Re: [edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND

[Li, Yi]

Sounds good, I will try it.

Thanks,
Yi

-Original Message-
From: Kinney, Michael D  
Sent: Saturday, June 15, 2024 12:58 PM
To: Li, Yi1 ; Ard Biesheuvel ; Yao, Jiewen 

Cc: Gerd Hoffmann ; devel@edk2.groups.io; Hou, Wenxing 
; Pedro Falcato ; Kinney, 
Michael D 
Subject: RE: [edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND

If the host test was updated to use GoogleTest/GoogleMock, then the call to 
AsmCpuid() could be mocked instead of calling the version of BaseLib that is 
safe to use from host envs.  Then all the code paths can be tested properly.

Mike

> -Original Message-
> From: Li, Yi1 
> Sent: Friday, June 14, 2024 9:55 PM
> To: Ard Biesheuvel ; Yao, Jiewen 
> 
> Cc: Gerd Hoffmann ; devel@edk2.groups.io; Hou, 
> Wenxing ; Kinney, Michael D 
> ; Pedro Falcato 
> Subject: RE: [edk2-devel] CryptoPkg host test broken due to smoketest 
> for RDRAND
> 
> Hi Jiewen,
> 
> Currently Host lib using a dummy AsmCpuid implementation:
> BaseLib\X86UnitTestHost.c
> AsmCpuid -> UnitTestHostBaseLibAsmCpuid -> Return all zero (BIT30 of 
> ECX hardcode to 1 after change of Gerd)
> 
> Did you mean prefer to use real AsmCpuid func in Host?
> Or only use cpuid to check RdRand bit and set it.
> 
> Regards,
> Yi
> 
> -Original Message-
> From: Ard Biesheuvel 
> Sent: Saturday, June 15, 2024 1:16 AM
> To: Yao, Jiewen 
> Cc: Li, Yi1 ; Gerd Hoffmann ; 
> devel@edk2.groups.io; Hou, Wenxing ; Kinney, 
> Michael D ; Pedro Falcato 
> 
> Subject: Re: [edk2-devel] CryptoPkg host test broken due to smoketest 
> for RDRAND
> 
> On Fri, 14 Jun 2024 at 18:45, Yao, Jiewen  wrote:
> >
> >
> > > -Original Message-
> > > From: Ard Biesheuvel 
> > > Sent: Saturday, June 15, 2024 12:14 AM
> > > To: Yao, Jiewen 
> > > Cc: Li, Yi1 ; Gerd Hoffmann ; 
> > > devel@edk2.groups.io; Hou, Wenxing ; 
> > > Kinney, Michael D ; Pedro Falcato 
> > > 
> > > Subject: Re: [edk2-devel] CryptoPkg host test broken due to 
> > > smoketest for RDRAND
> > >
> > > On Fri, 14 Jun 2024 at 18:09, Yao, Jiewen  wrote:
> > > >
> > > > Hey
> > > > This PR seems just a workaround.
> > > >
> > > > I don't feel it is right solution to hardcode BIT30.
> > > > What if the host platform does not have such capability? You 
> > > > will get failure
> > > later.
> > > >
> > >
> > > Agreed. But that was already the case: RngLib assumed that RDRAND 
> > > was implemented without checking CPUID at all, and so the code was 
> > > already broken on systems without RDRAND.
> >
> > [Jiewen] Sorry, I don’t understand your comment. " implemented 
> > without
> checking CPUID at all "
> >
> > See below code. It does use CPUID to check the capability.
> >
> > EFI_STATUS
> > EFIAPI
> > BaseRngLibConstructor (
> >   VOID
> >   )
> > {
> >   UINT32  RegEcx;
> >
> >   //
> >   // Determine RDRAND support by examining bit 30 of the ECX 
> > register
> returned by
> >   // CPUID. A value of 1 indicates that processor support RDRAND
> instruction.
> >   //
> >   AsmCpuid (1, 0, 0, , 0);
> >
> >   mRdRandSupported = ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
> >
> >   if (mRdRandSupported) {
> > mRdRandSupported = TestRdRand ();
> >   }
> >
> >   return EFI_SUCCESS;
> > }
> >
> >
> 
> See commit 9301e5644cef5a5234f71b178373dd508cabb9ee
> 
> The old code had
> 
> +BOOLEAN
> +EFIAPI
> +ArchIsRngSupported (
> +  VOID
> +  )
> +{
> +  /*
> + Existing software depends on this always returning TRUE, so for
> + now hard-code it.
> +
> + return mRdRandSupported;
> +  */
> +  return TRUE;
> +}
> 
> 
> 
> > >
> > > >
> > > > To fix this function, can we call real CPUID instruction to 
> > > > return real
> value?
> > > >
> > >
> > > That would be better. But this change just restores the old behavior.
> > > And on top of that, Yi Li already merged it.
> >
> > [Jiewen] I don’t think it is right to merge it without thorough review.
> >
> > I think we need follow 24 hour rule.
> > Any patch requires at least 24 hours before merge, to give people 
> > chance to
> review and feedback.
> >
> 
> Agreed.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119587): https://edk2.groups.io/g/devel/message/119587
Mute This Topic: https://groups.io/mt/10288/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND

[Li, Yi]

Hi Jiewen,

Currently Host lib using a dummy AsmCpuid implementation:
BaseLib\X86UnitTestHost.c
AsmCpuid -> UnitTestHostBaseLibAsmCpuid -> Return all zero (BIT30 of ECX 
hardcode to 1 after change of Gerd)

Did you mean prefer to use real AsmCpuid func in Host?
Or only use cpuid to check RdRand bit and set it.

Regards,
Yi

-Original Message-
From: Ard Biesheuvel  
Sent: Saturday, June 15, 2024 1:16 AM
To: Yao, Jiewen 
Cc: Li, Yi1 ; Gerd Hoffmann ; 
devel@edk2.groups.io; Hou, Wenxing ; Kinney, Michael D 
; Pedro Falcato 
Subject: Re: [edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND

On Fri, 14 Jun 2024 at 18:45, Yao, Jiewen  wrote:
>
>
> > -Original Message-
> > From: Ard Biesheuvel 
> > Sent: Saturday, June 15, 2024 12:14 AM
> > To: Yao, Jiewen 
> > Cc: Li, Yi1 ; Gerd Hoffmann ; 
> > devel@edk2.groups.io; Hou, Wenxing ; Kinney, 
> > Michael D ; Pedro Falcato 
> > 
> > Subject: Re: [edk2-devel] CryptoPkg host test broken due to 
> > smoketest for RDRAND
> >
> > On Fri, 14 Jun 2024 at 18:09, Yao, Jiewen  wrote:
> > >
> > > Hey
> > > This PR seems just a workaround.
> > >
> > > I don't feel it is right solution to hardcode BIT30.
> > > What if the host platform does not have such capability? You will 
> > > get failure
> > later.
> > >
> >
> > Agreed. But that was already the case: RngLib assumed that RDRAND 
> > was implemented without checking CPUID at all, and so the code was 
> > already broken on systems without RDRAND.
>
> [Jiewen] Sorry, I don’t understand your comment. " implemented without 
> checking CPUID at all "
>
> See below code. It does use CPUID to check the capability.
>
> EFI_STATUS
> EFIAPI
> BaseRngLibConstructor (
>   VOID
>   )
> {
>   UINT32  RegEcx;
>
>   //
>   // Determine RDRAND support by examining bit 30 of the ECX register 
> returned by
>   // CPUID. A value of 1 indicates that processor support RDRAND instruction.
>   //
>   AsmCpuid (1, 0, 0, , 0);
>
>   mRdRandSupported = ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
>
>   if (mRdRandSupported) {
> mRdRandSupported = TestRdRand ();
>   }
>
>   return EFI_SUCCESS;
> }
>
>

See commit 9301e5644cef5a5234f71b178373dd508cabb9ee

The old code had

+BOOLEAN
+EFIAPI
+ArchIsRngSupported (
+  VOID
+  )
+{
+  /*
+ Existing software depends on this always returning TRUE, so for
+ now hard-code it.
+
+ return mRdRandSupported;
+  */
+  return TRUE;
+}



> >
> > >
> > > To fix this function, can we call real CPUID instruction to return real 
> > > value?
> > >
> >
> > That would be better. But this change just restores the old behavior.
> > And on top of that, Yi Li already merged it.
>
> [Jiewen] I don’t think it is right to merge it without thorough review.
>
> I think we need follow 24 hour rule.
> Any patch requires at least 24 hours before merge, to give people chance to 
> review and feedback.
>

Agreed.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119585): https://edk2.groups.io/g/devel/message/119585
Mute This Topic: https://groups.io/mt/10288/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND

[Li, Yi]

> I think we need follow 24 hour rule.
> Any patch requires at least 24 hours before merge, to give people chance to 
> review and feedback.

Sure I will follow this rule future.
There is a critical Mbedtls bug based on this patch (blocked build) so I merged 
this patch quickly to unblock CI.
https://github.com/tianocore/edk2/pull/5773


Thanks,
Yi

-Original Message-
From: Yao, Jiewen  
Sent: Saturday, June 15, 2024 12:45 AM
To: Ard Biesheuvel 
Cc: Li, Yi1 ; Gerd Hoffmann ; 
devel@edk2.groups.io; Hou, Wenxing ; Kinney, Michael D 
; Pedro Falcato 
Subject: RE: [edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND


> -Original Message-
> From: Ard Biesheuvel 
> Sent: Saturday, June 15, 2024 12:14 AM
> To: Yao, Jiewen 
> Cc: Li, Yi1 ; Gerd Hoffmann ; 
> devel@edk2.groups.io; Hou, Wenxing ; Kinney, 
> Michael D ; Pedro Falcato 
> 
> Subject: Re: [edk2-devel] CryptoPkg host test broken due to smoketest 
> for RDRAND
> 
> On Fri, 14 Jun 2024 at 18:09, Yao, Jiewen  wrote:
> >
> > Hey
> > This PR seems just a workaround.
> >
> > I don't feel it is right solution to hardcode BIT30.
> > What if the host platform does not have such capability? You will 
> > get failure
> later.
> >
> 
> Agreed. But that was already the case: RngLib assumed that RDRAND was 
> implemented without checking CPUID at all, and so the code was already 
> broken on systems without RDRAND.

[Jiewen] Sorry, I don’t understand your comment. " implemented without checking 
CPUID at all "

See below code. It does use CPUID to check the capability.

EFI_STATUS
EFIAPI
BaseRngLibConstructor (
  VOID
  )
{
  UINT32  RegEcx;

  //
  // Determine RDRAND support by examining bit 30 of the ECX register returned 
by
  // CPUID. A value of 1 indicates that processor support RDRAND instruction.
  //
  AsmCpuid (1, 0, 0, , 0);

  mRdRandSupported = ((RegEcx & RDRAND_MASK) == RDRAND_MASK);

  if (mRdRandSupported) {
mRdRandSupported = TestRdRand ();
  }

  return EFI_SUCCESS;
}


> 
> >
> > To fix this function, can we call real CPUID instruction to return real 
> > value?
> >
> 
> That would be better. But this change just restores the old behavior.
> And on top of that, Yi Li already merged it.

[Jiewen] I don’t think it is right to merge it without thorough review.

I think we need follow 24 hour rule.
Any patch requires at least 24 hours before merge, to give people chance to 
review and feedback.







-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119582): https://edk2.groups.io/g/devel/message/119582
Mute This Topic: https://groups.io/mt/10288/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND

[Li, Yi]

Yes we did use PRNG(DRBG), the entropy pool is polled from HW RngLib. Seed is 
generated by TSC.

Regards,
Yi

From: Ard Biesheuvel 
Sent: Friday, June 14, 2024 3:52 PM
To: Li, Yi1 
Cc: Yao, Jiewen ; devel@edk2.groups.io; Hou, Wenxing 
; Kinney, Michael D ; Pedro 
Falcato 
Subject: Re: CryptoPkg host test broken due to smoketest for RDRAND

For crypto unit tests, it is generally better to use a pseudo-random RNG, with 
a known (but not constant) seed, so that potential failures can be diagnosed 
more easily. E.g., the seed could be logged in the test output.


On Fri, 14 Jun 2024 at 09:24, Li, Yi1 
mailto:yi1...@intel.com>> wrote:
Yes, we can create a host test specific lib if no better ways.

Regards,
Yi

From: Yao, Jiewen mailto:jiewen@intel.com>>
Sent: Friday, June 14, 2024 3:20 PM
To: Li, Yi1 mailto:yi1...@intel.com>>; 
devel@edk2.groups.io
Cc: Hou, Wenxing mailto:wenxing@intel.com>>; Kinney, 
Michael D mailto:michael.d.kin...@intel.com>>; 
Pedro Falcato mailto:pedro.falc...@gmail.com>>; Ard 
Biesheuvel mailto:ardb%2btianoc...@kernel.org>>
Subject: RE: CryptoPkg host test broken due to smoketest for RDRAND

Can we use a host test specific RngLib?



From: Li, Yi1 mailto:yi1...@intel.com>>
Sent: Friday, June 14, 2024 3:08 PM
To: devel@edk2.groups.io
Cc: Hou, Wenxing mailto:wenxing@intel.com>>; Yao, 
Jiewen mailto:jiewen@intel.com>>; Kinney, Michael D 
mailto:michael.d.kin...@intel.com>>; Pedro Falcato 
mailto:pedro.falc...@gmail.com>>; Ard Biesheuvel 
mailto:ardb+tianoc...@kernel.org>>
Subject: CryptoPkg host test broken due to smoketest for RDRAND

All crypto host tests which consumed randlib broken due to:
https://github.com/tianocore/edk2/pull/5714
Not sure why this issue not reported  by CI when merge this PR.

The reason is that the ```BaseRngLibConstructor``` of rnglib is not called in 
host test, so ```mRdRandSupported``` is not enabled.
Then the Crypto API calls ```GetRandomNumber*``` will fail.
GetRandomNumber64 (
  OUT UINT64  *Rand
  )
{
  ……
  if (!ArchIsRngSupported ()) {
return FALSE;
  }

Is there a way to let unit test host to call the constructors correctly?

Regards,
Yi



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119573): https://edk2.groups.io/g/devel/message/119573
Mute This Topic: https://groups.io/mt/10288/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND

[Li, Yi]

Approved, appreciate your quick response.

