From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.95275.1679638270948426811 for ; Thu, 23 Mar 2023 23:11:11 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=HrIP7Gn5; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1679638270; x=1711174270; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=umgF131lo2ikphk1gjD+a7pwU2PYX+dcg0EfDzTN+z0=; b=HrIP7Gn54Zdv9qvPszDGCqGARz3iPQ/r3fcAFred3annFmgzyVuRFBxF NrSjSqdxXsWdGfI4eeJ7JFIjENGFqCvMTTDfOB8s5a1zDnWxkxcKxRfka xzBVuYx5SGyaoOSDsdmeDy0FPyHUE0KEVM0wyNx3IXcd2uzfrwwAzGUui iqBhH35kdZft902UYfR1jpPhoxOVb/07myWGDhZRCfcLVK+s9t38uhPre prx475U+rRlPqMbmpFbmeoOyMrsOWASNEUk9V2rYYNQtt7E9dzednu9vq jO9lJUzvm0rCMEwgPdfOQbBa0rjGEU5/6WCaHgJk3HvJIOwGHRRHQaEig Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10658"; a="341269905" X-IronPort-AV: E=Sophos;i="5.98,287,1673942400"; d="scan'208";a="341269905" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Mar 2023 23:11:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10658"; a="928527647" X-IronPort-AV: E=Sophos;i="5.98,287,1673942400"; d="scan'208";a="928527647" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by fmsmga006.fm.intel.com with ESMTP; 23 Mar 2023 23:11:09 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21; Thu, 23 Mar 2023 23:11:07 -0700 Received: from orsmsx602.amr.corp.intel.com (10.22.229.15) by ORSMSX610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21; Thu, 23 Mar 2023 23:11:07 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21 via Frontend Transport; Thu, 23 Mar 2023 23:11:07 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.106) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.21; Thu, 23 Mar 2023 23:11:06 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IcIsKe51jSeJZ+RKFmdztoKNI2JecogyPWNDBKkMr3t3GVWbKbftcfjy7W1duLKJspKccWpIzMpc4hvnFVf+psEcn0gPP27qFkzHefIdoCxdYvcuVFsh3G8lvHgYYhmgI4xIB6LRKfYTuLJb64E2X9v3SHwIg5oAcVGEjEGck4yKpk8tAzdncC/i0DLR8rGTqzx65L+QWpPrJZQ54xbbNPQFPn0BXuPRoUS9UcDQwkkJCcdMOV4oh7G5BPvBXsgliAM/rOqPEkZwM8jH+Z6yWI2ERxYveQ0fAjeN22MK06Ld1Q/hsiEsLkGOQXm5Enwi2tng7KK/LFCwvg5xkwKlUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AJTR5m1+rPcdtzJwq1+T4omSb8sn2GtayAUIvmUNFe8=; b=gFxF/hb/Up99xAkbbDry6ysnJCT7moO2ADE66nFj3q9eGOiuilgaYwJdxrbTufH/5PxX6c5XqE67Znuio6/JXlUZ3wxfNbZRjOnxt4s4ILRfZhezmUfI0K9XKOtm5IT3qz67lzNKY/gxjpI+YyqkkIhELfuw1v0MaNjDjnAzvHnlyMsYwJL0L+bxbPZths9Vzf9WPFTLaeiUlYxluxwB/zY5cM8DyEFu+uLQx2czKcFE9e0CCFxxnVF/Yn9zYRbqIU1X4D38D5HULv9xecR/YZ+P7NXdzdd+FEuLlNNrdC7wj6R24B0lPYlfUq9mY8b4nZMBgCwti1LImwLAfjlu/g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by PH8PR11MB7047.namprd11.prod.outlook.com (2603:10b6:510:215::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.38; Fri, 24 Mar 2023 06:11:04 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::c0c0:4b46:1dd4:80d6]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::c0c0:4b46:1dd4:80d6%5]) with mapi id 15.20.6178.037; Fri, 24 Mar 2023 06:11:04 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "Li, Yi1" , Gerd Hoffmann Subject: Re: [edk2-devel] [edk2-staging/OpenSSL11_EOL][PATCH 4/4] Readme: 0322 update Thread-Topic: [edk2-devel] [edk2-staging/OpenSSL11_EOL][PATCH 4/4] Readme: 0322 update Thread-Index: AQHZXTHCbRWXhrgOBEiySbW/gidfSK8IEE6AgAEaRwCAAEkmYA== Date: Fri, 24 Mar 2023 06:11:04 +0000 Message-ID: References: <99a218c205bcc4ddc7ef48ef875dc9361e53926f.1679537389.git.yi1.li@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|PH8PR11MB7047:EE_ x-ms-office365-filtering-correlation-id: ef4c913a-3c2e-496f-e886-08db2c2e8cd0 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Yk4EIQITrD7acRcPHKvWcEYzjWPrGT23IUsOemIVmMxIfFrBor5IgnOPY2mmvpBdHgP9UZvsVcMuiqZG025hoIcFgP8Y1oEh3gSh8LcQx+LnkSklXz5odMbdnMdxZemVFlG0DzbrdkO5SILkqrG9Qnd12pvx48HxZIgNP17TCpgQK1puOs88N0UoJXFzKkjtletCDMqgo5ROiDyEkwvgNUyA4c3wjpkn7GzK+n2kMALNO6EH1rUv3xR/cNFmStM0F7/yBp5Ysys9KDtiNF5WrbHYqzvsBDynVNVPFqYDFeMGt6U1EPOTfcwHnDXcfcQ7iG9SapBIy8gu2EUYQW7NqgoiFtW5Hejx+VDxqAIy1VyPlyPIooWpUW201B6h4WfoU9Fjz2BG0pAddDIfPQlgywRk5K4AEg5il0IxqexB1BGiaSww/6fhHQXrDzXSQ+0hhhOtt0wixE2zK1ZNMEpr2GqhMjWgcLFlS9k4fimOqspIvJGqatlysmEwk9hOsvBk0TKIXiDNS5f/FWbg0Dgb16ZTgTLLGLq1b1toyEAJtuvi5UkiYuWkrijt65Rq84WImnUNE2JIVDk+5BB98GEi45sJ8odWVZIRhFnm3xXWyIscqIY6XWQtzstKn2gYjEovG7tlVVCMEFhcvlgI1Xnp7NXf1et8SJFouN5NEARquVOPcSHpzrwmFWO0uY1NzTT9xH9UtIVqotOsPEPLGJLtRdB/hNVsaJg8amjly5WF3mE= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(39860400002)(376002)(346002)(136003)(366004)(396003)(451199018)(66899018)(38100700002)(82960400001)(122000001)(76116006)(110136005)(86362001)(66446008)(66476007)(66946007)(64756008)(66556008)(316002)(71200400001)(478600001)(38070700005)(966005)(55016003)(7696005)(83380400001)(6506007)(26005)(53546011)(9686003)(186003)(33656002)(15650500001)(8676002)(2906002)(5660300002)(8936002)(52536014)(41300700001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?m7ULxq8dFIhWvqDkUMb7po0TA0928STNpbs+woXVpe+i7KixC5BkaRkZohcM?= =?us-ascii?Q?AXtkIOvtlcW3yZNgFxqJjya5aGzOja/Spfb7bnIUTlgwGY25+qbJN4ynqKIw?= =?us-ascii?Q?Z9l5ZL7DIwcvcUMYIRqW6PHiwbDkfRc9fC47Qkau8ncpXaxG1cnadUBHIH8b?= =?us-ascii?Q?9BqrQRtYRAvoqBAIooGe3ilXKTwYIiRVpLX4yzhpFOCbRpdJV3P8D7tkKUHU?= =?us-ascii?Q?EDhtI79A3I2gfuKCAUj5wuvJN7edQkiR+xrzxmPRZ4u+rGwT8hvkSl0D0NuC?= =?us-ascii?Q?oCCb8sGSr+hx1Q9oBwNcz3tDjIFop//iGXzz1nVO3y7gsd2VzhYeEtQBilgu?= =?us-ascii?Q?W0dt2l9pKeFBdCkj7VrrDBQcK9Aq/rJRhYch5lCEsoz9exp46R+2u/Tlwa+K?= =?us-ascii?Q?ADmp8cCpmok3d9yWIqUfcRyo76bpn0eWafzNUmSGw4KXfSpsr3l3/s/3iPrp?= =?us-ascii?Q?AQYPzI1q9UWDAK4A9EKOXXHZ+xbGWIHpQog8buzCz5xrvqHRaBLsZqaP26/l?= =?us-ascii?Q?6lQmn9v/Ik+roCSatJKdu8mQ07Bl6ryEzBsv2yxluv1jtRP4D/d1n+x+IzbD?= =?us-ascii?Q?K4aYNcqBTBguQq5Tg3GR+m24DjIc2KEspWCuvOoBks5t3gV1Go/zVfAqSPRA?= =?us-ascii?Q?CPA8cbamhwXPiYBQJVrmA0ZxmxcN9QqbzxzCvs+MzB+bXLH+X9/s1vI7rjsF?= =?us-ascii?Q?r7xljBB5kHPnZHRdaBpjJk0zwWnWjwmyfaUG5jlUHo5273kTct4G07nshk3o?= =?us-ascii?Q?MlhYPJsYzl7XWdjdYxEv1HqpxsxklCSyMNv6OB/7Hooj0EHDSJ2BpqGaOtI9?= =?us-ascii?Q?+7Qo2VccqWO8beGODA8+kG0x9nJyYq7M8o0Lz/PaRi1cGOn672KRzgK5GhSO?= =?us-ascii?Q?hlI6HyZuoVp+NRQCUlYRh08BoU36AHwLjZEDM3AuuR2TGX8EL0ddAm4rXqAa?= =?us-ascii?Q?iz5IiP1Fjisn+Zl/uvvx5sXp9gpTiwbw4WVvNgw4ZqZy1m0MRUKfHyWmjaHh?= =?us-ascii?Q?fviBJ2dfbl9esZMXOm/K/U3NeS/KlRD1NS7YWvpBtaQPu1dGqUi0Jda1hxpF?= =?us-ascii?Q?HOs2c0h6ySN2PasKplLKsRZ0DeCIusbEfVNvUNyZYqaQnh3Xpz+c3JnbODP8?= =?us-ascii?Q?Q1gfOhzDh8Iv7mVZW08GHv+PYoBkk5Bb2cf3TQwIugA5oFANuYK5mZBxipAU?= =?us-ascii?Q?d0Sc0+D/EAYRlwCHJLq329gDT8M0rXQY3qSJQQBw2VcDGOFarThaKVsbIbP+?= =?us-ascii?Q?pbgnFRZnh169kDvI2kOfWe01V2OrV+sgeEg7AB9IkfJ5XxHyKRU/mnBTTl1S?= =?us-ascii?Q?fCBRG+iyqORXO6ZnXbqpM10frJXcriz1MCeANNMkMSlWOXiaLRBGsXsS0S4f?= =?us-ascii?Q?ZV2eDb+dEcvq11eJLsyLbRhCUvgfHpKqDGPYOX0eGvKhJrHxmHPRcrjCJQNy?= =?us-ascii?Q?n5TiFbXyiJ41tQNAT2AJoraTzrGCSLh0XfhUTt0i0cynPq/UvEEOdUc42E4h?