqURDsKBZsagJWW0Rcaos2iPc13yEXPQbtp6rD8u3GHSIEDSjDfcR8kdWR8QLbCbPKHzYXHm+7z5V2KXaDDUCl5vZZPga/WuR8powh7gYwS/zXqM1EBPdNc5DFVmcIEZSLFEslW9f59WzkF2VLAgqH3Up4NZn63LgmZSGeYMZ0T24ShUeLhaQq7dqr+JzUWoBxKSZEcwFNtzdqve5gV0k2Z9rBWu7uSWyVJiQ1olnefGapJZ/CgVyhFx++8eqc2l40xsdjJxHsRsUBQ1YGwKV13D86ZXD0F9KyqKac68HnkYboXHTz8MJfBxY8gB0PdNuyhy5v3EzqOOT999vLt3z/+cJHfw7xBhguD4sPym5huHXdVDzHpwrlcEeTINt5UZmvu+98CQi9WMeTmQ4sBSKCIQAoNmEVAbdVnFAOumT6CGcYpKtXHRB+WNJBGvm3bWt/TZEG5zMGqFESqKJsSw1rOJKo6sVm243DQo3rmbcKDwULNLccxyt0wnlJo9Z96e7FeNzmKRxGte0loK4pkamAJn+1pQyv228nyija3w6C/2S5uNNYjQqd/3fvfq0jylkxbyUMBgkHaMW9BBTdSwXFzJKWrG/7l6G50kQ4y7P3rYKxURgX4fBMfME8f4Z6rgr2+7ZORXvlI+Oriqa8RJvssVu6yNRXv9C7TfMk/ySEnXWurbqwnDfd0Gyw2WLUtqPNJyEEWXQVLWLHMNnC+MNc/zCvvX+XZXFBTsh2zDv1rZGtTeXYFhARLJ4prBGo9Tk8d8J6D18w+efgsTODFA/UOCdyKjViNO/ZHq+dDQS4woXKertQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR11MB1595.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(52536014)(86362001)(316002)(5660300002)(38070700005)(107886003)(8936002)(9686003)(64756008)(66476007)(66446008)(66556008)(8676002)(66946007)(76116006)(4326008)(2906002)(186003)(26005)(6506007)(53546011)(82960400001)(7696005)(966005)(71200400001)(83380400001)(122000001)(55016003)(508600001)(110136005)(54906003)(33656002)(38100700002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?2CWPfwIE5u9FYm6vgOLr9KUY6nMawkJoJvKb0wBaLby18ra2Gl+CrC1bCfeA?= =?us-ascii?Q?eUqekI38PXYAg3SllQ0LxqQwOgRpoFN3blPQ+uTFFWBQ0dOYYN4QFev3MWcf?= =?us-ascii?Q?vMQqrw6vb0I4fYp2k4Qg527O3iAkEei6RZNOoXENZMcmcMVGKYxwHtOG1pX0?= =?us-ascii?Q?wuK31t5M5b7cQQ3WXzpaAJiPd5AUQaP69SGkCa/3AFd3NsgFM5BR6PHFofMd?= =?us-ascii?Q?61Tqmcxh2jrBVrMHCOxOi7dFj1HbF+F0vVUKBx2gOaWVCWTlRpIBhX8DFp3L?= =?us-ascii?Q?LUp0Js8Y6onR7BEhn1OBCmjgXGKigVdGYTcmqHN59eR2m6tTMwh3tWN69PKC?= =?us-ascii?Q?C9Bsld+azs/3RJ4Rdjrf5/V0SqFOmUMhGAHYVWDTXhgwtPstHszc7fOovBDq?= =?us-ascii?Q?irO9xZcug5xA7+Lv+gn8otwqixny02gPqrtvxf6OVP0Eln7wHAFENDYuI1ZZ?= =?us-ascii?Q?PLVhCoiyaYsTY7MaaGPVn2k2JP6b4RYz14XSdLAJfJUMITihp1gHBvkzueH7?= =?us-ascii?Q?XlICd8xQ6+0+MtxHf5n1GytRMHpJaqhojMbmydbsNHFa7GyVIZh7NsXsIRJN?= =?us-ascii?Q?Qx/9bQHICmG/2sOHWO9jHqwXe8d8N5pmYIU8UNz3iW3TAGEGhz5rGCDBWhx3?= =?us-ascii?Q?wn3FemOLL4aGs0tnDvo5Pq9Aj9BI19+K2TZy93b9s/ubpSTgCWCOTJkQST60?= =?us-ascii?Q?rsW+IDTQyJHJCz3sMSikCAcJLKvTDrrcsozAYFIKJLQfqTn05KGzaYJWqLFD?= =?us-ascii?Q?W3DhUlE6nRMww2I9fJERTe9IeznSZFh2nXt32wGPcYZsCcpIXW71H+iPbswi?= =?us-ascii?Q?C2a2VT1jUdEJ76AqQ/UUbOU5XE8wpPpuQabwiOKyEgbFbK8B98TEzkUlmx88?= =?us-ascii?Q?0Gc/s5rexoZWgjgXjC0uz7r3FAHawuDkbDzEAymGI1rAxT61H4lKc3mz+vlc?= =?us-ascii?Q?hfKS29JWMmZKMpRnIjpT9U7JYl44P6x4+uYnrzJ39QjA/omsslxF2qggkdIS?= =?us-ascii?Q?NLEcP11oa4uUHDk5lisSGIBu9uKhxEDemT3PGkA2ptaJdzmztzsHTRgpSRs1?= =?us-ascii?Q?wholwsifEbw6bt5abl0EgXRRVv+VhDd5e6G4vt4btQozIL07FgICjUpbSYDe?= =?us-ascii?Q?X0ispAjTb648fbDNGFEp0B4DumbXRGUqaJhdpaWNel7zr0Nem5LTB9TIFwpu?= =?us-ascii?Q?81MY4G2goiExvmySV3l9HLUeAuX5ZsqWfsv/HEzjdy3GOJJk356wL3lDlIm9?= =?us-ascii?Q?5q4Vykz6snYL/fhTC0CpxMUhkOHiB4jvrsxRMX4eKZ8YLPojteioNpSumBq6?= =?us-ascii?Q?AqlCQTAKs21WMBXAVRYxZ7Q+RYiJkpdIZ92r0gDzP3FPHeFs35ZASwgkuE+P?