Thanks,
Yi 

-Original Message-
From: Gerd Hoffmann  
Sent: Friday, June 14, 2024 6:41 PM
To: devel@edk2.groups.io; Li, Yi1 
Cc: Hou, Wenxing ; Yao, Jiewen ; 
Kinney, Michael D ; Pedro Falcato 
; Ard Biesheuvel 
Subject: Re: [edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND

On Fri, Jun 14, 2024 at 07:07:41AM GMT, Li, Yi wrote:
> All crypto host tests which consumed randlib broken due to:
> https://github.com/tianocore/edk2/pull/5714
> Not sure why this issue not reported  by CI when merge this PR.
> 
> The reason is that the ```BaseRngLibConstructor``` of rnglib is not called in 
> host test, so ```mRdRandSupported``` is not enabled.
> Then the Crypto API calls ```GetRandomNumber*``` will fail.
> GetRandomNumber64 (
>   OUT UINT64  *Rand
>   )
> {
>   ..
>   if (!ArchIsRngSupported ()) {
> return FALSE;
>   }
> 
> Is there a way to let unit test host to call the constructors correctly?

https://github.com/tianocore/edk2/pull/5775

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119572): https://edk2.groups.io/g/devel/message/119572
Mute This Topic: https://groups.io/mt/10288/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND

[Li, Yi]

Yes, we can create a host test specific lib if no better ways.

Regards,
Yi

From: Yao, Jiewen 
Sent: Friday, June 14, 2024 3:20 PM
To: Li, Yi1 ; devel@edk2.groups.io
Cc: Hou, Wenxing ; Kinney, Michael D 
; Pedro Falcato ; Ard 
Biesheuvel 
Subject: RE: CryptoPkg host test broken due to smoketest for RDRAND

Can we use a host test specific RngLib?



From: Li, Yi1 mailto:yi1...@intel.com>>
Sent: Friday, June 14, 2024 3:08 PM
To: devel@edk2.groups.io
Cc: Hou, Wenxing mailto:wenxing@intel.com>>; Yao, 
Jiewen mailto:jiewen@intel.com>>; Kinney, Michael D 
mailto:michael.d.kin...@intel.com>>; Pedro Falcato 
mailto:pedro.falc...@gmail.com>>; Ard Biesheuvel 
mailto:ardb+tianoc...@kernel.org>>
Subject: CryptoPkg host test broken due to smoketest for RDRAND

All crypto host tests which consumed randlib broken due to:
https://github.com/tianocore/edk2/pull/5714
Not sure why this issue not reported  by CI when merge this PR.

The reason is that the ```BaseRngLibConstructor``` of rnglib is not called in 
host test, so ```mRdRandSupported``` is not enabled.
Then the Crypto API calls ```GetRandomNumber*``` will fail.
GetRandomNumber64 (
  OUT UINT64  *Rand
  )
{
  ..
  if (!ArchIsRngSupported ()) {
return FALSE;
  }

Is there a way to let unit test host to call the constructors correctly?

Regards,
Yi



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119569): https://edk2.groups.io/g/devel/message/119569
Mute This Topic: https://groups.io/mt/10288/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND

[Li, Yi]

All crypto host tests which consumed randlib broken due to:
https://github.com/tianocore/edk2/pull/5714
Not sure why this issue not reported  by CI when merge this PR.

The reason is that the ```BaseRngLibConstructor``` of rnglib is not called in 
host test, so ```mRdRandSupported``` is not enabled.
Then the Crypto API calls ```GetRandomNumber*``` will fail.
GetRandomNumber64 (
  OUT UINT64  *Rand
  )
{
  ..
  if (!ArchIsRngSupported ()) {
return FALSE;
  }

Is there a way to let unit test host to call the constructors correctly?

Regards,
Yi



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119567): https://edk2.groups.io/g/devel/message/119567
Mute This Topic: https://groups.io/mt/10288/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] CryptoPkg: Fix BaseCryptLib CrtWrapper strcpy

[Li, Yi]

Thanks for your patch, this is a known issue: 
https://bugzilla.tianocore.org/show_bug.cgi?id=2817

Could you also update other wrappers in CrtWrapper.h and add BZ link to commit 
message?

Edk2 has switched to github pr code review process, you can raise PR in 
https://github.com/tianocore/edk2/pulls directly.

Regards,
Yi

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Witt, Sebastian 
via groups.io
Sent: Tuesday, June 4, 2024 12:19 AM
To: devel@edk2.groups.io
Subject: [edk2-devel] [PATCH] CryptoPkg: Fix BaseCryptLib CrtWrapper strcpy


strcpy fails when strSource is closer than 4096 bytes after strDest.

This is caused by an overlap check in AsciiStrCpyS:
  //
  // 5. Copying shall not take place between objects that overlap.
  //
  SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap 
(Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);

Since DestMax is MAX_STRING_SIZE (0x1000) and with a Source that is in this 
area behind Destination, AsciiStrCpyS will fail and strcpy will do nothing.

When called by CRYPTO_strdup in openssl this leads to uninitialzed memory that 
gets accessed instead of the copied string.

Signed-of-by: Sebastian Witt 
---
 CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c 
b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
index 37cdecc9bd..880ed140fd 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
@@ -271,7 +271,7 @@ strcpy (
   const char  *strSource
   )
 {
-  AsciiStrCpyS (strDest, MAX_STRING_SIZE, strSource);
+  AsciiStrCpyS (strDest, AsciiStrnSizeS (strSource, MAX_STRING_SIZE), 
+ strSource);
   return strDest;
 }
 
--
2.39.2








-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119443): https://edk2.groups.io/g/devel/message/119443
Mute This Topic: https://groups.io/mt/106471263/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] CryptoPkg OpensslLib TLSv1.3 support

[Li, Yi]

No, Tls1.3 is not supported yet: 
https://github.com/tianocore/edk2/blob/7142e648416ff5d3eac6c6d607874805f5de0ca8/CryptoPkg/Library/OpensslLib/OpensslGen/include/openssl/configuration-ec.h#L271-L273

We have a BZ to track it but afaik no dedicated folk working on it.
https://bugzilla.tianocore.org/show_bug.cgi?id=2424

Regards,
Yi

From: devel@edk2.groups.io  On Behalf Of eddie wang
Sent: Tuesday, May 21, 2024 11:39 AM
To: devel@edk2.groups.io
Subject: [edk2-devel] CryptoPkg OpensslLib TLSv1.3 support

Hi all,
I have a question about the OpenSSL library in CryptoPkg. Does tlsv1.3 support 
exist in the current OpensslLib? If not, is there a way to make TLSV1.3 support 
possible?
Many thanks.

BR,
Eddie



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119097): https://edk2.groups.io/g/devel/message/119097
Mute This Topic: https://groups.io/mt/106217831/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix bug for correct return value checking when get X509Cert

[Li, Yi]

Hi @sounthar...@ami.com,

I already asked Qingyu to help raise patch.
Will merge it after hard freeze.

Thanks,
Yi 

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Li, Yi
Sent: Wednesday, May 15, 2024 11:32 PM
To: devel@edk2.groups.io; Shang, Qingyu 
Cc: Yao, Jiewen 
Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix bug for correct return 
value checking when get X509Cert


Looks good to me.
Reviewed-by: Yi Li 

We are in Hard Freeze phase, will push it after freeze. Thanks.

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Qingyu
Sent: Wednesday, May 15, 2024 8:58 PM
To: devel@edk2.groups.io
Cc: Shang, Qingyu ; Yao, Jiewen ; 
Li, Yi1 
Subject: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix bug for correct return value 
checking when get X509Cert

From: Qingyu 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4509

CryptX509.c file has X509GetTBSCert() funtion and it is added Inf variable to 
collect the return value of ASN1_get_object(), which return 0x80 in error case. 
Supplement the return value check during the second function call and correct 
the check logic.

Signed-off-by: Qingyu 
Cc: Jiewen Yao 
Cc: Yi Li 
---
 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c 
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
index 1182323b63ee..7ebec9dbad5b 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -839,17 +839,17 @@ X509GetTBSCert (
   Length = 0;
   Inf= ASN1_get_object (, (long *), (int *), (int 
*), (long)CertSize);
 
-  if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {
+  if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) {
 return FALSE;
   }
 
   *TBSCert = (UINT8 *)Temp;
 
-  ASN1_get_object (, (long *), (int *), (int *), 
(long)Length);
+  Inf = ASN1_get_object (, (long *), (int *), (int 
+ *), (long)Length);
   //
   // Verify the parsed TBSCertificate is one correct SEQUENCE data.
   //
-  if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {
+  if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) {
 return FALSE;
   }
 
--
2.44.0.windows.1













-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119066): https://edk2.groups.io/g/devel/message/119066
Mute This Topic: https://groups.io/mt/106113214/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V3 1/1] CryptoPkg: Remove deprecated code related to SHA-1

[Li, Yi]

Looks good to me.
Reviewed-by: Yi Li 

We are in Hard Freeze phase, will push it after freeze. Thanks.

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Qingyu
Sent: Thursday, May 16, 2024 3:35 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 
Subject: [edk2-devel] [PATCH V3 1/1] CryptoPkg: Remove deprecated code related 
to SHA-1

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4698

The default drbg type of randlib has been switched to aes_256_ctr in 
openssl1.1.1, so sha1 is not really used in RandomSeed(). Remove related code 
which do SHA-1 support checking in CryptRand.c and CryptRandTsc.c to avoid 
potential compatibility errors.

Signed-off-by: Shang Qingyu 
Cc: Jiewen Yao 
Cc: Yi Li 
---
 CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c| 8 
 CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c | 8 
 2 files changed, 16 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c 
b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c
index 9e2fcefe084e..51c7435898c7 100644
--- a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c
+++ b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c
@@ -42,14 +42,6 @@ RandomSeed (
 return FALSE;
   }
 
-  //
-  // The software PRNG implementation built in OpenSSL depends on message 
digest algorithm.
-  // Make sure SHA-1 digest algorithm is available here.
-  //
-  if (EVP_add_digest (EVP_sha1 ()) == 0) {
-return FALSE;
-  }
-
   //
   // Seed the pseudorandom number generator with user-supplied value.
   // NOTE: A cryptographic PRNG must be seeded with unpredictable data.
diff --git a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c 
b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c
index 30454bf10f9b..b94c16de562d 100644
--- a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c
+++ b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c
@@ -40,14 +40,6 @@ RandomSeed (
 return FALSE;
   }
 
-  //
-  // The software PRNG implementation built in OpenSSL depends on message 
digest algorithm.
-  // Make sure SHA-1 digest algorithm is available here.
-  //
-  if (EVP_add_digest (EVP_sha1 ()) == 0) {
-return FALSE;
-  }
-
   //
   // Seed the pseudorandom number generator with user-supplied value.
   // NOTE: A cryptographic PRNG must be seeded with unpredictable data.
--
2.44.0.windows.1








-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118954): https://edk2.groups.io/g/devel/message/118954
Mute This Topic: https://groups.io/mt/106130347/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Add support for aes128-sha256 and aes256-sha256 cipher

[Li, Yi]

Looks good to me.
Reviewed-by: Yi Li 

We are in Hard Freeze phase, will push it after freeze. Thanks.

-Original Message-
From: Shang, Qingyu  
Sent: Thursday, May 16, 2024 9:54 AM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 
Subject: [PATCH 1/1] CryptoPkg: Add support for aes128-sha256 and aes256-sha256 
cipher

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4739

AES256-SHA256 is a Tls1.2 suite we need to support, add it to deflt_ciphers in 
OpensslStub.

Signed-off-by: Shang Qingyu 
Cc: Jiewen Yao 
Cc: Yi Li 
---
 CryptoPkg/Library/OpensslLib/OpensslStub/uefiprov.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/CryptoPkg/Library/OpensslLib/OpensslStub/uefiprov.c 
b/CryptoPkg/Library/OpensslLib/OpensslStub/uefiprov.c
index 40ab7e937c69..f2af6a49d85e 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslStub/uefiprov.c
+++ b/CryptoPkg/Library/OpensslLib/OpensslStub/uefiprov.c
@@ -141,6 +141,17 @@ static const OSSL_ALGORITHM_CAPABLE deflt_ciphers[] = {
 ALG(PROV_NAMES_AES_192_GCM, ossl_aes192gcm_functions),
 ALG(PROV_NAMES_AES_128_GCM, ossl_aes128gcm_functions),
 
+ALGC (
+PROV_NAMES_AES_128_CBC_HMAC_SHA256,
+ossl_aes128cbc_hmac_sha256_functions,
+ossl_cipher_capable_aes_cbc_hmac_sha256
+),
+ALGC (
+PROV_NAMES_AES_256_CBC_HMAC_SHA256,
+ossl_aes256cbc_hmac_sha256_functions,
+ossl_cipher_capable_aes_cbc_hmac_sha256
+),
+
 { { NULL, NULL, NULL }, NULL }
 };
 static OSSL_ALGORITHM exported_ciphers[OSSL_NELEM(deflt_ciphers)];
--
2.44.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118945): https://edk2.groups.io/g/devel/message/118945
Mute This Topic: https://groups.io/mt/106127156/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V2 1/1] CryptoPkg: Remove outdated code related to deprecated SHA-1

[Li, Yi]

Hi, Qingyu

I am still not see any codes related to CryptRand.c, are you missed 'git add' 
for new change?

Regards,
Yi

-Original Message-
From: Shang, Qingyu  
Sent: Thursday, May 16, 2024 10:28 AM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 
Subject: [PATCH V2 1/1] CryptoPkg: Remove outdated code related to deprecated 
SHA-1

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4698

The default drbg type of randlib has been switched to aes_256_ctr in 
openssl1.1.1, so sha1 is not really used in RandomSeed(). Remove related code 
which do SHA-1 support checking in CryptRand.c and CryptRandTsc.c to avoid 
potential compatibility errors.

Signed-off-by: Shang Qingyu 
Cc: Jiewen Yao 
Cc: Yi Li 
---
 CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c | 8 
 1 file changed, 8 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c 
b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c
index 30454bf10f9b..b94c16de562d 100644
--- a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c
+++ b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c
@@ -40,14 +40,6 @@ RandomSeed (
 return FALSE;
   }
 
-  //
-  // The software PRNG implementation built in OpenSSL depends on message 
digest algorithm.
-  // Make sure SHA-1 digest algorithm is available here.
-  //
-  if (EVP_add_digest (EVP_sha1 ()) == 0) {
-return FALSE;
-  }
-
   //
   // Seed the pseudorandom number generator with user-supplied value.
   // NOTE: A cryptographic PRNG must be seeded with unpredictable data.
--
2.44.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118944): https://edk2.groups.io/g/devel/message/118944
Mute This Topic: https://groups.io/mt/106127679/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Remove deprecated code related to SHA-1

[Li, Yi]

Hi Qingyu,

1. Commit message is not clear enough, we need to clarify 'why removing SHA-1 
code does not affect the functionality of Rand'.
Could you please add:
The default drbg type of randlib has been switched to aes_256_ctr in 
openssl1.1.1, so sha1 is not really used in RandomSeed().

