From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.34842.1676341494813122303 for ; Mon, 13 Feb 2023 18:24:54 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Gclf4wvA; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1676341494; x=1707877494; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=7NtasGOeFLYSg/BWKc5ClTFe+izREj+hlyL4y6gKtjI=; b=Gclf4wvAlB+umJJ3iKdQx3Njor+6D5pEHmDAFAsqFbcDJ/f/eX0PecVm CVhQkdaqE8PyRTV8NIcRHcr52qg7mxMqH7qiwm2gOd0TbLUQ6mtTCjvJ4 qzXTurV6EOuZsGxT1NzgvSJcik4cOCZBJA6fkAQKX/zPt/3GqxpxWplMu 2COmH9Xn12K8JboTcgsJAUHSsPWvnN6dEnbHEp1dvCYUlt1Y+7Lf9sz3g 2JmzzhM3kW8LI4Bwrk+FIhnnsU9kUEMmVl9tU2SHF9ih8xKSatnOeg//H q0tLTL9RFPiJd6xQLHv6DyGRHIn+9FUebEn9Uay8HfpNyrjS9xpMDMQ3e w==; X-IronPort-AV: E=McAfee;i="6500,9779,10620"; a="331059733" X-IronPort-AV: E=Sophos;i="5.97,294,1669104000"; d="scan'208";a="331059733" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Feb 2023 18:23:53 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10620"; a="618866684" X-IronPort-AV: E=Sophos;i="5.97,294,1669104000"; d="scan'208";a="618866684" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga003.jf.intel.com with ESMTP; 13 Feb 2023 18:23:52 -0800 Received: from fmsmsx601.amr.corp.intel.com (10.18.126.81) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Mon, 13 Feb 2023 18:23:52 -0800 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16 via Frontend Transport; Mon, 13 Feb 2023 18:23:52 -0800 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.104) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.16; Mon, 13 Feb 2023 18:23:52 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=muynZgFaAQBYI8T5EmsHJQTqD9/phRsONlx7Jbc0L/yn0UrAjMxUAGcCv0E4C5dUIwC4r7x99SOAKV2rZJQ3+PHRu1PHTEo/zJ6UnSRWAjPc4XnSvtZGPaxOd8AHQXTLhwsp0HmT+2Co3Px+kGpQdn3j3htkFryM0yiQYylzYMmxXGLy/BYxsWDrGyiv9+amOBXWbic1MdaOGOG4NFHYfC3ZSUUrCV1N7t0yqveqB2i49lu2m6O9C28HAujvKr4RjySHWw039Iz/2sXoayYJzwCIEOaKr4rb+J2/6Y1n/ctWoiCQF/AQLKQ/2/GjGhxx8qxC3UNcU5kODqncpf1rnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WDcmuA0RsZQfuTdbezzFddNBtxAjTNm9ADHF8WSu9A0=; b=PrsIAn65xzJsr6JIyzyqNmfdKImCNKvjqcCO/k9PUjnUlLXl8BBtU8GxxzFIZPON95KwM4ecvd2z46S2JmN1Cri4Ip/82iCy1luy+9vUWg878czp0FgjAEcF1Ybsv9FsMAqUtglYpxF10yHeePQa2kF/ipxGCwC/CII/eWLhTWBgE8T9q9zxoYDrXusKPhPGe5yy9oR9Qe5kmucEK5O8V6ENO71KubdRv8CffD064jnJGailfyv3Q+WwUACYJjJEZjEGPR0FYueiVTa9s33TC1yuf4lGKhbiQIbqEjXvii1CeGZh2Or2VJy3G2lNk2MYauSnD3dPRszHzZe5DQkXrw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by SA0PR11MB4655.namprd11.prod.outlook.com (2603:10b6:806:9d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6086.17; Tue, 14 Feb 2023 02:23:50 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::96f4:ad8:3fb9:b60d]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::96f4:ad8:3fb9:b60d%9]) with mapi id 15.20.6086.023; Tue, 14 Feb 2023 02:23:49 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "Kinney, Michael D" , "kraxel@redhat.com" CC: Oliver Steffen , Pawel Polawski Subject: Re: [edk2-devel] [PATCH 1/4] CryptoPkg/BaseCryptLib: avoid using SHA1() Thread-Topic: [edk2-devel] [PATCH 1/4] CryptoPkg/BaseCryptLib: avoid using SHA1() Thread-Index: AQHZP+A/B7JX+MOYn0aPjEwtw9Oq7K7NcTeAgABEh+A= Date: Tue, 14 Feb 2023 02:23:48 +0000 Message-ID: References: <20230213191958.913689-1-kraxel@redhat.com> <20230213191958.913689-2-kraxel@redhat.