= =?us-ascii?Q?8I21OwA4xOJ7FbYdJelQCowY95WV7RC3SflaEzFMCbju+E6p5T4cMkMrQjHe?= =?us-ascii?Q?S064rVT/HtuJsxcEF4Yn6NNzDl99khLyhg8cfNNo?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ef4c913a-3c2e-496f-e886-08db2c2e8cd0 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Mar 2023 06:11:04.5349 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: pdCNzSxgAW4KKfXFdD303pOw61IZ6K996bHRj8Eq9lon2hZCVS4uA4sGFbo8gVIKDhJcl1FQ4IHpeFtsYndfFg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR11MB7047 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable We have 2 level APIs. 1) EDKII other code -> CryptoPkg. 2) CryptoPkg -> Openssl. Current strategy of openssl 3.0 update is to keep both 1) and 2). That is m= inimal impact. Do you think if we can keep 1) and only update 2) to use new API in openssl= 3.0? > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Li, Yi > Sent: Friday, March 24, 2023 9:47 AM > To: Gerd Hoffmann ; devel@edk2.groups.io > Subject: Re: [edk2-devel] [edk2-staging/OpenSSL11_EOL][PATCH 4/4] > Readme: 0322 update >=20 > Hi Gerd, >=20 > Thanks for review, >=20 > >> +### Level 2: A bit like workaround, with possibility of upstream to > >> +openssl 1. Enable the legacy path for X509 pubkey decode and pmeth > >> +initialization, The purpose is to avoid the use of EN/DECODE and > Signature provider, will reduce size about 90KB. > >> +(commit: x509: enable legacy path in pub decode) > >> > +https://github.com/liyi77/openssl/commit/8780956da77c949ca42f6c4c3fd > 6 > >> +ef7045646ef0 > >> +(commit: evp: enable legacy pmeth) > >> > +https://github.com/liyi77/openssl/commit/a2232b35aa308198b61c5734c1 > bf > >> +e1d0263f074b >=20 > >I suspect that is not going to work well long-term, probably openssl wil= l > remove the code paths they consider being "legacy" at some point in the > future. Probably not 3.0.x but maybe in 3.1 branch. >=20 > Yes, I think in long-term the better way is to remove all legacy code pat= hs, > this will also help reduce the size. > The problem is that a large number of legacy APIs are currently used in t= he > EDK2 code. > In the future, it may be a big update to throw all the legacy code. >=20 > >> +### Level 3: Totally workaround and hard to upstream to openssl, may > >> +need scripts to apply them inside EDK2 1. Provider cut. > >> +(commit: CryptoPkg: add own openssl provider) > >> +https://github.com/liyi77/edk2- > staging/commit/c3a5b69d8a3465259cfdca8 > >> +f38b0dc7683b3690e >=20 > >Allow people implement their own providers looks like an openssl feature= to > me. So I don't think this will be a big problem to maintain, I expect th= ey try > to keep the interfaces stable to not break apps doing so. >=20 > >The only little detail we do differently here is to remove the default > providers so LTO can actually remove the unused code. >=20 > >> +(commit: x509: remove print function 7KB) > >> > +https://github.com/liyi77/openssl/commit/faa5d6781c3af601bcbc11ff199e > >> +2955d7ff4306 >=20 > >Did you double-check this doesn't break something? >=20 > >It did for me, due to some code in openssl depending on a working > bio_sprintf() implementation. >=20 > I don't do any more test than unit test. > I am sick of this part, but I currently have no other way to reduce the s= ize. I > would like to drop those changes first if i find another way. >=20 > Regards, > Yi >=20 >=20 >=20 >=20 >=20