2. Please remove sha1 in BaseCryptLib\Rand\CryptRand.c also.

Thanks,
Yi

-Original Message-
From: Shang, Qingyu  
Sent: Wednesday, May 15, 2024 11:04 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 
Subject: [PATCH 1/1] CryptoPkg: Remove deprecated code related to SHA-1

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4698

SHA-1 is deprecated by NIST for any cryptographic use. Remove related code 
which do SHA-1 support checking in CryptRandTsc.c

Signed-off-by: Shang Qingyu 
Cc: Jiewen Yao 
Cc: Yi Li 
---
 CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c | 8 
 1 file changed, 8 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c 
b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c
index 30454bf10f9b..b94c16de562d 100644
--- a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c
+++ b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRandTsc.c
@@ -40,14 +40,6 @@ RandomSeed (
 return FALSE;
   }
 
-  //
-  // The software PRNG implementation built in OpenSSL depends on message 
digest algorithm.
-  // Make sure SHA-1 digest algorithm is available here.
-  //
-  if (EVP_add_digest (EVP_sha1 ()) == 0) {
-return FALSE;
-  }
-
   //
   // Seed the pseudorandom number generator with user-supplied value.
   // NOTE: A cryptographic PRNG must be seeded with unpredictable data.
--
2.44.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118925): https://edk2.groups.io/g/devel/message/118925
Mute This Topic: https://groups.io/mt/106115677/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix bug for correct return value checking when get X509Cert

[Li, Yi]

Looks good to me.
Reviewed-by: Yi Li 

We are in Hard Freeze phase, will push it after freeze. Thanks.

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Qingyu
Sent: Wednesday, May 15, 2024 8:58 PM
To: devel@edk2.groups.io
Cc: Shang, Qingyu ; Yao, Jiewen ; 
Li, Yi1 
Subject: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix bug for correct return value 
checking when get X509Cert

From: Qingyu 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4509

CryptX509.c file has X509GetTBSCert() funtion and it is added Inf variable to 
collect the return value of ASN1_get_object(), which return 0x80 in error case. 
Supplement the return value check during the second function call and correct 
the check logic.

Signed-off-by: Qingyu 
Cc: Jiewen Yao 
Cc: Yi Li 
---
 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c 
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
index 1182323b63ee..7ebec9dbad5b 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -839,17 +839,17 @@ X509GetTBSCert (
   Length = 0;
   Inf= ASN1_get_object (, (long *), (int *), (int 
*), (long)CertSize);
 
-  if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {
+  if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) {
 return FALSE;
   }
 
   *TBSCert = (UINT8 *)Temp;
 
-  ASN1_get_object (, (long *), (int *), (int *), 
(long)Length);
+  Inf = ASN1_get_object (, (long *), (int *), (int 
+ *), (long)Length);
   //
   // Verify the parsed TBSCertificate is one correct SEQUENCE data.
   //
-  if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {
+  if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) {
 return FALSE;
   }
 
--
2.44.0.windows.1








-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118924): https://edk2.groups.io/g/devel/message/118924
Mute This Topic: https://groups.io/mt/106113214/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

[Li, Yi]

This patch set was submitted before soft freeze and will not affect other 
existed codes, I am OK to merge it.

Hi Liming,

Do you have any comments?  I will merge it if no objections.

Thanks,
Yi

-Original Message-
From: Hou, Wenxing  
Sent: Thursday, May 9, 2024 4:29 PM
To: Li, Yi1 ; devel@edk2.groups.io
Cc: Yao, Jiewen ; gaoliming 
Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

Hi,

Thanks for your feedback.
The new PR is: https://github.com/tianocore/edk2/pull/5645

Could Li Yi help me merge the PR?

Thanks,
Wenxing

-Original Message-
From: Li, Yi1  
Sent: Thursday, May 9, 2024 2:54 PM
To: Hou, Wenxing ; devel@edk2.groups.io
Cc: Yao, Jiewen 
Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

For this patch set:

Looks good to me.
Reviewed-by: Yi Li 


-Original Message-
From: Hou, Wenxing  
Sent: Thursday, May 9, 2024 2:27 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 
Subject: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More 
RSA/PKCS5/pKCS7/Authenticode/Timestamp
implementation based on Mbedtls.

The patch has passed the EDKII CI check:
https://github.com/tianocore/edk2/pull/5552

And the patch has passed unit_test in EDKII and integration test for platform.
And the patch hass passed the fuzz test:
https://github.com/tianocore/edk2-staging/commit/4f19398053c92e4f7791d468a184530b6ab89128

v2 changes:
 - Fix format variable name/hardcode number issue;
 - Fix Pkcs7 memory leak;

v3 changes:
 - Fix some issues form reviewer;
 - Add SHA3/SM3 implementation;
 - Update *.inf files;

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 

Wenxing Hou (11):
  CryptoPkg: Add AeadAesGcm based on Mbedtls
  CryptoPkg: Add rand function for BaseCryptLibMbedTls
  CryptoPkg: Add Pem APIs based on Mbedtls
  CryptoPkg: Add X509 functions based on Mbedtls
  CryptoPkg: Add Pkcs7 related functions based on Mbedtls
  CryptoPkg: Add Pkcs5 functions based on Mbedtls
  CryptoPkg: Add more RSA related functions based on Mbedtls
  CryptoPkg: Add AuthenticodeVerify based on Mbedtls
  CryptoPkg: Add ImageTimestampVerify based on Mbedtls
  CryptoPkg: Update *.inf in BaseCryptLibMbedTls
  Add SHA3/SM3 functions with openssl for Mbedtls

 CryptoPkg/Include/Library/BaseCryptLib.h  |4 +
 .../BaseCryptLibMbedTls/BaseCryptLib.inf  |   47 +-
 .../Cipher/CryptAeadAesGcm.c  |  227 ++
 .../BaseCryptLibMbedTls/InternalCryptLib.h|   49 +
 .../BaseCryptLibMbedTls/PeiCryptLib.inf   |   27 +-
 .../BaseCryptLibMbedTls/Pem/CryptPem.c|  138 ++
 .../Pk/CryptAuthenticode.c|  214 ++
 .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c   |  278 +++
 .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c |  100 +
 .../Pk/CryptPkcs7Internal.h   |   29 +-
 .../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c   |  635 ++
 .../Pk/CryptPkcs7VerifyBase.c |  113 +
 .../Pk/CryptPkcs7VerifyCommon.c   | 1354 
 .../Pk/CryptPkcs7VerifyEku.c  |  689 ++
 .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c  |  352 +++
 .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c  |  140 ++  
.../Library/BaseCryptLibMbedTls/Pk/CryptTs.c  |  381 
 .../BaseCryptLibMbedTls/Pk/CryptX509.c| 1940 +
 .../BaseCryptLibMbedTls/Rand/CryptRand.c  |  114 +
 .../BaseCryptLibMbedTls/Rand/CryptRandTsc.c   |  114 +
 .../BaseCryptLibMbedTls/RuntimeCryptLib.inf   |   26 +-
 .../BaseCryptLibMbedTls/SmmCryptLib.inf   |   36 +-
 .../BaseCryptLibMbedTls/TestBaseCryptLib.inf  |   39 +-
 CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf   |6 +
 .../Library/MbedTlsLib/MbedTlsLibFull.inf |6 +
 25 files changed, 6973 insertions(+), 85 deletions(-)  create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEku.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c
 create mode 100644 CryptoPkg/Library

Re: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

[Li, Yi]

For this patch set:

Looks good to me.
Reviewed-by: Yi Li 


-Original Message-
From: Hou, Wenxing  
Sent: Thursday, May 9, 2024 2:27 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 
Subject: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More 
RSA/PKCS5/pKCS7/Authenticode/Timestamp
implementation based on Mbedtls.

The patch has passed the EDKII CI check:
https://github.com/tianocore/edk2/pull/5552

And the patch has passed unit_test in EDKII and integration test for platform.
And the patch hass passed the fuzz test:
https://github.com/tianocore/edk2-staging/commit/4f19398053c92e4f7791d468a184530b6ab89128

v2 changes:
 - Fix format variable name/hardcode number issue;
 - Fix Pkcs7 memory leak;

v3 changes:
 - Fix some issues form reviewer;
 - Add SHA3/SM3 implementation;
 - Update *.inf files;

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 

Wenxing Hou (11):
  CryptoPkg: Add AeadAesGcm based on Mbedtls
  CryptoPkg: Add rand function for BaseCryptLibMbedTls
  CryptoPkg: Add Pem APIs based on Mbedtls
  CryptoPkg: Add X509 functions based on Mbedtls
  CryptoPkg: Add Pkcs7 related functions based on Mbedtls
  CryptoPkg: Add Pkcs5 functions based on Mbedtls
  CryptoPkg: Add more RSA related functions based on Mbedtls
  CryptoPkg: Add AuthenticodeVerify based on Mbedtls
  CryptoPkg: Add ImageTimestampVerify based on Mbedtls
  CryptoPkg: Update *.inf in BaseCryptLibMbedTls
  Add SHA3/SM3 functions with openssl for Mbedtls

 CryptoPkg/Include/Library/BaseCryptLib.h  |4 +
 .../BaseCryptLibMbedTls/BaseCryptLib.inf  |   47 +-
 .../Cipher/CryptAeadAesGcm.c  |  227 ++
 .../BaseCryptLibMbedTls/InternalCryptLib.h|   49 +
 .../BaseCryptLibMbedTls/PeiCryptLib.inf   |   27 +-
 .../BaseCryptLibMbedTls/Pem/CryptPem.c|  138 ++
 .../Pk/CryptAuthenticode.c|  214 ++
 .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c   |  278 +++
 .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c |  100 +
 .../Pk/CryptPkcs7Internal.h   |   29 +-
 .../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c   |  635 ++
 .../Pk/CryptPkcs7VerifyBase.c |  113 +
 .../Pk/CryptPkcs7VerifyCommon.c   | 1354 
 .../Pk/CryptPkcs7VerifyEku.c  |  689 ++
 .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c  |  352 +++
 .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c  |  140 ++  
.../Library/BaseCryptLibMbedTls/Pk/CryptTs.c  |  381 
 .../BaseCryptLibMbedTls/Pk/CryptX509.c| 1940 +
 .../BaseCryptLibMbedTls/Rand/CryptRand.c  |  114 +
 .../BaseCryptLibMbedTls/Rand/CryptRandTsc.c   |  114 +
 .../BaseCryptLibMbedTls/RuntimeCryptLib.inf   |   26 +-
 .../BaseCryptLibMbedTls/SmmCryptLib.inf   |   36 +-
 .../BaseCryptLibMbedTls/TestBaseCryptLib.inf  |   39 +-
 CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf   |6 +
 .../Library/MbedTlsLib/MbedTlsLibFull.inf |6 +
 25 files changed, 6973 insertions(+), 85 deletions(-)  create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEku.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c

--
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118743): https://edk2.groups.io/g/devel/message/118743
Mute This Topic: https://groups.io/mt/105996826/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2] Add SHA3/SM3 functions with openssl for Mbedtls

[Li, Yi]

Looks good to me.
Reviewed-by: Yi Li 

-Original Message-
From: Hou, Wenxing  
Sent: Wednesday, April 24, 2024 4:25 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 
Subject: [PATCH v2] Add SHA3/SM3 functions with openssl for Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177



Because the Mbedlts 3.3.0 doesn't have SHA3 and Sm3, the SHA3 and Sm3

implementaion based on Openssl.

And the implementaion has passed build check.



Cc: Jiewen Yao 

Cc: Yi Li 

Signed-off-by: Wenxing Hou 

---

 CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf   | 9 +++--

 CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf| 9 +++--

 .../Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf  | 3 ++-

 CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf| 9 +++--

 .../Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf | 4 +++-

 CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf  | 6 ++

 CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf  | 6 ++

 7 files changed, 38 insertions(+), 8 deletions(-)



diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf

index 16def792c5..999054500f 100644

--- a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf

+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf

@@ -18,6 +18,7 @@

   MODULE_TYPE= DXE_DRIVER

   VERSION_STRING = 1.0

   LIBRARY_CLASS  = BaseCryptLib|DXE_DRIVER DXE_CORE 
UEFI_APPLICATION UEFI_DRIVER

+  DEFINE BASE_CRYPT_PATH = ../BaseCryptLib

 

 #

 # The following information is for reference only and not required by the 
build tools.

@@ -31,10 +32,14 @@

   Cipher/CryptAes.c

   Hash/CryptSha256.c

   Hash/CryptSha512.c

-  Hash/CryptParallelHashNull.c

-  Hash/CryptSm3Null.c

   Hash/CryptMd5.c

   Hash/CryptSha1.c

+  $(BASE_CRYPT_PATH)/Hash/CryptCShake256.c

+  $(BASE_CRYPT_PATH)/Hash/CryptDispatchApDxe.c

+  $(BASE_CRYPT_PATH)/Hash/CryptParallelHash.c

+  $(BASE_CRYPT_PATH)/Hash/CryptSha3.c

+  $(BASE_CRYPT_PATH)/Hash/CryptSm3.c

+  $(BASE_CRYPT_PATH)/Hash/CryptXkcp.c

   Hmac/CryptHmac.c

   Kdf/CryptHkdf.c

   Pk/CryptRsaBasic.c

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf

index 72b22a24e8..a153c0c8e4 100644

--- a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf

+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf

@@ -26,6 +26,7 @@

   MODULE_TYPE= PEIM

   VERSION_STRING = 1.0

   LIBRARY_CLASS  = BaseCryptLib|PEIM PEI_CORE

+  DEFINE BASE_CRYPT_PATH = ../BaseCryptLib

 

 #

 # The following information is for reference only and not required by the 
build tools.

@@ -38,9 +39,13 @@

   Hash/CryptMd5.c

   Hash/CryptSha1.c

   Hash/CryptSha256.c

-  Hash/CryptSm3Null.c

   Hash/CryptSha512.c

-  Hash/CryptParallelHashNull.c

+  $(BASE_CRYPT_PATH)/Hash/CryptCShake256.c

+  $(BASE_CRYPT_PATH)/Hash/CryptDispatchApPei.c

+  $(BASE_CRYPT_PATH)/Hash/CryptParallelHash.c

+  $(BASE_CRYPT_PATH)/Hash/CryptSha3.c

+  $(BASE_CRYPT_PATH)/Hash/CryptSm3.c

+  $(BASE_CRYPT_PATH)/Hash/CryptXkcp.c

   Hmac/CryptHmac.c

   Kdf/CryptHkdf.c

   Cipher/CryptAes.c

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf

index 9f17ef00bf..1b33dbdaad 100644

--- a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf

+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf

@@ -25,6 +25,7 @@

   VERSION_STRING = 1.0

   LIBRARY_CLASS  = BaseCryptLib|DXE_RUNTIME_DRIVER

   CONSTRUCTOR= RuntimeCryptLibConstructor

+  DEFINE BASE_CRYPT_PATH = ../BaseCryptLib

 

 #

 # The following information is for reference only and not required by the 
build tools.

@@ -37,9 +38,9 @@

   Hash/CryptMd5.c

   Hash/CryptSha1.c

   Hash/CryptSha256.c

-  Hash/CryptSm3Null.c

   Hash/CryptSha512.c

   Hash/CryptParallelHashNull.c

+  $(BASE_CRYPT_PATH)/Hash/CryptSm3.c

   Hmac/CryptHmac.c

   Kdf/CryptHkdf.c

   Cipher/CryptAes.c

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf

index 40c56d1b7d..d9a9cb8d10 100644

--- a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf

+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf

@@ -24,6 +24,7 @@

   VERSION_STRING = 1.0

   PI_SPECIFICATION_VERSION   = 0x0001000A

   LIBRARY_CLASS  = BaseCryptLib|DXE_SMM_DRIVER SMM_CORE 
MM_STANDALONE

+  DEFINE BASE_CRYPT_PATH = ../BaseCryptLib

 

 #

 # The following information is for reference only and not required by the 
build tools.

@@ -36,9 +37,13 @@

   Hash/CryptMd5.c

   Hash/CryptSha1.c

   Hash/CryptSha256.c

-  Hash/CryptSm3Null.c

   Hash/CryptSha512.c

-  

Re: [edk2-devel] [PATCH 0/9] Add more crypt APIs based on Mbedtls

[Li, Yi]

I found some magic number and format issues, please check comments in your PR.

