From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web11.15819.1679048452304554683 for ; Fri, 17 Mar 2023 03:20:53 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=ai/hCZaA; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1679048452; x=1710584452; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=9fduFdzMqJ3uWBIPSSKzPUMgBKSmtodmx2Jx78k/4dU=; b=ai/hCZaAzOWBxjC48y5QNHMZoJgSCKRODeBGqJdbTNdI0wLEfpYBwUe2 /PzHkLiiF2t/UrkMq5dx12V/s2n+jXlI2xvbI7EsiPi8z8wU3Jsu42KnR 5BU1b5E8j/acUTSLXuM1iOWha2ZlEXqDDVHVBYjX4aQ1+LJDeyssHpSyg re1N072+aYF5AzAZwGQIjg7MrjfwNhJkxVy6WMQLqbeGdLD4T0XGWFG7n X40gN9HBY0XoXn/yAlC64YUBc0ZJ07GTaEl42pYlxsAXWR9xfJtDYKgqW p1gPHtl2zq0Us0BGHD9oS1BRZhfqha7/sOfXwzc/v2N/UKxhzVEVwvzFE A==; X-IronPort-AV: E=McAfee;i="6600,9927,10651"; a="365930994" X-IronPort-AV: E=Sophos;i="5.98,268,1673942400"; d="scan'208";a="365930994" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Mar 2023 03:20:51 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10651"; a="712703627" X-IronPort-AV: E=Sophos;i="5.98,268,1673942400"; d="scan'208";a="712703627" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by orsmga001.jf.intel.com with ESMTP; 17 Mar 2023 03:20:51 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21; Fri, 17 Mar 2023 03:20:50 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21 via Frontend Transport; Fri, 17 Mar 2023 03:20:50 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.106) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.21; Fri, 17 Mar 2023 03:20:50 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EKtUBNPoLT4eMUUhfiAG/c0IWGOxT+WQZZnjIff9osCe83YQO5Y0NrKDx8E/RdFystcH7LeII6UtxKtJcSnvny1nMF5LuRNKS/o6LVetZGBO0EEwzh12WlGtZry7xKJLiVWcZPVEzzJOTsnKqJ4EtJK4qFAUemcU+hdS6k8PE0R1Ftf3ne+E5GEf8+B0NK8BJGViRo4CUnRtZhcqsWoRnJ+e8ARyJic+lTHv5FGaR5bABBJW4EsVj41cFRS0RdJ/kmNDeWFoaldGJOxnFq1vlRwqqQhukAntOSIbP0/gine6EO7OTxTlpymC4YRZZPzkDekBlLZgOvAvEGVATj9sGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+iDEVGmz20HrPFzQW/2JotIbYI512rgg27VeIMZMVoU=; b=W0TaP+XG32vkF8xsN5vH+srWlLexLBD5TYTrlIeN7OUgV9r6GujU+QxmpVf4dxxMpRPo6bssUg3Wl2qx2T/h3dNT1Sfv6IaTOyyjhUMs8RbPhPiOc4kFL8tXzXdTl9ALs5dTYGyDfudD7psHaNTybXKTngV2HMRnmOARZfzpng9IqIn3VCDdI+NegiQgPomVB7wsix+/NCPwK9dq9FRKHp+rq3EuUbb4HV1fhDFkgAevEw3ESeqEgz/SfrTi060Wl5iAEMBmZjjMym1HBQwWYwHFBKDeLSl8LrrS0qV1Otr2LKzB9hLJ5T2ejE8dfUX2B/kpIkI4AVsnR+dyjtgRkw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by SN7PR11MB7041.namprd11.prod.outlook.com (2603:10b6:806:298::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.35; Fri, 17 Mar 2023 10:20:48 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::c0c0:4b46:1dd4:80d6]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::c0c0:4b46:1dd4:80d6%7]) with mapi id 15.20.6178.035; Fri, 17 Mar 2023 10:20:48 +0000 From: "Yao, Jiewen" To: Gerd Hoffmann , "Li, Yi1" CC: "devel@edk2.groups.io" , "Hou, Wenxing" Subject: Re: [edk2-staging/OpenSSL11_EOL 0/7] Openssl 3.0 POC update Mar 17 Thread-Topic: [edk2-staging/OpenSSL11_EOL 0/7] Openssl 3.0 POC update Mar 17 Thread-Index: AQHZWIjzkk7/T9yxqUub56hq/mdj9q7+vlUAgAAAdHA= Date: Fri, 17 