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|SA0PR11MB4655:EE_ x-ms-office365-filtering-correlation-id: 99d1f6a5-3fe9-4ce8-01f8-08db0e3281b3 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: zDFLvT4hjEBarexVPQJjkBZYY+JtOcswXe+EKbo+zdeDsnrgqGYZl0/r8rV6PtPBZvwCpXic5Cb7fWtL2ow+qVXek+TZH/jIjvKSLkR9hKFsecf0/INJmTz8TgTlxXFNCBHl13eZeGG+aVd8a3uQfGHWL9uBtU5lkVqzK8xLfeAe7UxKy9Vkgg/YUDgj2d5M3FcVrSYVqSj54sYrCtlnWBzQUswVhIHbw5JDqQ54HfBJzq51EsNrPjQGngOo0Vox9JIBF2e4NHK9YEwzL9Nt5V9zFgXcLVjUxymNtc8NA5/EJISgV0r2Th4aQTJIyO4nUI0z2pufUXFJKGUc+PFBsHYi2hRT7kDwGgfxu54dqf4HB/QZOPpOvxZyFInPr0CbrjhRM4WX3PHZJqg0a7XFvBDJcMw0zVBUGo2nr+pktla9CU6xnY3RL+J1apSGRe2sWN4sqsIbPsPXLU0uOmlZb1q+Y7ycMHwQPF8oyJ228aZlorN4JZ6kMoh1bwTW9HeODfnqn8L2kqDOfNvI9o5ObMj+Xkmo3YFb6wjFPZedGtWzp910jG0wjZzyi3jvNvctFzzbXknfNgX9q6FPHOj7ittWHNpT70oMGtOiiIWDpnX995v5LEJbIoOoftM9sBJ/URU66B37EItXgwykVkkMFDzj/rhMmz26TyIpMEv2JP2/Cn1oUso54l7iE3SQ/N110JiD8H6wUyWaPwYzTAfkvX7tQ8yQFuGgKod2jQPmNEE= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(396003)(366004)(376002)(346002)(39860400002)(136003)(451199018)(76116006)(26005)(66946007)(6506007)(66446008)(53546011)(82960400001)(9686003)(186003)(38070700005)(7696005)(122000001)(478600001)(966005)(83380400001)(66899018)(71200400001)(38100700002)(66556008)(4326008)(64756008)(19627235002)(8936002)(52536014)(5660300002)(66476007)(8676002)(41300700001)(86362001)(2906002)(110136005)(316002)(54906003)(55016003)(33656002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?ZSZElp1NcC8tevHy0ueSryuiGjT9hU0zKH10bBTQPqcFPLD6R178K/cl1nhE?= =?us-ascii?Q?or2BgPoCGBS/t1LnL5dAJbJRLQwPuWdg+epnk4yih+lj0el0XUu3S4ntW82y?= =?us-ascii?Q?MV+yD4T7xpAhf7CqZQU9s0mlZlTNpRv2xKc3mwMN8OlOrKUfDwfE8wzINMbM?= =?us-ascii?Q?4mcHUKlKNTBusNoLme05bN50AySa3IyaIe8baEX9zMg9hiddGAxnLYDncesv?= =?us-ascii?Q?TsLRz3A4+bgZv4opkHlKbacyKh/iTtJoIWYBWbnt7TcA+UJiIAl6E6fvPLTq?= =?us-ascii?Q?Ih8iC2OVYj2mPqmeUjw7suSsrbnhutCQd+O8R03wV5np++Jvh2SLQ3gTB8+/?= =?us-ascii?Q?DgPsxRrHQaz4dolLJrw2BoSEUgp2DEfsC/QEu6BdvQGGzFmNHl5lQHmzrGfR?= =?us-ascii?Q?XuOGK/VUqrH0UXCzp4VX8x0/iYcWnAHjACVt4+2FibG1Oaqkp11HSJd0t2zw?= =?us-ascii?Q?oEGf76gqGEPJMVp7rdZsjhEgMrUxjk40EA09j/oWI0ytXkj1zsafv3uW85KC?= =?us-ascii?Q?vIig40z7kncJjPcqqgNHpx4FrKeW7H1uEoSo2RTMTaDNZN7rez9tm67071YP?= =?us-ascii?Q?c2hWyIZM5SbwbNgPcO4gSs99D30K1Zhxer56EoyNztAs0EqoioFaYEoWJ8Ej?= =?us-ascii?Q?wqVUcAERaD1jMkfbkjq2vB5GauaQ2K3AjbqplGBl+PHh8ohE0H/WbzcTiuFo?= =?us-ascii?Q?UpPDomCoDQ7jnpJRbxi7tTGEsZ+IxxLs7D+nCTFDbqf+rzbW3YN5EGkmacHE?= =?us-ascii?Q?7utUKd9qZywf8M96c8Pv+gS7E7rIWB5DRTZJ2EepAMt4VUaFQe5Pd8266bph?= =?us-ascii?Q?SpiIjETfsxI5paohABJV/CAainJ3bymNVXL0SpvChXhJZdBUuUMUZBse6dBy?= =?us-ascii?Q?gXBkwJxH5T8Mvincjm99qOmPbgeX2wMkKIWc2w+KQQ+LoQPsuzh/VgXGn8y1?= =?us-ascii?Q?3vPsoMfE19Lew+IjxJJa4W28OXYaXu/JhoJco8282GHPVUexugStIF4wuLtE?= =?us-ascii?Q?hSXC9jp3de8J+NmE0bRLRYwc3BE25gI0CAE1a5jvO3fDv4+H5OqBPr/3w3Fc?= =?us-ascii?Q?R2o0VDvMQGx4A9lGTISepgW2BzHcyYurWbW9ExVfnTeZGR6b4mQZhkouMJ7w?= =?us-ascii?Q?9pJvd6bKAwdwHzGWFKgn2XVbbjtJRP/WX2ZlzfKQw+eIVkP84krFoL54PCB4?= =?us-ascii?Q?tmexczXAR8dAZjWY1OJfazlFQYlhpKHxv5YxFDmsaB606Lr3Udl6HZ3pdEvJ?= =?us-ascii?Q?gtc5UDbJj+timiQuL2nq/Aj3bzAg+85rlC4CEdXyiOgyuAFEz2j0ukFy7v4D?