Regards,
Yi

-Original Message-
From: Hou, Wenxing  
Sent: Tuesday, April 16, 2024 3:51 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 
Subject: [PATCH 0/9] Add more crypt APIs based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More RSA/PKCS5 
/pKCS7/Authenticode/Timestamp implementation based on Mbedtls.

The patch has passed the EDKII CI check:
https://github.com/tianocore/edk2/pull/5552

And the patch has passed unit_test in EDKII and integration test for platform.
And the patch hass passed the fuzz test:
https://github.com/tianocore/edk2-staging/commit/4f19398053c92e4f7791d468a184530b6ab89128

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 

Wenxing Hou (9):
  CryptoPkg: Add AeadAesGcm based on Mbedtls
  CryptoPkg: Add rand function for BaseCryptLibMbedTls
  CryptoPkg: Add Pem APIs based on Mbedtls
  CryptoPkg: Add X509 functions based on Mbedtls
  CryptoPkg: Add Pkcs7 related functions based on Mbedtls
  CryptoPkg: Add Pkcs5 functions based on Mbedtls
  CryptoPkg: Add more RSA related functions based on Mbedtls
  CryptoPkg: Add AuthenticodeVerify based on Mbedtls
  CryptoPkg: Add ImageTimestampVerify based on Mbedtls

 CryptoPkg/CryptoPkg.ci.yaml   |1 +
 .../Cipher/CryptAeadAesGcm.c  |  227 ++
 .../BaseCryptLibMbedTls/InternalCryptLib.h|   49 +
 .../BaseCryptLibMbedTls/Pem/CryptPem.c|  138 ++
 .../Pk/CryptAuthenticode.c|  214 ++
 .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c   |  278 +++
 .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c |  100 +
 .../Pk/CryptPkcs7Internal.h   |   20 +-
 .../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c   |  615 ++
 .../Pk/CryptPkcs7VerifyBase.c |  113 +
 .../Pk/CryptPkcs7VerifyCommon.c   | 1315 +++
 .../Pk/CryptPkcs7VerifyEku.c  |  689 ++
 .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c  |  346 +++
 .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c  |  137 ++  
.../Library/BaseCryptLibMbedTls/Pk/CryptTs.c  |  381 
 .../BaseCryptLibMbedTls/Pk/CryptX509.c| 1924 +
 .../BaseCryptLibMbedTls/Rand/CryptRand.c  |  105 +
 .../BaseCryptLibMbedTls/Rand/CryptRandTsc.c   |  105 +
 18 files changed, 6745 insertions(+), 12 deletions(-)  create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEku.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c

--
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118073): https://edk2.groups.io/g/devel/message/118073
Mute This Topic: https://groups.io/mt/105552830/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 5/9] CryptoPkg: Add Pkcs7 related functions based on Mbedtls

[Li, Yi]

The pools used to store cert chain are not released properly, which will lead 
to memory leak problems
Please ensure MbedtlsPkcs7SignedData.Certificates are handled correctly when:
  1. error occurred in Pkcs7GetSigner/SignedData
  2. Pkcs7Verify finished.

Regards,
Yi

-Original Message-
From: Hou, Wenxing  
Sent: Tuesday, April 16, 2024 3:51 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 
Subject: [PATCH 5/9] CryptoPkg: Add Pkcs7 related functions based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Because the current Mbedlts pkcs7 library doesn't support
authenticatedAttributes:
Mbed-TLS/mbedtls@bb82ab7
and only support 0 or 1 certificates in Signed data:
tianocore/edk2-staging@9c5b26b

The patch implement Pkcs7 by low Mbedtls Api.
And the implementation has pass unit_tes and integration test.

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 
---
 .../BaseCryptLibMbedTls/InternalCryptLib.h|   33 +
 .../Pk/CryptPkcs7Internal.h   |   20 +-
 .../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c   |  615 
 .../Pk/CryptPkcs7VerifyBase.c |  113 ++
 .../Pk/CryptPkcs7VerifyCommon.c   | 1315 +
 .../Pk/CryptPkcs7VerifyEku.c  |  689 +
 6 files changed, 2773 insertions(+), 12 deletions(-)
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEku.c

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h 
b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
index e2c7e42ecb..1b9742c166 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
@@ -38,4 +38,37 @@ MbedtlsRand (
   UINT8  *output,

   UINTN  len

   );

+

+/**

+  Check input P7Data is a wrapped ContentInfo structure or not. If not 
construct

+  a new structure to wrap P7Data.

+

+  Caution: This function may receive untrusted input.

+  UEFI Authenticated Variable is external input, so this function will do basic

+  check for PKCS#7 data structure.

+

+  @param[in]  P7Data   Pointer to the PKCS#7 message to verify.

+  @param[in]  P7Length Length of the PKCS#7 message in bytes.

+  @param[out] WrapFlag If TRUE P7Data is a ContentInfo structure, otherwise

+   return FALSE.

+  @param[out] WrapData If return status of this function is TRUE:

+   1) when WrapFlag is TRUE, pointer to P7Data.

+   2) when WrapFlag is FALSE, pointer to a new 
ContentInfo

+   structure. It's caller's responsibility to free this

+   buffer.

+  @param[out] WrapDataSize Length of ContentInfo structure in bytes.

+

+  @retval TRUE The operation is finished successfully.

+  @retval FALSEThe operation is failed due to lack of resources.

+

+**/

+BOOLEAN

+WrapPkcs7Data (

+  IN  CONST UINT8  *P7Data,

+  IN  UINTNP7Length,

+  OUT BOOLEAN  *WrapFlag,

+  OUT UINT8**WrapData,

+  OUT UINTN*WrapDataSize

+  );

+

 #endif

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h
index 207f493cbb..d4bdb0abf7 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h
@@ -4,7 +4,7 @@
 

   RFC 2315 - PKCS #7: Cryptographic Message Syntax Version 1.5

 

-Copyright (c) 2023, Intel Corporation. All rights reserved.

+Copyright (c) 2023-2024, Intel Corporation. All rights reserved.

 SPDX-License-Identifier: BSD-2-Clause-Patent

 

 **/

@@ -31,10 +31,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define MBEDTLS_OID_PKCS7_DIGESTED_DATA  MBEDTLS_OID_PKCS7 "\x05"

 #define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x06"

 

-typedef mbedtls_asn1_buf MBEDTLSPKCS7BUF;

-typedef mbedtls_asn1_named_data  MBEDTLSPKCS7NAME;

-typedef mbedtls_asn1_sequenceMBEDTLSPKCS7SEQUENCE;

-

 ///

 /// PKCS7 SignerInfo type

 /// https://tools.ietf.org/html/rfc2315#section-9.2

@@ -48,8 +44,8 @@ typedef struct MbedtlsPkcs7SignerInfo {
   mbedtls_x509_buf SigAlgIdentifier;

   mbedtls_x509_buf AuthAttr;

   mbedtls_x509_buf Sig;

-  struct MBEDTLSPKCS7SIGNERINFO*Next;

-} MBEDTLSPKCS7SIGNERINFO;

+  struct MbedtlsPkcs7SignerInfo*Next;

+} MbedtlsPkcs7SignerInfo;

 

 ///

 /// PKCS7 signed data attached data format

@@ -57,7 +53,7 @@ typedef struct MbedtlsPkcs7SignerInfo {
 typedef struct MbedtlsPkcs7Data {

   mbedtls_asn1_bufOid;

   

Re: [edk2-devel] [PATCH] Add SHA3/SM3 functions with openssl for Mbedtls

[Li, Yi]

Adding a copy of BaseCryptLib/Sm3/Sha3 seems like a workaround to me.
I prefer to use files directly from BaseCryptLib, such like:

DEFINE BASE_CRYPT_PATH= ../BaseCryptLib
[Sources]
  $(BASE_CRYPT_PATH)/Hash/CryptDispatchApDxe.c
  ...

Then I think DummyOpensslSupport.c should not be needed.

Regards,
Yi

-Original Message-
From: Hou, Wenxing  
Sent: Monday, April 22, 2024 9:34 AM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 
Subject: [PATCH] Add SHA3/SM3 functions with openssl for Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Because the Mbedlts 3.3.0 doesn't have SHA3 and Sm3, the SHA3 and Sm3
implementaion based on Openssl.

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 
---
 CryptoPkg/CryptoPkg.ci.yaml   |   1 +
 .../BaseCryptLibMbedTls/Hash/CryptCShake256.c | 282 +
 .../Hash/CryptDispatchApDxe.c |  49 ++
 .../Hash/CryptDispatchApMm.c  |  35 ++
 .../Hash/CryptDispatchApPei.c |  54 ++
 .../Hash/CryptParallelHash.c  | 254 
 .../Hash/CryptParallelHash.h  | 231 +++
 .../BaseCryptLibMbedTls/Hash/CryptSha3.c  | 166 +
 .../BaseCryptLibMbedTls/Hash/CryptSm3.c   | 235 +++
 .../BaseCryptLibMbedTls/Hash/CryptXkcp.c  | 107 
 .../SysCall/DummyOpensslSupport.c | 595 ++
 CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf   |   6 +
 .../Library/MbedTlsLib/MbedTlsLibFull.inf |   6 +
 13 files changed, 2021 insertions(+)
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptCShake256.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptDispatchApDxe.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptDispatchApMm.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptDispatchApPei.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptParallelHash.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptParallelHash.h
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSha3.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptSm3.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptXkcp.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/SysCall/DummyOpensslSupport.c

diff --git a/CryptoPkg/CryptoPkg.ci.yaml b/CryptoPkg/CryptoPkg.ci.yaml
index b601bcf85c..046cc05163 100644
--- a/CryptoPkg/CryptoPkg.ci.yaml
+++ b/CryptoPkg/CryptoPkg.ci.yaml
@@ -40,6 +40,7 @@
 "Library/Include/CrtLibSupport.h",

 # This has OpenSSL interfaces that aren't UEFI spec compliant

 "Library/BaseCryptLib/Hash/CryptParallelHash.h",

+"Library/BaseCryptLibMbedTls/Hash/CryptParallelHash.h",

 "Library/Include/fcntl.h",

 # This has Mbedtls interfaces that aren't UEFI spec compliant

 "Library/Include/stdint.h",

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptCShake256.c 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptCShake256.c
new file mode 100644
index 00..64d8fa97c5
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Hash/CryptCShake256.c
@@ -0,0 +1,282 @@
+/** @file

+  cSHAKE-256 Digest Wrapper Implementations.

+

+Copyright (c) 2024, Intel Corporation. All rights reserved.

+SPDX-License-Identifier: BSD-2-Clause-Patent

+

+**/

+

+#include "CryptParallelHash.h"

+

+#define  CSHAKE256_SECURITY_STRENGTH  256

+#define  CSHAKE256_RATE_IN_BYTES  136

+

+CONST CHAR8  mZeroPadding[CSHAKE256_RATE_IN_BYTES] = { 0 };

+

+/**

+  CShake256 initial function.

+

+  Initializes user-supplied memory pointed by CShake256Context as cSHAKE-256 
hash context for

+  subsequent use.

+

+  @param[out] CShake256Context  Pointer to cSHAKE-256 context being 
initialized.

+  @param[in]  OutputLen The desired number of output length in bytes.

+  @param[in]  Name  Pointer to the function name string.

+  @param[in]  NameLen   The length of the function name in bytes.

+  @param[in]  Customization Pointer to the customization string.

+  @param[in]  CustomizationLen  The length of the customization string in 
bytes.

+

+  @retval TRUE   cSHAKE-256 context initialization succeeded.

+  @retval FALSE  cSHAKE-256 context initialization failed.

+  @retval FALSE  This interface is not supported.

+**/

+BOOLEAN

+EFIAPI

+CShake256Init (

+  OUT  VOID*CShake256Context,

+  IN   UINTN   OutputLen,

+  IN   CONST VOID  *Name,

+  IN   UINTN   NameLen,

+  IN   CONST VOID  *Customization,

+  IN   UINTN   CustomizationLen

+  )

+{

+  BOOLEAN  Status;

+  UINT8EncBuf[sizeof (UINTN) + 1];

+  UINTNEncLen;

+  UINTNAbsorbLen;

+  UINTNPadLen;

+

+  //

+  // Check input parameters.