Mar 2023 10:20:48 +0000 Message-ID: References: <20230317100320.3dlivnxk5ktubkwz@sirius.home.kraxel.org> In-Reply-To: <20230317100320.3dlivnxk5ktubkwz@sirius.home.kraxel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|SN7PR11MB7041:EE_ x-ms-office365-filtering-correlation-id: 3012e729-58d7-4118-802f-08db26d14701 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: OjGu5jWrSLPbtIR2PfdiJuYuFF1g6v5afuW5bwXDChDiNbDNyHBAJTiJXlp09mMKhuIgg34rYcZxWvxt13V83FXThJm8gzuZdL6AWrrso6BVdAo6RmCJdlwrpnXF98okhEaPjSCYIHrzPCtilnf2xmkssbFZwqHyPc4hC6EkysDtNgIUGd7c2KwIpnJKf/VJ3WPLOtx3pPU2qfrC1W7Q3IAyeV+NvgNqlkGVSxIT4+7e0e3fT7X5hvpGb9kiW7mm3d/tWDSVNT+zsQNKL14e+H2VIBhB2D0B6EBYK4eB9OnumVNxel+nUVBMnUUMcqxgagZig9ybm2QBwpu8BGtmcznBTgL+7VQGR9Z6X9JCSK7EaNBRcMu0f2Z+HeIIGcs9+RkSRuiKNaZDGIvQ+gsm/cJFHuVBT2i7sPbbFzGFjgGv4HPQlrpHzoHlr3CvzHAFq/tpyoOKHnePcxj3TgthXtSgqnEtCmiegdbq+IW16ImQariB6R+MJ009yhEMw+FdnQ3WUur2k+JQ3Iv2tJW/U1cOYNrvveMZ2nzOQcRCMXi26YDIINgObMz3sT7iqO6LGO7cfSggmH2f3/isMHXH8rp6dV2YjJHbo9ty6Q8lgzymYppOReW+Cnd33aqY+31TAZH5/VDrUuzMccO96hUR4aNDU1GtANHmsnh1DyrpZOzkpcSj171x4za2x1khhSVg/QEpUmrkTOzY7afyy7xDAjcJDE8i2GCiYBXXSaeaya4= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(136003)(39860400002)(346002)(396003)(376002)(366004)(451199018)(33656002)(86362001)(82960400001)(122000001)(38070700005)(38100700002)(7696005)(15650500001)(2906002)(52536014)(41300700001)(8936002)(5660300002)(55016003)(4326008)(6506007)(9686003)(186003)(53546011)(26005)(83380400001)(107886003)(110136005)(316002)(6636002)(54906003)(64756008)(76116006)(66946007)(8676002)(66446008)(966005)(478600001)(71200400001)(66476007)(66556008)(66899018);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?4k+tLwOjwjHjyp57YVksLeOVivKPyhRG4kRUNNycYSP/x+0vDftvdL6d6Ogg?= =?us-ascii?Q?zOIp7tkggQAOKFsVphqz4wfVsr7niVASusA/7y8epbiOWq6pcB4iocFfZGgD?= =?us-ascii?Q?IMQXipTKiiwu7bDZnhQRKcfWEjpvUFnC5j8KyxHSk6a27OO6IJCrhjQqvi4T?= =?us-ascii?Q?ksbBIQWJ5bVfRH7nCvhCydqNNIz86PMQzz3JbaiOr5rZ09aB/PPiYc/q/uQl?= =?us-ascii?Q?GM6EKN0lyDl/xrLSATpmEHs79JEyN18VK/H3BuDn+9Hk1+jLfsosEH0GV0DS?= =?us-ascii?Q?zWgliEbZsM1ffRFGIXsxpfERszTGS/acLKFuR7YvExj/t64wpp+w+T01WRwe?= =?us-ascii?Q?nIa0mVeX4+e7HkmdXPHo4CsA3pxEwToa7v21PYjVDMZYpvDYGTbR8CuxWRhS?= =?us-ascii?Q?Ydl7A73aIMDgp9HjWL5esaezt99kpAYk0F9I18twiKonxl0DbIjiQgXMJioX?= =?us-ascii?Q?u2dQgA3BOI98Cxb+wx8XkO+L9/rdzJJJgUBB1MISymmUdvmjLqYVqrG9Bdx3?= =?us-ascii?Q?sdL8kvxiB/ciw+ngsz9Hia736c3/s2y4DdzB86cBgMZQjDVK3r1Fj/Lt9lq/?= =?us-ascii?Q?6pNuycQPy+eBLcW9tplA9xBwQwAMk4gBgiR5fPgIv/1B+qevskgXt9DmcJJK?= =?us-ascii?Q?d4LMFZrsl7bQMAlxH7q3/BOHt3DRsigH82kzFUqCRtwaeHdG/8a8JBDoQXmb?= =?us-ascii?Q?DwuMbpo0c7W9LRIRNCo15pb8vXit12UD3qJIsDsc2tKBkpjVjb5OUgGup6NT?= =?us-ascii?Q?F0/olJvPLNPZ/9MSeQ7W5aNSYNmEz+iQLHUG3Yj3lOsRfBMbHxzxIm/16G6I?= =?us-ascii?Q?7tj4/IdQ2Xciiq398zaVSQ20SX+iXxvdzzjUS3ZQ+K89H0Hd6Rn7gdvY59Y6?= =?us-ascii?Q?E1YHfDdkAc1a1nPFadgmCtPqjmetKl2VDK5QnRv+rHj3mlst9dXye4VWG1vy?= =?us-ascii?Q?+SawBdLAWtaiiOsXhWFtKn/pHcnq3/e8fXtQ9yqtgAqNxr0RfsbqQx04skUR?= =?us-ascii?Q?RHVHXofvFrO1KUJIIt1tu/6JwMYu59wiR4nFhQjRMfuNJxyu9NIVPkfCgrLM?= =?us-ascii?Q?1JFbmu33Ued8ETN5b0xTJM9GjiFnZznpBhkbcJnIx6Yhv7sWwEmZcKSeDBFo?