From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web11.97327.1680602083157272002 for ; Tue, 04 Apr 2023 02:54:43 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=bYMCOslO; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: yi1.li@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1680602083; x=1712138083; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=SqXVF6MJbPpHzRBjLQ/skxdS5hm6pjbMwXB/Mn9oXDA=; b=bYMCOslOp0uFl6PUGaqkZEMgsHB1PZTMWuHGHHKp8XBLeOTC4ZeQYCC6 OLI2SJNjTlW6/SCIrk7BSKPBWb1jFTiz4iqs1Dp94Dw3j/D5c8qcfuCM3 Didv8IujHXAmZ5CbKc2FLWDu0FecEuvcpxQMKQQL3eTxLF0VtwaP1ZgNI Xs3zverU92QuFyWOcN0aIKj/+UHoNhGwv4bwkcjyE78MMX4Vt6u2sEgAO cvSR5NHSqBPfeJ+inM0Nj2NstC8vJI1fBfWF1DTUna5uRRQDSg1HrgAfO 1UJrPtCiQrO/i6hRNjbVXqX8ai+gJo0ej8ihwI+atA6H8RBpS0F8PKTUZ w==; X-IronPort-AV: E=McAfee;i="6600,9927,10669"; a="339626617" X-IronPort-AV: E=Sophos;i="5.98,317,1673942400"; d="scan'208";a="339626617" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Apr 2023 02:54:42 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10669"; a="688830678" X-IronPort-AV: E=Sophos;i="5.98,317,1673942400"; d="scan'208";a="688830678" Received: from liyi4-desktop.ccr.corp.intel.com ([10.239.153.82]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Apr 2023 02:54:40 -0700 From: "Li, Yi" To: devel@edk2.groups.io Cc: Yi Li , Jiewen Yao , Wenxing Hou , Gerd Hoffmann Subject: [edk2-staging/OpenSSL11_EOL][PATCH 0/4] Openssl 3.0 POC update Apr 4 Date: Tue, 4 Apr 2023 17:54:29 +0800 Message-Id: X-Mailer: git-send-email 2.31.1.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Updated POC result and next step. Please check the patch series if interested. PR: https://github.com/tianocore/edk2-staging/pull/366 The goal of POC has been reached, next step: 1. Optimize code quality 2. Upstream OpenSsl code change 3. Fully validation Risk: 1. Upstream the openssl code is a long process. if all goes well, it can be completed before next openssl stable release (July 2023). If missed, the next stable release will be in September 2023. 2. If bugs are found during validation, some size optimization work will have to be discarded. This will result in that size increase greater than current result. ## POC result Binaries mode (use crypto drivers) | Driver | 1.1.1 | 3.0 | percent | |-----------------|------------|------------|------------| |CryptoPei | 386 | 400 | 3.6% | |CryptoPeiPreMem | 31 | 31 | 0% | |CryptoDxeFull | 1014 | 935 | -7.7% | |CryptoDxe | 804 | 813 | 1.2% | |CryptoSmm | 558 | 587 | 5.2% | | LZMA Compressed | 1.1.1 | 3.0 | percent | |-----------------|------------|------------|------------| |CryptoDxe | 311 | 321 | 3.3% | |CryptoSmm | 211 | 233 | 10.4% | |FV (Dxe+Smm) | 357 | 381 | 6.8% | Library mode (use crypto library) | Driver | 1.1.1 | 3.0 | delta | |--------------------|------------|------------|------------| | FV | 2377 | 2636 | 262 | | FV (LZMA) | 459 | 539 | 80 | |SecurityStubDxe.efi | 562 | 605 | 43 | Cc: Jiewen Yao Cc: Wenxing Hou Cc: Gerd Hoffmann Signed-off-by: Yi Li Yi Li (4): CryptoPkg: disabled ssl server CryptoPkg: sync latest change in uefiprov to minprov Readme: 0330 update Readme: update POC result and next step CryptoPkg/Library/OpensslLib/OpensslLib.inf | 6 +- .../Library/OpensslLib/OpensslLibFull.inf | 6 +- .../Library/OpensslLib/OpensslStub/minprov.c | 30 +- CryptoPkg/Library/OpensslLib/SslExtServNull.c | 329 ++++++++++++++++++ .../Library/OpensslLib/SslStatServNull.c | 219 ++++++++++++ CryptoPkg/Readme-OpenSSL3.0.md | 32 +- 6 files changed, 587 insertions(+), 35 deletions(-) create mode 100644 CryptoPkg/Library/OpensslLib/SslExtServNull.c create mode 100644 CryptoPkg/Library/OpensslLib/SslStatServNull.c -- 2.31.1.windows.1