+  //

+  if ((CShake256Context == NULL) || (OutputLen == 0) || ((NameLen != 0) && 
(Name == NULL)) || ((CustomizationLen != 0) && 

Re: [edk2-devel] [PATCH v2 0/3] CryptoPkg/BaseCryptLib: add additional RSAES-OAEP crypto functions

[Li, Yi]

Pushed: https://github.com/tianocore/edk2/pull/5532

Thanks,
Yi

-Original Message-
From: Li, Yi1 
Sent: Monday, April 1, 2024 9:46 AM
To: devel@edk2.groups.io; cruf...@millcore.com
Cc: Chris Ruffin ; Yao, Jiewen 
; Hou, Wenxing 
Subject: RE: [edk2-devel] [PATCH v2 0/3] CryptoPkg/BaseCryptLib: add additional 
RSAES-OAEP crypto functions

Appreciate your efforts in optimization of unit test, for this patch set:

Looks good to me.
Reviewed-by: Yi Li 

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Chris Ruffin via 
groups.io
Sent: Sunday, March 31, 2024 6:00 AM
To: devel@edk2.groups.io
Cc: Chris Ruffin 
Subject: [edk2-devel] [PATCH v2 0/3] CryptoPkg/BaseCryptLib: add additional 
RSAES-OAEP crypto functions

From: Chris Ruffin 

v2 patchset adds:
- Add digest length parameter to RsaOaepEncrypt(), RsaOaepDecrypt() so that 
SHA256, SHA384, SHA512 message digests and mask generation functions can be 
used with the API.
- Add NullLib implementation for BaseCryptLibMbedTls
- Cleanups from v1 review
- Significantly refactored and expanded test suite:
  - Use UNIT_TEST_CONTEXT and abstaction to run same tests on
Pkcs1v2Encrypt()/Pkcs1v2Decrypt() and RsaOaepEncrypt() RsaOaepDecrypt()
  - Align DER Certificate / PrivateKey used with Pkcs1v2 APIs
with RsaN, RsaE, RsaD parameters used by RsaOaep APIs
so that they represent the same keys.
  - Implement fixed ciphertext test for Pkcs1v2Decrypt(), RsaOaepDecrypt()
  - Implementation was also checked with wycheproof test vectors (not
included in the patch).

Chris Ruffin (3):
  CryptoPkg/BaseCryptLib: add additional RSAES-OAEP crypto functions
  CryptoPkg/Driver: add additional RSAES-OAEP crypto functions
  CryptoPkg/BaseCryptLibUnitTest: add unit test functions

 CryptoPkg/Driver/Crypto.c | 130 ++-
 CryptoPkg/Include/Library/BaseCryptLib.h  | 117 +++
 .../Pcd/PcdCryptoServiceFamilyEnable.h|   4 +
 .../Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c  | 598 --
 .../BaseCryptLib/Pk/CryptPkcs1OaepNull.c  | 130 ++-
 .../Pk/CryptPkcs1OaepNull.c   | 135 +++-
 .../BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c  | 130 ++-
 .../BaseCryptLibOnProtocolPpi/CryptLib.c  | 114 +++
 CryptoPkg/Private/Protocol/Crypto.h   | 109 ++-
 .../Library/BaseCryptLib/OaepEncryptTests.c   | 758 --
 10 files changed, 2098 insertions(+), 127 deletions(-)

--
2.44.0.windows.1








-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117474): https://edk2.groups.io/g/devel/message/117474
Mute This Topic: https://groups.io/mt/105239222/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() function return value is not checked properly in CryptX509.c.

[Li, Yi]

Hi,

Please remove 'Reviewed-by: @yi1...@intel.com' and send V2 patch to 
devel@edk2.groups.io by send-email. 

Generate V2 patch:
Add '--subject-prefix="PATCH V2" ' when you format patch:
git format-patch --subject-prefix="PATCH V2" ...

The content of patch looks good to me, will give you my Reviewed-by and push it 
after receiving your V2 patch.

Thanks,
Yi

-Original Message-
From: Sountharya N  
Sent: Monday, April 1, 2024 7:23 PM
To: Li, Yi1 ; devel@edk2.groups.io
Cc: MANI, SRINIVASAN ; Prarthana Sagar V 
; Yao, Jiewen ; Hou, Wenxing 

Subject: RE: [EXTERNAL] RE: [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() 
function return value is not checked properly in CryptX509.c.

Hi Yi,

As you suggested, modified the changes and gave PR. Here I have attached the 
Link for reference.
https://github.com/tianocore/edk2/pull/5507

Thanks,
Sountharya

-Original Message-
From: Li, Yi1 
Sent: Thursday, March 28, 2024 7:17 AM
To: devel@edk2.groups.io; Sountharya N 
Cc: Srinivasan Mani ; Prarthana Sagar V 
; Yao, Jiewen ; Hou, Wenxing 

Subject: [EXTERNAL] RE: [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() 
function return value is not checked properly in CryptX509.c.


**CAUTION: The e-mail below is from an external source. Please exercise caution 
before opening attachments, clicking links, or following guidance.**

Hi,

Please follow the correct upstream process to avoid Github CI errors.
https://github.com/tianocore/tianocore.github.io/wiki/Laszlo%27s-unkempt-git-guide-for-edk2-contributors-and-maintainers#contributor-workflow
You are missing your Sign-off and Cc maintainers in this patch, And please add 
BZ link to commit message: ''REF: 
https://bugzilla.tianocore.org/show_bug.cgi?id=4509''.

For your code change, '''ASN1_get_object() return error''' or  
''ASN1_get_object() success but Asn1Tag != V_ASN1_SEQUENCE ''' both need to 
be treated as errors and returned.
So you should use logic or instead of and.

Before you send V2 patch, please create a PR in EDK2 github to test CI: 
https://github.com/tianocore/edk2/pulls

Regards,
Yi

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Sountharya N via 
groups.io
Sent: Tuesday, March 19, 2024 1:44 PM
To: devel@edk2.groups.io; Sountharya N 
Cc: MANI, SRINIVASAN ; Prarthana Sagar V 

Subject: [edk2-devel] [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() 
function return value is not checked properly in CryptX509.c.

Added Inf variable, and the error case returned value was checked properly.
---
 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c 
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
index 1182323b63..ac05441383 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -839,17 +839,17 @@ X509GetTBSCert (
   Length = 0;

   Inf= ASN1_get_object (, (long *), (int *), (int 
*), (long)CertSize);



-  if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {

+  if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) {

 return FALSE;

   }



   *TBSCert = (UINT8 *)Temp;



-  ASN1_get_object (, (long *), (int *), (int *), 
(long)Length);

+  Inf= ASN1_get_object (, (long *), (int *), (int 
*), (long)Length);

   //

   // Verify the parsed TBSCertificate is one correct SEQUENCE data.

   //

-  if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {

+  if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) {

 return FALSE;

   }



--
2.35.1.windows.2
-The information contained in this message may be confidential and proprietary 
to American Megatrends (AMI). This communication is intended to be read only by 
the individual or entity to whom it is addressed or by their designee. If the 
reader of this message is not the intended recipient, you are on notice that 
any distribution of this message, in any form, is strictly prohibited. Please 
promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and 
then delete or destroy all copies of the transmission.





-The information contained in this message may be confidential and proprietary 
to American Megatrends (AMI). This communication is intended to be read only by 
the individual or entity to whom it is addressed or by their designee. If the 
reader of this message is not the intended recipient, you are on notice that 
any distribution of this message, in any form, is strictly prohibited. Please 
promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and 
then delete or destroy all copies of the transmission.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117301): https://edk2.groups.io/g/devel/message/117301
Mute This Topic: https://groups.io/mt/105019593/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub 

Re: [edk2-devel] [PATCH v2 0/3] CryptoPkg/BaseCryptLib: add additional RSAES-OAEP crypto functions

[Li, Yi]

Appreciate your efforts in optimization of unit test, for this patch set:

Looks good to me.
Reviewed-by: Yi Li 

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Chris Ruffin via 
groups.io
Sent: Sunday, March 31, 2024 6:00 AM
To: devel@edk2.groups.io
Cc: Chris Ruffin 
Subject: [edk2-devel] [PATCH v2 0/3] CryptoPkg/BaseCryptLib: add additional 
RSAES-OAEP crypto functions

From: Chris Ruffin 

v2 patchset adds:
- Add digest length parameter to RsaOaepEncrypt(), RsaOaepDecrypt() so that 
SHA256, SHA384, SHA512 message digests and mask generation functions can be 
used with the API.
- Add NullLib implementation for BaseCryptLibMbedTls
- Cleanups from v1 review
- Significantly refactored and expanded test suite:
  - Use UNIT_TEST_CONTEXT and abstaction to run same tests on
Pkcs1v2Encrypt()/Pkcs1v2Decrypt() and RsaOaepEncrypt() RsaOaepDecrypt()
  - Align DER Certificate / PrivateKey used with Pkcs1v2 APIs
with RsaN, RsaE, RsaD parameters used by RsaOaep APIs
so that they represent the same keys.
  - Implement fixed ciphertext test for Pkcs1v2Decrypt(), RsaOaepDecrypt()
  - Implementation was also checked with wycheproof test vectors (not
included in the patch).

Chris Ruffin (3):
  CryptoPkg/BaseCryptLib: add additional RSAES-OAEP crypto functions
  CryptoPkg/Driver: add additional RSAES-OAEP crypto functions
  CryptoPkg/BaseCryptLibUnitTest: add unit test functions

 CryptoPkg/Driver/Crypto.c | 130 ++-
 CryptoPkg/Include/Library/BaseCryptLib.h  | 117 +++
 .../Pcd/PcdCryptoServiceFamilyEnable.h|   4 +
 .../Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c  | 598 --
 .../BaseCryptLib/Pk/CryptPkcs1OaepNull.c  | 130 ++-
 .../Pk/CryptPkcs1OaepNull.c   | 135 +++-
 .../BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c  | 130 ++-
 .../BaseCryptLibOnProtocolPpi/CryptLib.c  | 114 +++
 CryptoPkg/Private/Protocol/Crypto.h   | 109 ++-
 .../Library/BaseCryptLib/OaepEncryptTests.c   | 758 --
 10 files changed, 2098 insertions(+), 127 deletions(-)

--
2.44.0.windows.1








-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117272): https://edk2.groups.io/g/devel/message/117272
Mute This Topic: https://groups.io/mt/105239222/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 0/3] CryptoPkg: Optimize APIs in BaseCryptLibMbedTls

[Li, Yi]

For this patch set:

Looks good to me.
Reviewed-by: Yi Li 

-Original Message-
From: Hou, Wenxing  
Sent: Friday, March 29, 2024 10:33 AM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 
Subject: [PATCH 0/3] CryptoPkg: Optimize APIs in BaseCryptLibMbedTls

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4740
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4741
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4742


These patch will fix OPTIONAL location and update hash implementation and 
remove the interdependence for RsaPssVerify.
And these patch has paseed the EDKII CI test.
https://github.com/tianocore/edk2/pull/5501


Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 

Wenxing Hou (3):
  CryptoPkg: Update OPTIONAL location for BaseCryptLibMbedTls
  CryptoPkg: Update Md5/Sha1/Sha2 by using new mbedtls api
  CryptoPkg: Remove interdependence for RsaPssVerify

 .../BaseCryptLibMbedTls/Hash/CryptMd5.c   |  9 +--
 .../BaseCryptLibMbedTls/Hash/CryptSha1.c  |  9 +--
 .../BaseCryptLibMbedTls/Hash/CryptSha256.c|  9 +--
 .../BaseCryptLibMbedTls/Hash/CryptSha512.c| 17 ++---
 .../Pk/CryptPkcs1OaepNull.c   |  6 +-
 .../BaseCryptLibMbedTls/Pk/CryptRsaPss.c  | 74 +++
 .../BaseCryptLibMbedTls/Pk/CryptX509Null.c|  6 +-
 7 files changed, 35 insertions(+), 95 deletions(-)

--
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117226): https://edk2.groups.io/g/devel/message/117226
Mute This Topic: https://groups.io/mt/105210159/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() function return value is not checked properly in CryptX509.c.

[Li, Yi]

Hi,

Please follow the correct upstream process to avoid Github CI errors. 
https://github.com/tianocore/tianocore.github.io/wiki/Laszlo%27s-unkempt-git-guide-for-edk2-contributors-and-maintainers#contributor-workflow
You are missing your Sign-off and Cc maintainers in this patch,
And please add BZ link to commit message: ''REF: 
https://bugzilla.tianocore.org/show_bug.cgi?id=4509''.

For your code change, '''ASN1_get_object() return error''' or  
''ASN1_get_object() success but Asn1Tag != V_ASN1_SEQUENCE ''' both need to 
be treated as errors and returned.
So you should use logic or instead of and.

Before you send V2 patch, please create a PR in EDK2 github to test CI: 
https://github.com/tianocore/edk2/pulls

Regards,
Yi

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Sountharya N via 
groups.io
Sent: Tuesday, March 19, 2024 1:44 PM
To: devel@edk2.groups.io; Sountharya N 
Cc: MANI, SRINIVASAN ; Prarthana Sagar V 

Subject: [edk2-devel] [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() 
function return value is not checked properly in CryptX509.c.

Added Inf variable, and the error case returned value was checked properly.
---
 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c 
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
index 1182323b63..ac05441383 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -839,17 +839,17 @@ X509GetTBSCert (
   Length = 0;

   Inf= ASN1_get_object (, (long *), (int *), (int 
*), (long)CertSize);



-  if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {

+  if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) {

 return FALSE;

   }



   *TBSCert = (UINT8 *)Temp;



-  ASN1_get_object (, (long *), (int *), (int *), 
(long)Length);

+  Inf= ASN1_get_object (, (long *), (int *), (int 
*), (long)Length);

   //

   // Verify the parsed TBSCertificate is one correct SEQUENCE data.

   //

-  if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {

+  if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) {

 return FALSE;

   }



--
2.35.1.windows.2
-The information contained in this message may be confidential and proprietary 
to American Megatrends (AMI). This communication is intended to be read only by 
the individual or entity to whom it is addressed or by their designee. If the 
reader of this message is not the intended recipient, you are on notice that 
any distribution of this message, in any form, is strictly prohibited. Please 
promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and 
then delete or destroy all copies of the transmission.