= =?us-ascii?Q?6TBUR78GAq3qbcyscDqUu0ZZdItYX1UcVmTDwr+buwOZF1O1E3jIUdVJVpsf?= =?us-ascii?Q?GO2C2WHJmmFQ/8ZXG8hLxe/VciZg2h7SA2bB7Gu025M/hw0olJ9F5+qc5gjb?= =?us-ascii?Q?Ye6ro5JKa9bOaQw6t6wE12GA8933K/C9CzFAOa399HjNg1jI13zZ939L92kA?= =?us-ascii?Q?AyWSq0pvzWb13dFRKJMAcLcwJ37ZHt9tFNTCfPI/CwTHP2oSSOj5zFn+7gak?= =?us-ascii?Q?2rjI3QQvZ9XeSIlp5yka5ys=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM5PR11MB1595.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ba7fcce9-3b3f-44ab-8dd6-08d9fc0468e9 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Mar 2022 04:23:31.8435 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: jsXpsSKkesbeM/KTxuizTyp79qfHp6050ItsShrZLzyIr8CxRkkf49BCvTBN/L6hl6nbN1stOWQ+eeWn0bSzpw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1560 Return-Path: yi1.li@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thanks for your information, 1.See also https://edk2.groups.io/g/devel/message/87130 & followups. git branch here: https://github.com/kraxel/edk2/commits/intrinsics It's good to me, make code more clear. 2. Jiewen (Cc'ed) suggested to look into using CryptoPkg/Driver instead of = linking openssl as Library, so we have only one copy of the code. Not inve= stigated yet. Does it means OvmfPkg will use CryptDxe instead of BaseCryptoLib and Openss= lLib directly? Sounds will be a big change. Or a separate ECC Driver such CryptEcDxe and still use BaseCryptoLib and Op= ensslLib? I would like to point out that once we close macro OPENSSL_NO_EC, The size = of Openssllib will inevitably increase due to some enabled feature and exce= ed limit of Ovmf,=20 Such in x509_vry.c: static int check_curve(X509 *cert) { #ifndef OPENSSL_NO_EC EVP_PKEY *pkey =3D X509_get0_pubkey(cert); /* Unsupported or malformed key */ if (pkey =3D=3D NULL) return -1; if (EVP_PKEY_id(pkey) =3D=3D EVP_PKEY_EC) { int ret; ret =3D EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY(pk= ey)); return ret < 0 ? ret : !ret; } #endif 3. Also: what do you need ecc support for? WPA3 needs ECC's support, and I think Vineel's work will be the foundation. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3828 Thanks! Yi Li -----Original Message----- From: Gerd Hoffmann =20 Sent: Tuesday, March 1, 2022 10:05 PM To: devel@edk2.groups.io; Li, Yi1 Cc: Kovvuri, Vineel ; Yao, Jiewen Subject: Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add ellipti= c curve chipher algorithms > CryptoPkg: Add instrinsics to support building ECC on IA32 windows See also https://edk2.groups.io/g/devel/message/87130 & followups. git branch here: https://github.com/kraxel/edk2/commits/intrinsics > OvmfPkg: Increase DXEFV size to accommodate ECC ciphers related=20 > changes Changing flash size breaks backward compatibility, so this is a problem. openssl3 porting runs into this too, not solved yet. Jiewen (Cc'ed) suggested to look into using CryptoPkg/Driver instead of lin= king openssl as Library, so we have only one copy of the code. Not investi= gated yet. Also: what do you need ecc support for? take care, Gerd