= =?us-ascii?Q?PtZm/pMLfz6v1qcdM2//n7KiljIIq8cmldRX90srI+L5QXoGgHkXWXRN5Bu7?= =?us-ascii?Q?g6PW0Iq/1kBTV2u9Bre7soz2pbEG3mJQbtnFFNq1VBbcN+3D483xjwIGm6S0?= =?us-ascii?Q?7Bk17zOehdp1qcmk3WFtaKe6/pzCw9ltC+VuigtcJ74XyX+khuIBFq36hob/?= =?us-ascii?Q?PUPOV71jccBAZV2rSmcSJVY5mp8TD+WcBpiowSx0u81iuoDicqKANQ7xdxQT?= =?us-ascii?Q?2so7KEzFgdJgk2xGKhjo6SrwaWRm2DgIoYKDUQNXNMOb0xNb82Qa1KDeWc1L?= =?us-ascii?Q?8eUW+Y//FH9l+vF1eZdeW3g2ba0SPCNBGFAWCEmNn3ZQncGf70BRMVJKrC9L?= =?us-ascii?Q?owLftN4KXnzubPnvWv7j6A48T3vKyj8mGZR8+9nXzbznEJnv0eJ9ES9YjsF6?= =?us-ascii?Q?4Ud+jADB8BXUNC+KtuHmnTwcS0qenJUGh4VBorpI?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3012e729-58d7-4118-802f-08db26d14701 X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Mar 2023 10:20:48.3719 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: QT7f+Ry9bYBATTlOVLC8tRl/bOqjQ+jEuB7fgaQjoJ2sp13uX7wrNGuiz9UiCmafVHPVPRF6FLRp202G75RYZA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR11MB7041 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Gerd Currently, the *blocking issue* for openssl 3.0 adoption in EDKII is *size*= . The big size increase will break exist platforms easily. As such, we are = not able to switch to openssl 3.0 directly. I have written the proposal at https://github.com/tianocore/edk2-staging/bl= ob/OpenSSL11_EOL/ReadMe.md "It is possible that we may need add MACRO to OpenSSL 3.0 to reduce the siz= e. We can do POC and submit to OpenSSL community." My suggested plan is: 1) We do our best to reduce size, as much as possible. 2) We revisit openssl 3.0 change, to see if that is reasonable. 3) if we can figure out a better way to avoid the change, we redesign and a= void the change. 4) if we cannot figure out a better way, we submit the change to openssl 3.= 0 community. You are welcome to review the change and send feedback. Thank you Yao, Jiewen > -----Original Message----- > From: Gerd Hoffmann > Sent: Friday, March 17, 2023 6:03 PM > To: Li, Yi1 > Cc: devel@edk2.groups.io; Yao, Jiewen ; Hou, > Wenxing > Subject: Re: [edk2-staging/OpenSSL11_EOL 0/7] Openssl 3.0 POC update Mar > 17 >=20 > On Fri, Mar 17, 2023 at 12:28:12PM +0800, Yi Li wrote: > > Please check the patch series if interested. > > PR: https://github.com/tianocore/edk2-staging/pull/359 >=20 > So it seems you are doing a number of larger changes to the openssl > code base. What is the plan for those? >=20 > I'd prefer to not be in a situation where every openssl update needs > alot of work in our edk2-specific adaptions, especially as openssl > updates can be timing-sensitive when it comes to fixing security issues. >=20 > For changes where we only need dummy stub functions which don't do > anything is isn't a big problem. But when changing the provider logic > to suit our needs it is probably much better to work with upstream > openssl to get the changes we need merged. >=20 > I did that in the past, worked fine. See for example openssl commit > a28dbfe7c84b6a43746d0e2ef4153e2a13067c4a (change printf to not > support > floating point for --target=3DUEFI). >=20 > take care, > Gerd