-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117189): https://edk2.groups.io/g/devel/message/117189
Mute This Topic: https://groups.io/mt/105019593/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions

[Li, Yi]

Hi Chris,

1. Add BZ link to commit message,
2. Add null implementation of new APIs to BaseCryptLibMbedTls to avoid build 
error.
For other comments please check the PR: 
https://github.com/tianocore/edk2/pull/5473

Regards,
Yi

-Original Message-
From: Chris Ruffin  
Sent: Tuesday, March 19, 2024 10:16 PM
To: Li, Yi1 ; devel@edk2.groups.io
Cc: Chris Ruffin ; Yao, Jiewen 
; Hou, Wenxing 
Subject: RE: [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP 
crypto functions


Hi Yi, thanks for  your email.  I created a Bugzilla ticket for this, see 
Bugzilla ID #4732: https://bugzilla.tianocore.org/show_bug.cgi?id=4732.  The 
Pkcs1v2Encrypt() API is maintained but the implementation is refactored.  There 
is currently no Pkcs1v2Decrypt(), this is also a newly implemented API but the 
converse of Pkcs1v2Encypt().  Pkcs1v2Encrypt() (existing) and Pkcs1v2Decrypt() 
(new) both take they keys from DER-encoded certificates/keys.  RsaOaepEncrypt() 
and RsaOaepDecrypt() both take keys from RsaContext.  The internal functions 
use a common ENV_PKEY.

More from the Bugzilla:

BasecryptLib currently only provides RSAES-OAEP encryption capability with 
Pkcs1v2Encrypt() which takes as input a DER encoded x.509 certificate.  A DXE 
application which needs access to RSAES-OAEP encryption and decryption 
capabilities currently only has the option of statically linking OpensslLib and 
using functions such as RSA_public_encrypt() and RSA_private_decrypt().  These 
applications would benefit from an expanded access to RSAES-OAEP encryption / 
decryption capability in BaseCryptLib so that the shared crypto driver can be 
used and the applciation can be migrated away from RSA_public_decrypt() and 
RSA_private_decrypt() which are deprecated in Openssl 3.

There is the following challenges with migrating to BaseCryptLib interfaces:

1) BaseCryptLib Pkcs1v2Encrypt() requires the use of an X.509 
DER-encoded certificate to pass the public key.  This interface is dissimilar 
from the rest of the RSA APIs in BasecryptLib.  Applications that have used 
other RSA APIs from BaseCryptLib for key generation and management such as 
RsaGenerateKey() and RsaSetKey() will not have such a structure available.
2) BaseCryptLib currently exposes no decryption capability.

This feature provides an easy migration path for drivers/applications which 
need access to RSAES-OAEP encryption / decryption and that are currently using 
an RsaContext structure to pass key components to OpensslLib. These 
applications can be easily migrated to one of the new APIs to remove the direct 
dependency on OpensslLib, migrate away from deprecated interfaces, take 
advantage of CryptoPkg/Driver, and get BasecryptLib access to RSAES-OAEP 
decryption.

Key changes proposed:
InternalPkcs1v2Encrypt(): New internal-only function created from refactoring 
of Pkcs1v2Encrypt().  Takes key input from an ENV_PKEY and is used by both 
public functions Pkcs1v2Encrypt() and RsaOaepEncrypt().

Pkcs1v2Encrypt(): has been refactored to create InternalPkcs1v2Encrypt() but 
the public interface is maintained.

RsaOaepEncrypt(): New function takes key input from an RsaContext, creates an 
ENV_PKEY, and calls InternalPkcs1v2Encrypt()

InternalPkcs1v2Decrypt(): New internal-only function InternalPkcs1v2Decrypt() 
takes key input from an ENV_PKEY and provides the RSAES-OAEP decryption 
capability to Pkcs1v2Decrypt() and RsaOaepDecrypt().

Pkcs1v2Decrypt(): New public function Pkcs1v2Decrypt() takes a DER-encoded 
private key, creates an ENV_PKEY, and calls InternalPkcs1v2Decrypt()

RsaOaepDecrypt(): New public function RsaOaepDecrypt() takes a pointer to 
RsaContext, creates an ENV_PKEY, and calls InternalPkcs1v2Decrypt()

Thanks,

Chris


-Original Message-
From: Li, Yi1  
Sent: Monday, March 18, 2024 11:52 PM
To: Chris Ruffin ; devel@edk2.groups.io
Cc: Chris Ruffin ; Yao, Jiewen 
; Hou, Wenxing 
Subject: RE: [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP 
crypto functions

[You don't often get email from yi1...@intel.com. Learn why this is important 
at https://aka.ms/LearnAboutSenderIdentification ]

Hi Chris,

1. Please create a feature request BugZilla to introduce the background of the 
new API, such as purpose and application scenarios.
2. I took a quick look, the new API will make Pkcs1v2De/Encrypt support 
RsaContext input and the rest is same as old API right?

Regards,
Yi

-Original Message-
From: Chris Ruffin 
Sent: Tuesday, March 19, 2024 5:52 AM
To: devel@edk2.groups.io
Cc: Chris Ruffin ; Yao, Jiewen 
; Li, Yi1 ; Hou, Wenxing 

Subject: [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto 
functions

From: Chris Ruffin 

Expand the availability of the RSAEP-OAEP crypto capability in BaseCryptLib.  
Applications using RSA crypto functions directly from OpensslLib can transition 
to BaseCryptLib to take advantage of the shared crypto feature in CryptoDxe.

Pkcs1v2Decrypt(): decryption using 

Re: [edk2-devel] [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions

[Li, Yi]

Hi Chris,

1. Please create a feature request BugZilla to introduce the background of the 
new API, such as purpose and application scenarios.
2. I took a quick look, the new API will make Pkcs1v2De/Encrypt support 
RsaContext input and the rest is same as old API right?

Regards,
Yi

-Original Message-
From: Chris Ruffin  
Sent: Tuesday, March 19, 2024 5:52 AM
To: devel@edk2.groups.io
Cc: Chris Ruffin ; Yao, Jiewen 
; Li, Yi1 ; Hou, Wenxing 

Subject: [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto 
functions

From: Chris Ruffin 

Expand the availability of the RSAEP-OAEP crypto capability in BaseCryptLib.  
Applications using RSA crypto functions directly from OpensslLib can transition 
to BaseCryptLib to take advantage of the shared crypto feature in CryptoDxe.

Pkcs1v2Decrypt(): decryption using DER-encoded private key
RsaOaepEncrypt(): encryption using RSA contexts
RsaOaepDecrypt(): decryption using RSA contexts

Signed-off-by: Chris Ruffin 
Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Wenxing Hou 
---
 CryptoPkg/Include/Library/BaseCryptLib.h  | 102 
 .../Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c  | 506 --
 .../BaseCryptLib/Pk/CryptPkcs1OaepNull.c  | 114 
 .../BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c  | 114 
 4 files changed, 789 insertions(+), 47 deletions(-)

diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h 
b/CryptoPkg/Include/Library/BaseCryptLib.h
index a52bd91ad6..7ad2bf21fe 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -2147,6 +2147,108 @@ Pkcs1v2Encrypt (
   OUT  UINTN*EncryptedDataSize   ); +/**+  Encrypts a blob using 
PKCS1v2 (RSAES-OAEP) schema. On success, will return the+  encrypted message in 
a newly allocated buffer.++  Things that can cause a failure include:+  - X509 
key size does not match any known key size.+  - Fail to allocate an 
intermediate buffer.+  - Null pointer provided for a non-optional parameter.+  
- Data size is too large for the provided key size (max size is a function of 
key size+and hash digest size).++  @param[in]  RsaContext  A 
pointer to an RSA context created by RsaNew() and+  
provisioned with a public key using RsaSetKey().+  @param[in]  InData   
   Data to be encrypted.+  @param[in]  InDataSize  Size of the data 
buffer.+  @param[in]  PrngSeed[Optional] If provided, a pointer to 
a random seed buffer+  to be used when 
initializing the PRNG. NULL otherwise.+  @param[in]  PrngSeedSize
[Optional] If provided, size of the random seed buffer.+
  0 otherwise.+  @param[out] EncryptedData   Pointer to an 
allocated buffer containing the encrypted+  
message.+  @param[out] EncryptedDataSize   Size of the encrypted message 
buffer.++  @retval TRUEEncryption was successful.+  @retval 
FALSE   Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepEncrypt 
(+  IN   VOID *RsaContext,+  IN   UINT8*InData,+  IN   UINTN
InDataSize,+  IN   CONST UINT8  *PrngSeed   OPTIONAL,+  IN   UINTN
PrngSeedSize   OPTIONAL,+  OUT  UINT8**EncryptedData,+  OUT  UINTN  
  *EncryptedDataSize+  );++/**+  Decrypts a blob using PKCS1v2 (RSAES-OAEP) 
schema. On success, will return the+  decrypted message in a newly allocated 
buffer.++  Things that can cause a failure include:+  - Fail to parse private 
key.+  - Fail to allocate an intermediate buffer.+  - Null pointer provided for 
a non-optional parameter.++  @param[in]  PrivateKey  A pointer to the 
DER-encoded private key.+  @param[in]  PrivateKeySize  Size of the private 
key buffer.+  @param[in]  EncryptedData   Data to be decrypted.+  
@param[in]  EncryptedDataSize   Size of the encrypted buffer.+  @param[out] 
OutData Pointer to an allocated buffer containing the encrypted+
  message.+  @param[out] OutDataSize Size 
of the encrypted message buffer.++  @retval TRUEEncryption 
was successful.+  @retval FALSE   Encryption 
failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Decrypt (+  IN   CONST UINT8  *PrivateKey,+  
IN   UINTNPrivateKeySize,+  IN   UINT8*EncryptedData,+  IN   
UINTNEncryptedDataSize,+  OUT  UINT8**OutData,+  OUT  UINTN 
   *OutDataSize+  );++/**+  Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. 
On success, will return the+  decrypted message in a newly allocated buffer.++  
Things that can cause a failure include:+  - Fail to parse private key.+  - 
Fail to allocate an intermediate buffer.+  - Null pointer provided for a 
non-optional parameter.++  @param[in]  RsaContext  A pointer to an RSA 
context created by RsaNew() and+  provisioned 
with a private key using RsaSetKey().+  

Re: [edk2-devel] The API in BaseCryptLib can't seed the pseudorandom number generator properly

[Li, Yi]

Hi Eddie,

There will be build error if you didn’t include OpensslLib*.inf but consume 
openssl BaseCryptLib, are you using BaseCryptLibOnProtocolPpi?
This sounds strange, CryptRand should work fine in non-XIP environments, could 
you send me .map file of your application?

Regards,
Yi


From: eddie wang 
Sent: Thursday, February 29, 2024 5:49 PM
To: devel@edk2.groups.io; Li, Yi1 
Subject: Re: [edk2-devel] The API in BaseCryptLib can't seed the pseudorandom 
number generator properly

Hi and many thanks to all of you,
I'm not entirely sure if it's running in a XIP environment, but I think not. 
Our application executed on UEFI interactive shell and it was put in an USB 
device(as the FS0 showed in the screenshot). And here's another question as 
well, because I found that the drbg implementation counld not be fetched in our 
case,  and I discovered that our package did not include 
"OpensslLibCrypto.inf." Could it be connected to our problem?
[cid:image001.png@01DA6B44.21876340]


BR,
Eddie Wang

Li, Yi mailto:yi1...@intel.com>> 於 2024年2月20日 週二 上午9:49寫道：
Hi Eddie,

> the API in CryptPkg "RandomSeed()"(X64, in CryptRandTsc.c) always returned 
> false

Does your code run in a XIP environment? Such like PreMemory stage or other 
cases.
The setup of Randlib in OpenSsl 3.0 relies on global variables, so there may be 
an error if the global variables are read-only.

Regards,
Yi


-Original Message-
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> 
mailto:devel@edk2.groups.io>> On Behalf Of Yao, Jiewen
Sent: Tuesday, February 20, 2024 9:11 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; 
ler...@redhat.com<mailto:ler...@redhat.com>; eddie wang 
mailto:qw1562...@gmail.com>>
Subject: Re: [edk2-devel] The API in BaseCryptLib can't seed the pseudorandom 
number generator properly

Thanks Laslo and Eddie.

I am just back from Chinese New Year vocation, still checking email.

If you can file a Bugzilla (https://bugzilla.tianocore.org/) with source code 
of your app, that would be very helpful for us to investigate this issue.


> -Original Message-
> From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> 
> mailto:devel@edk2.groups.io>> On Behalf Of Laszlo
> Ersek
> Sent: Tuesday, February 20, 2024 4:18 AM
> To: eddie wang mailto:qw1562...@gmail.com>>
> Cc: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Subject: Re: [edk2-devel] The API in BaseCryptLib can't seed the
> pseudorandom number generator properly
>
> On 2/17/24 10:17, eddie wang wrote:
> > Hi Laszlo,
> > After digging dipper,  we found that the *EVP_RAND_fetch *in
> > "rand_new_seed" and "rand_new_drbg" both got NULL in our case. It's
> > meant the DRBG implementation could not be fetched. We also compared
> > it to the case on Linux, and they could both fetched DRBG
> > implementation correctly. Is it possible that the opensslLib 3.0.9
> > caused any compatibility issues with edk2?  Or has anyone else
> > encountered the same problem with these openssl services?
>
> Sorry, I can't say.
>
> If you have a small reproducer UEFI application that works fine when
> built with edk2-stable202305, but does not work when built against
> either edk2-stable202308 or current master, then filing a TianoCore BZ
> (regression) seems justified. (AFAICT it was edk2-stable202308 that
> incorporated the OpenSSL 3.0.9 upgrade, from 1.1.1u.) Attaching the
> source code of the small repro application to the ticket would likely
> be helpful.
>
> Laszlo
>
> > Laszlo Ersek mailto:ler...@redhat.com> 
> > <mailto:ler...@redhat.com<mailto:ler...@redhat.com>>> 於
> > 2024年2月
> > 15日 週四 下午7:48寫道：
> >
> > On 2/15/24 12:09, eddie wang wrote:
> > > Hi Laszlo,
> > > Thanks for your reply. How can I enable the DEBUGs at RandomSeed()
> > ? Or
> > > any suggesting information that I can provide?
> >
> > Sorry, upon a closer look, I see you had already narrowed it down to
> > RAND_seed() and RAND_status(), which are direct OpenSSL APIs. So my
> > suggestion would amount to adding DEBUGs to OpenSSL, such as to
> > RAND_seed() in
> > "CryptoPkg/Library/OpensslLib/openssl/crypto/rand/rand_lib.c".
> >
> > But, I think you may be able to do just that.
> > "CryptoPkg/Library/Include/CrtLibSupport.h" already includes
> > , and DebugLib is listed under [LibraryClasses] in each
> > instance of OpensslLib. So if you modify your
> > "CryptoPkg/Library/OpensslLib/openssl" submodule directory tree locally,
> > with the following patch:
> >
> > | diff --git a/crypto/rand/ra

Re: [edk2-devel] The API in BaseCryptLib can't seed the pseudorandom number generator properly

[Li, Yi]

Hi Eddie,

> the API in CryptPkg "RandomSeed()"(X64, in CryptRandTsc.c) always returned 
> false

Does your code run in a XIP environment? Such like PreMemory stage or other 
cases.
The setup of Randlib in OpenSsl 3.0 relies on global variables, so there may be 
an error if the global variables are read-only.