= =?us-ascii?Q?BgBGFyvJOR56PPI3hxsi1KaxiWdceR2rZhQ6ypRZ+Pyl7yISRVP9alBWO/T/?= =?us-ascii?Q?oJjtDBeHWTNKe7WkCygqas0WQDWuoty2nXsIhICIc4eg7ypwCTj1A+1YEgpS?= =?us-ascii?Q?YCQKyNKlXHHEeG/gY1n1X342iWM9NULYgxSli7clkxkhjdfx9Ost+edlYaKz?= =?us-ascii?Q?I+hgpOPKWfDU8SZQHvj1YsYBNBFe7VsS2fvArHxf3pi3V49geY53+ntCiKas?= =?us-ascii?Q?dMkW3edGc4+StJ7SziWfYmB/xshGS5gTCX5bJ7Jp?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 99d1f6a5-3fe9-4ce8-01f8-08db0e3281b3 X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Feb 2023 02:23:49.0046 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: tORmm4jr21wTHVGD+0w2P/8JfElyg2ZA+Mb+XhiiW3fDfdZavVRfu3isD8Pq0g9YpfXu9G1aPhf+WrxozL5cSw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR11MB4655 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I think so, we can still use 1.1 APIs in compatible mode. Please refer to: https://www.openssl.org/docs/man3.0/man7/OPENSSL_API_COMPAT.html https://github.com/openssl/openssl/blob/openssl-3.0.8/INSTALL.md#api-level as recommended in https://github.com/openssl/openssl/issues/17930 Thank you Yao, Jiewen > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Michael D > Kinney > Sent: Tuesday, February 14, 2023 6:14 AM > To: devel@edk2.groups.io; kraxel@redhat.com > Cc: Oliver Steffen ; Pawel Polawski > ; Kinney, Michael D > Subject: Re: [edk2-devel] [PATCH 1/4] CryptoPkg/BaseCryptLib: avoid using > SHA1() >=20 > Hi Gerd, >=20 > This is an interesting pattern for the openssl 3.0 size issues. >=20 > It looks like the 1.1.1 APIs we are currently using are still available. > Are those legacy APIs guaranteed to be supported under openssl 3.0? >=20 > Mike >=20 > > -----Original Message----- > > From: devel@edk2.groups.io On Behalf Of Gerd > Hoffmann > > Sent: Monday, February 13, 2023 11:20 AM > > To: devel@edk2.groups.io > > Cc: Oliver Steffen ; Pawel Polawski > ; Gerd Hoffmann > > Subject: [edk2-devel] [PATCH 1/4] CryptoPkg/BaseCryptLib: avoid using S= HA1() > > > > In openssl 3.0 SHA1() goes through the provider logic, > > requiring a huge amount of openssl code. The individual > > functions do not, so use them instead. > > > > Signed-off-by: Gerd Hoffmann > > --- > > CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c | 16 +++++++++++++--- > > 1 file changed, 13 insertions(+), 3 deletions(-) > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c > b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c > > index 1e071ce2b325..cfe1f4bc44c9 100644 > > --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c > > +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c > > @@ -204,6 +204,8 @@ Sha1HashAll ( > > OUT UINT8 *HashValue > > ) > > { > > + SHA_CTX Context; > > + > > // > > // Check input parameters. > > // > > @@ -218,11 +220,19 @@ Sha1HashAll ( > > // > > // OpenSSL SHA-1 Hash Computation. > > // > > - if (SHA1 (Data, DataSize, HashValue) =3D=3D NULL) { > > + if (!SHA1_Init (&Context)) { > > return FALSE; > > - } else { > > - return TRUE; > > } > > + > > + if (!SHA1_Update (&Context, Data, DataSize)) { > > + return FALSE; > > + } > > + > > + if (!SHA1_Final (HashValue, &Context)) { > > + return FALSE; > > + } > > + > > + return TRUE; > > } > > > > #endif > > -- > > 2.39.1 > > > > > > > > > > >=20 >=20 >=20 >=20 >=20