Regards,
Yi


-Original Message-
From: devel@edk2.groups.io  On Behalf Of Yao, Jiewen
Sent: Tuesday, February 20, 2024 9:11 AM
To: devel@edk2.groups.io; ler...@redhat.com; eddie wang 
Subject: Re: [edk2-devel] The API in BaseCryptLib can't seed the pseudorandom 
number generator properly

Thanks Laslo and Eddie.

I am just back from Chinese New Year vocation, still checking email.

If you can file a Bugzilla (https://bugzilla.tianocore.org/) with source code 
of your app, that would be very helpful for us to investigate this issue.


> -Original Message-
> From: devel@edk2.groups.io  On Behalf Of Laszlo 
> Ersek
> Sent: Tuesday, February 20, 2024 4:18 AM
> To: eddie wang 
> Cc: devel@edk2.groups.io
> Subject: Re: [edk2-devel] The API in BaseCryptLib can't seed the 
> pseudorandom number generator properly
> 
> On 2/17/24 10:17, eddie wang wrote:
> > Hi Laszlo,
> > After digging dipper,  we found that the *EVP_RAND_fetch *in 
> > "rand_new_seed" and "rand_new_drbg" both got NULL in our case. It's 
> > meant the DRBG implementation could not be fetched. We also compared 
> > it to the case on Linux, and they could both fetched DRBG 
> > implementation correctly. Is it possible that the opensslLib 3.0.9 
> > caused any compatibility issues with edk2?  Or has anyone else 
> > encountered the same problem with these openssl services?
> 
> Sorry, I can't say.
> 
> If you have a small reproducer UEFI application that works fine when 
> built with edk2-stable202305, but does not work when built against 
> either edk2-stable202308 or current master, then filing a TianoCore BZ
> (regression) seems justified. (AFAICT it was edk2-stable202308 that 
> incorporated the OpenSSL 3.0.9 upgrade, from 1.1.1u.) Attaching the 
> source code of the small repro application to the ticket would likely 
> be helpful.
> 
> Laszlo
> 
> > Laszlo Ersek mailto:ler...@redhat.com>> 於 
> > 2024年2月
> > 15日 週四 下午7:48寫道：
> >
> > On 2/15/24 12:09, eddie wang wrote:
> > > Hi Laszlo,
> > > Thanks for your reply. How can I enable the DEBUGs at RandomSeed()
> > ? Or
> > > any suggesting information that I can provide?
> >
> > Sorry, upon a closer look, I see you had already narrowed it down to
> > RAND_seed() and RAND_status(), which are direct OpenSSL APIs. So my
> > suggestion would amount to adding DEBUGs to OpenSSL, such as to
> > RAND_seed() in
> > "CryptoPkg/Library/OpensslLib/openssl/crypto/rand/rand_lib.c".
> >
> > But, I think you may be able to do just that.
> > "CryptoPkg/Library/Include/CrtLibSupport.h" already includes
> > , and DebugLib is listed under [LibraryClasses] in each
> > instance of OpensslLib. So if you modify your
> > "CryptoPkg/Library/OpensslLib/openssl" submodule directory tree locally,
> > with the following patch:
> >
> > | diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
> > | index 0fcf4fe3bc1e..e5f105268f52 100644
> > | --- a/crypto/rand/rand_lib.c
> > | +++ b/crypto/rand/rand_lib.c
> > | @@ -257,6 +257,8 @@ void RAND_seed(const void *buf, int num)
> > |      drbg = RAND_get0_primary(NULL);
> > |      if (drbg != NULL && num > 0)
> > |          EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num);
> > | +
> > | +    DEBUG ((DEBUG_INFO, "%a: hello\n", __func__));
> > |  }
> > |
> > |  void RAND_add(const void *buf, int num, double randomness)
> >
> > then you should get usable debug messages -- at least it builds for me.
> >
> > Inserting DEBUGs like this (over multiple rounds of testing / narrowing)
> > should lead you to the exact location that is responsible for the
> > initialization failure.
> >
> > You mention you have encountered the problem with a UEFI application.
> > That is relevant for choosing your DebugLib instance. If you already
> > have a function DebugLib instance for your platform (logging to the
> > serial port, for example), then just use that.
> >
> > Otherwise, consider building your UEFI application with a module scope
> > override in the DSC file, one that resolves DebugLib to
> >
> >   MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf
> >
> > or
> >
> >   MdePkg/Library/UefiDebugLibStdErr/UefiDebugLibStdErr.inf
> >
> > These will send DEBUG messages to the UEFI console or standard error
> > devices, respectively.
> >
> > hth
> > Laszlo
> >
> > > Laszlo Ersek mailto:ler...@redhat.com>
> > >> 於 2024年2月
> > > 8日 週四 上午5:03寫道：
> > >
> > >     On 2/6/24 08:00, eddie wang wrote:
> > >     > Hi all,
> > >  

Re: [edk2-devel] [PATCH] CryptoPkg: Add dummy inttypes header to fix clang build

[Li, Yi]

Looks good to me.
Reviewed-by: Yi Li 


-Original Message-
From: Hou, Wenxing  
Sent: Saturday, January 20, 2024 9:45 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 ; Jiang, 
Guomin 
Subject: [PATCH] CryptoPkg: Add dummy inttypes header to fix clang build

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4642

When use Mbedtls, there is a clang build error.
Add dummy inttypes header to fix clang build.

Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Guomin Jiang 
Signed-off-by: Wenxing Hou 
---
 CryptoPkg/CryptoPkg.ci.yaml  | 1 +
 CryptoPkg/Library/Include/inttypes.h | 9 +
 2 files changed, 10 insertions(+)
 create mode 100644 CryptoPkg/Library/Include/inttypes.h

diff --git a/CryptoPkg/CryptoPkg.ci.yaml b/CryptoPkg/CryptoPkg.ci.yaml index 
f961d85927..b601bcf85c 100644
--- a/CryptoPkg/CryptoPkg.ci.yaml
+++ b/CryptoPkg/CryptoPkg.ci.yaml
@@ -44,6 +44,7 @@
 # This has Mbedtls interfaces that aren't UEFI spec compliant  
   "Library/Include/stdint.h", "Library/Include/stubs-32.h",+   
 "Library/Include/inttypes.h", # These directories contain 
auto-generated OpenSSL content "Library/OpensslLib", 
"Library/IntrinsicLib",diff --git a/CryptoPkg/Library/Include/inttypes.h 
b/CryptoPkg/Library/Include/inttypes.h
new file mode 100644
index 00..3d44d8201d
--- /dev/null
+++ b/CryptoPkg/Library/Include/inttypes.h
@@ -0,0 +1,9 @@
+/** @file+  Include file to support building the third-party 
+cryptographic library.++Copyright (c) 2024, Intel Corporation. All 
+rights reserved.+SPDX-License-Identifier: 
+BSD-2-Clause-Patent++**/++#include --
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114123): https://edk2.groups.io/g/devel/message/114123
Mute This Topic: https://groups.io/mt/103849296/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

[Li, Yi]

Hi Jiewen,

Sounds strange, but new PRs in today all broken due to this issue, e.g.:
https://github.com/tianocore/edk2/pull/5210
https://github.com/tianocore/edk2/pull/5268


I checked build log, it matched the description from Gerd:
https://dev.azure.com/tianocore/11ea4a10-ac9f-4e5f-8b13-7def1f19d478/_apis/build/builds/114097/logs/350
2024-01-17T04:09:52.5996237Z INFO - /usr/bin/ld: 
DxeTpm2MeasureBootLibSanitization.obj (symbol from plugin): in function 
`SanitizeEfiPartitionTableHeader':
2024-01-17T04:09:52.6010570Z INFO - (.text+0x0): multiple definition of 
`SanitizeEfiPartitionTableHeader'; DxeTpmMeasureBootLibSanitization.obj (symbol 
from plugin):(.text+0x0): first defined here
2024-01-17T04:09:52.6020435Z INFO - /usr/bin/ld: 
DxeTpm2MeasureBootLibSanitization.obj (symbol from plugin): in function 
`SanitizeEfiPartitionTableHeader':
2024-01-17T04:09:52.6030987Z INFO - (.text+0x0): multiple definition of 
`SanitizePrimaryHeaderAllocationSize'; DxeTpmMeasureBootLibSanitization.obj 
(symbol from plugin):(.text+0x0): first defined here
2024-01-17T04:09:52.6040167Z INFO - /usr/bin/ld: 
DxeTpm2MeasureBootLibSanitization.obj (symbol from plugin): in function 
`SanitizeEfiPartitionTableHeader':
2024-01-17T04:09:52.6050625Z INFO - (.text+0x0): multiple definition of 
`SanitizePrimaryHeaderGptEventSize'; DxeTpmMeasureBootLibSanitization.obj 
(symbol from plugin):(.text+0x0): first defined here
2024-01-17T04:09:52.6061966Z INFO - /usr/bin/ld: 
DxeTpm2MeasureBootLibSanitization.obj (symbol from plugin): in function 
`SanitizeEfiPartitionTableHeader':
2024-01-17T04:09:52.6072661Z INFO - (.text+0x0): multiple definition of 
`SanitizePeImageEventSize'; DxeTpmMeasureBootLibSanitization.obj (symbol from 
plugin):(.text+0x0): first defined here
2024-01-17T04:10:12.9532147Z INFO - build.py...
2024-01-17T04:10:12.9593220Z INFO -  : error 7000: Failed to execute command
2024-01-17T04:10:23.2054653Z INFO - build.py...
2024-01-17T04:10:23.2055014Z INFO -  : error F002: Failed to build module
2024-01-17T04:10:23.2055379Z INFO - 
/__w/1/s/MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf [X64, GCC5, 
DEBUG]

-Original Message-
From: Yao, Jiewen  
Sent: Wednesday, January 17, 2024 4:09 PM
To: Li, Yi1 ; devel@edk2.groups.io; Gerd Hoffmann 

Cc: dougfl...@microsoft.com; Douglas Flick [MSFT] 
Subject: RE: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

Please check https://github.com/tianocore/edk2/pull/5264. It is merged after 
pass CI.

May I know where you see PR CI builds are broken?

Thank you
Yao, Jiewen

> -Original Message-
> From: Li, Yi1 
> Sent: Wednesday, January 17, 2024 3:21 PM
> To: devel@edk2.groups.io; Yao, Jiewen ; Gerd 
> Hoffmann 
> Cc: dougfl...@microsoft.com; Douglas Flick [MSFT] 
> 
> Subject: RE: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & 
> TCBZ4118
> 
> Hi Jiewen,
> 
> All EDK2 PR CI builds of OvmfPkg are broken due to this issue.
> Maybe we didn't have enough time to wait feedback and should fix the 
> CI issue first.
> 
> Regards,
> Yi
> 
> -Original Message-
> From: devel@edk2.groups.io  On Behalf Of Yao, 
> Jiewen
> Sent: Tuesday, January 16, 2024 10:38 PM
> To: Gerd Hoffmann ; devel@edk2.groups.io
> Cc: dougfl...@microsoft.com; Douglas Flick [MSFT] 
> 
> Subject: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & 
> TCBZ4118
> 
> Sure. Let's start from OVMF.
> 
> We have leaf enough time for feedback, but I see no comment from other people.
> 
> 
> > -Original Message-
> > From: Gerd Hoffmann 
> > Sent: Tuesday, January 16, 2024 10:35 PM
> > To: devel@edk2.groups.io; Yao, Jiewen 
> > Cc: dougfl...@microsoft.com; Douglas Flick [MSFT] 
> > 
> > Subject: Re: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 
> > &
> > TCBZ4118
> >
> > On Tue, Jan 16, 2024 at 01:30:43PM +, Yao, Jiewen wrote:
> > > Gerd
> > > I have merged this patch set today.
> > >
> > > I am fine to remove TPM1.2 in OVMF because of the known security
> limitation.
> >
> > I was thinking about the complete edk2 code base not only OVMF.
> >
> > But I can surely start with OVMF.  Maybe it is the only platform 
> > affected because on physical hardware you usually know whenever TPM
> > 1.2 or TPM 2.0 is present so there is no need to include both.
> >
> > take care,
> >   Gerd
> 
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113937): https://edk2.groups.io/g/devel/message/113937
Mute This Topic: https://groups.io/mt/103675434/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

[Li, Yi]

Hi Jiewen,

All EDK2 PR CI builds of OvmfPkg are broken due to this issue.
Maybe we didn't have enough time to wait feedback and should fix the CI issue 
first.

Regards,
Yi

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Yao, Jiewen
Sent: Tuesday, January 16, 2024 10:38 PM
To: Gerd Hoffmann ; devel@edk2.groups.io
Cc: dougfl...@microsoft.com; Douglas Flick [MSFT] 
Subject: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

Sure. Let's start from OVMF.

We have leaf enough time for feedback, but I see no comment from other people.


> -Original Message-
> From: Gerd Hoffmann 
> Sent: Tuesday, January 16, 2024 10:35 PM
> To: devel@edk2.groups.io; Yao, Jiewen 
> Cc: dougfl...@microsoft.com; Douglas Flick [MSFT] 
> 
> Subject: Re: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 &
> TCBZ4118
> 
> On Tue, Jan 16, 2024 at 01:30:43PM +, Yao, Jiewen wrote:
> > Gerd
> > I have merged this patch set today.
> >
> > I am fine to remove TPM1.2 in OVMF because of the known security limitation.
> 
> I was thinking about the complete edk2 code base not only OVMF.
> 
> But I can surely start with OVMF.  Maybe it is the only platform 
> affected because on physical hardware you usually know whenever TPM 
> 1.2 or TPM 2.0 is present so there is no need to include both.
> 
> take care,
>   Gerd








-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113933): https://edk2.groups.io/g/devel/message/113933
Mute This Topic: https://groups.io/mt/103675434/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V2 0/2] Update keybaord map based on UEFI spec 2.10

[Li, Yi]

Hi Liming,
Could you help merge below patches which got your reviewed-by?  Thanks!

https://github.com/tianocore/edk2/pull/5210
https://github.com/tianocore/edk2/pull/5187

Regards,
Yi


-Original Message-
From: gaoliming  
Sent: Monday, January 8, 2024 9:16 AM
To: Li, Yi1 ; devel@edk2.groups.io
Cc: Kinney, Michael D ; Liu, Zhiguang 
; 'Rebecca Cran' ; Feng, Bob C 
; Chen, Christine 
Subject: 回复: [PATCH V2 0/2] Update keybaord map based on UEFI spec 2.10

Reviewed-by: Liming Gao 

> -邮件原件-
> 发件人: Yi Li 
> 发送时间: 2023年12月25日 10:23
> 收件人: devel@edk2.groups.io
> 抄送: Yi Li ; Michael D Kinney 
> ; Liming Gao ; 
> Zhiguang Liu ; Rebecca Cran 
> ; Bob Feng ; Yuwei Chen 
> 
> 主题: [PATCH V2 0/2] Update keybaord map based on UEFI spec 2.10
> 
> REF: UEFI SPEC 2.10 34.8.10 EFI_KEY
> 
> Add EfiKeyIntl0-9.
> 
> Signed-off-by: Yi Li 
> 
> v2:
> Remove changes in HiiFramework.h because it should follow HII spec.
> 
> Cc: Michael D Kinney 
> Cc: Liming Gao 
> Cc: Zhiguang Liu 
> Cc: Rebecca Cran 
> Cc: Liming Gao 
> Cc: Bob Feng 
> Cc: Yuwei Chen 
> 
> Yi Li (2):
>   MdePkg: Update keybaord map based on UEFI spec 2.10
>   BaseTools: Update keybaord map based on UEFI spec 2.10
> 
>  .../Include/Common/UefiInternalFormRepresentation.h  | 12
> +++-
>  MdePkg/Include/Uefi/UefiInternalFormRepresentation.h | 12
> +++-
>  2 files changed, 22 insertions(+), 2 deletions(-)
> 
> --
> 2.42.0.windows.2





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113784): https://edk2.groups.io/g/devel/message/113784
Mute This Topic: https://groups.io/mt/103730745/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2] CryptoPkg: Fix redefinition error of int defines

[Li, Yi]

Looks good to me.
Reviewed-by: Yi Li 


-Original Message-
From: Hou, Wenxing  
Sent: Wednesday, January 10, 2024 7:36 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 ; Jiang, 
Guomin 
Subject: [PATCH v2] CryptoPkg: Fix redefinition error of int defines

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4632

Move the define to stdint and add MACRO to prevent duplicate inclusion.

Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Guomin Jiang 
Signed-off-by: Wenxing Hou 
---
 CryptoPkg/Library/Include/CrtLibSupport.h | 15 ---
 CryptoPkg/Library/Include/stdint.h| 19 +++
 2 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h 
b/CryptoPkg/Library/Include/CrtLibSupport.h
index 76591f12cb..f36fe08f0c 100644
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
@@ -424,19 +424,4 @@ strcpy (
 #define atoi(nptr)  AsciiStrDecimalToUintn(nptr)

 #define gettimeofday(tvp, tz)   do { (tvp)->tv_sec = time(NULL); 
(tvp)->tv_usec = 0; } while (0)

 

-//

-// only use in Mbedlts. The Openssl has defined them internally.

-//

-#ifndef OPENSSL_SYS_UEFI

-typedef INT8   int8_t;

-typedef UINT8  uint8_t;

-typedef INT16  int16_t;

-typedef UINT16 uint16_t;

-typedef INT32  int32_t;

-typedef UINT32 uint32_t;

-typedef INT64  int64_t;

-typedef UINT64 uint64_t;

-typedef UINTN  uintptr_t;

-#endif

-

 #endif

diff --git a/CryptoPkg/Library/Include/stdint.h 
b/CryptoPkg/Library/Include/stdint.h
index 786d57e8d5..e1f54b412e 100644
--- a/CryptoPkg/Library/Include/stdint.h
+++ b/CryptoPkg/Library/Include/stdint.h
@@ -6,4 +6,23 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 

 **/

 

+#ifndef CRYPTO_CRT_STDIO_H_

+#define CRYPTO_CRT_STDIO_H_

 #include 

+

+//

+// only use in Mbedlts. The Openssl has defined them internally.

+//

+#ifndef OPENSSL_SYS_UEFI

+typedef INT8   int8_t;

+typedef UINT8  uint8_t;

+typedef INT16  int16_t;

+typedef UINT16 uint16_t;

+typedef INT32  int32_t;

+typedef UINT32 uint32_t;

+typedef INT64  int64_t;

+typedef UINT64 uint64_t;

+typedef UINTN  uintptr_t;

+#endif

+

+#endif

-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113530): https://edk2.groups.io/g/devel/message/113530
Mute This Topic: https://groups.io/mt/103638905/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] CryptoPkg: change the define

[Li, Yi]

Hi, this title is too simple.
Please change it to CryptoPkg: Fix redefinition error of int defines

-Original Message-
From: Hou, Wenxing  
Sent: Wednesday, January 10, 2024 7:16 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 ; Jiang, 
Guomin 
Subject: [PATCH] CryptoPkg: change the define

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4632

Move the define to stdint and add MACRO to prevent duplicate inclusion.

Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Guomin Jiang 
Signed-off-by: Wenxing Hou 
---
 CryptoPkg/Library/Include/CrtLibSupport.h | 15 ---
 CryptoPkg/Library/Include/stdint.h| 19 +++
 2 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h 
b/CryptoPkg/Library/Include/CrtLibSupport.h
index 76591f12cb..f36fe08f0c 100644
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
@@ -424,19 +424,4 @@ strcpy (
 #define atoi(nptr)  AsciiStrDecimalToUintn(nptr)

 #define gettimeofday(tvp, tz)   do { (tvp)->tv_sec = time(NULL); 
(tvp)->tv_usec = 0; } while (0)

 

-//

-// only use in Mbedlts. The Openssl has defined them internally.

-//

-#ifndef OPENSSL_SYS_UEFI

-typedef INT8   int8_t;

-typedef UINT8  uint8_t;

-typedef INT16  int16_t;

-typedef UINT16 uint16_t;

-typedef INT32  int32_t;

-typedef UINT32 uint32_t;

-typedef INT64  int64_t;

-typedef UINT64 uint64_t;

-typedef UINTN  uintptr_t;

-#endif

-

 #endif

diff --git a/CryptoPkg/Library/Include/stdint.h 
b/CryptoPkg/Library/Include/stdint.h
index 786d57e8d5..e1f54b412e 100644
--- a/CryptoPkg/Library/Include/stdint.h
+++ b/CryptoPkg/Library/Include/stdint.h
@@ -6,4 +6,23 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 

 **/

 

+#ifndef CRYPTO_CRT_STDIO_H_

+#define CRYPTO_CRT_STDIO_H_

 #include 

+

+//

+// only use in Mbedlts. The Openssl has defined them internally.

+//

+#ifndef OPENSSL_SYS_UEFI

+typedef INT8   int8_t;

+typedef UINT8  uint8_t;

+typedef INT16  int16_t;

+typedef UINT16 uint16_t;

+typedef INT32  int32_t;

+typedef UINT32 uint32_t;

+typedef INT64  int64_t;

+typedef UINT64 uint64_t;

+typedef UINTN  uintptr_t;

+#endif

+

+#endif

-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113525): https://edk2.groups.io/g/devel/message/113525
Mute This Topic: https://groups.io/mt/103638765/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V2 0/2] Update keybaord map based on UEFI spec 2.10

[Li, Yi]

Thanks! I created a PR: https://github.com/tianocore/edk2/pull/5187
Could you help push it?

And there is another PR which reviewed by you and Wei: 
https://github.com/tianocore/edk2/pull/5210

-Original Message-
From: gaoliming  
Sent: Monday, January 8, 2024 9:16 AM
To: Li, Yi1 ; devel@edk2.groups.io
Cc: Kinney, Michael D ; Liu, Zhiguang 
; 'Rebecca Cran' ; Feng, Bob C 
; Chen, Christine 
Subject: 回复: [PATCH V2 0/2] Update keybaord map based on UEFI spec 2.10

Reviewed-by: Liming Gao 

> -邮件原件-
> 发件人: Yi Li 
> 发送时间: 2023年12月25日 10:23
> 收件人: devel@edk2.groups.io
> 抄送: Yi Li ; Michael D Kinney 
> ; Liming Gao ; 
> Zhiguang Liu ; Rebecca Cran 
> ; Bob Feng ; Yuwei Chen 
> 
> 主题: [PATCH V2 0/2] Update keybaord map based on UEFI spec 2.10
> 
> REF: UEFI SPEC 2.10 34.8.10 EFI_KEY
> 
> Add EfiKeyIntl0-9.
> 
> Signed-off-by: Yi Li 
> 
> v2:
> Remove changes in HiiFramework.h because it should follow HII spec.
> 
> Cc: Michael D Kinney 
> Cc: Liming Gao 
> Cc: Zhiguang Liu 
> Cc: Rebecca Cran 
> Cc: Liming Gao 
> Cc: Bob Feng 
> Cc: Yuwei Chen 
> 
> Yi Li (2):
>   MdePkg: Update keybaord map based on UEFI spec 2.10
>   BaseTools: Update keybaord map based on UEFI spec 2.10
> 
>  .../Include/Common/UefiInternalFormRepresentation.h  | 12
> +++-
>  MdePkg/Include/Uefi/UefiInternalFormRepresentation.h | 12
> +++-
>  2 files changed, 22 insertions(+), 2 deletions(-)
> 
> --
> 2.42.0.windows.2





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113421): https://edk2.groups.io/g/devel/message/113421
Mute This Topic: https://groups.io/mt/103615331/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 1/1] CryptoPkg: fix gcc build fail for CryptoPkgMbedtls

[Li, Yi]

Sounds good, thank you.

Reviewed-by: Yi Li 

-Original Message-
From: Hou, Wenxing  
Sent: Monday, January 8, 2024 4:23 PM
To: Li, Yi1 ; devel@edk2.groups.io
Cc: Yao, Jiewen ; Jiang, Guomin 
Subject: RE: [PATCH 1/1] CryptoPkg: fix gcc build fail for CryptoPkgMbedtls

Hi,

For VS build, the size is same for enable or disable MBEDTLS_NO_UDBL_DIVISION, 
because the previous code only had GCC build failure. This MACRO doesn't affect 
the VS build.

For GCC build, the previous code didn`t have the size because of the build 
failure.
To compare the size ,I add the dummy API for previous code:
tu_int __udivti3 (tu_int a, tu_int b)  { return 0;} And the size has very small 
change(<1kb) for enable or disable MBEDTLS_NO_UDBL_DIVISION.

Thanks
Wenxing


-Original Message-
From: Li, Yi1 
Sent: Thursday, January 4, 2024 4:59 PM
To: Hou, Wenxing ; devel@edk2.groups.io
Cc: Yao, Jiewen ; Jiang, Guomin 
Subject: RE: [PATCH 1/1] CryptoPkg: fix gcc build fail for CryptoPkgMbedtls

Hi,
> disabling it can reduce code size in some embedded targets.
Could you provide size change after/before this define enabled?

Thanks,
Yi

-Original Message-
From: Hou, Wenxing 
Sent: Thursday, January 4, 2024 4:34 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 ; Jiang, 
Guomin 
Subject: [PATCH 1/1] CryptoPkg: fix gcc build fail for CryptoPkgMbedtls

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4630

Enable MBEDTLS_NO_UDBL_DIVISION to fix GCC x64 build failure.

Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Guomin Jiang 
Signed-off-by: Wenxing Hou 
---
 CryptoPkg/Library/MbedTlsLib/Include/mbedtls/mbedtls_config.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CryptoPkg/Library/MbedTlsLib/Include/mbedtls/mbedtls_config.h 
b/CryptoPkg/Library/MbedTlsLib/Include/mbedtls/mbedtls_config.h
index ae9ef3a1b380..3068612c0815 100644
--- a/CryptoPkg/Library/MbedTlsLib/Include/mbedtls/mbedtls_config.h
+++ b/CryptoPkg/Library/MbedTlsLib/Include/mbedtls/mbedtls_config.h
@@ -67,7 +67,7 @@
  * example, if double-width division is implemented in software, disabling

  * it can reduce code size in some embedded targets.

  */

-// #define MBEDTLS_NO_UDBL_DIVISION

+#define MBEDTLS_NO_UDBL_DIVISION

 

 /**

  * \def MBEDTLS_NO_64BIT_MULTIPLICATION

--
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113371): https://edk2.groups.io/g/devel/message/113371
Mute This Topic: https://groups.io/mt/103519146/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 1/1] CryptoPkg: fix gcc build fail for CryptoPkgMbedtls

[Li, Yi]

Hi,
> disabling it can reduce code size in some embedded targets.
Could you provide size change after/before this define enabled?

Thanks,
Yi

-Original Message-
From: Hou, Wenxing  
Sent: Thursday, January 4, 2024 4:34 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 ; Jiang, 
Guomin 
Subject: [PATCH 1/1] CryptoPkg: fix gcc build fail for CryptoPkgMbedtls

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4630

Enable MBEDTLS_NO_UDBL_DIVISION to fix GCC x64 build failure.

Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Guomin Jiang 
Signed-off-by: Wenxing Hou 
---
 CryptoPkg/Library/MbedTlsLib/Include/mbedtls/mbedtls_config.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CryptoPkg/Library/MbedTlsLib/Include/mbedtls/mbedtls_config.h 
b/CryptoPkg/Library/MbedTlsLib/Include/mbedtls/mbedtls_config.h
index ae9ef3a1b380..3068612c0815 100644
--- a/CryptoPkg/Library/MbedTlsLib/Include/mbedtls/mbedtls_config.h
+++ b/CryptoPkg/Library/MbedTlsLib/Include/mbedtls/mbedtls_config.h
@@ -67,7 +67,7 @@
  * example, if double-width division is implemented in software, disabling

  * it can reduce code size in some embedded targets.

  */

-// #define MBEDTLS_NO_UDBL_DIVISION

+#define MBEDTLS_NO_UDBL_DIVISION

 

 /**

  * \def MBEDTLS_NO_64BIT_MULTIPLICATION

-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113154): https://edk2.groups.io/g/devel/message/113154
Mute This Topic: https://groups.io/mt/103519146/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 1/1] CryptoPkg: move define to CrtLibSupport

[Li, Yi]

Looks good to me.
Reviewed-by: Yi Li 


-Original Message-
From: Hou, Wenxing  
Sent: Thursday, January 4, 2024 4:20 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 ; Jiang, 
Guomin 
Subject: [PATCH 1/1] CryptoPkg: move define to CrtLibSupport

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4632

The before code will cause redefine error.
This patch move them to CrtLibSupport header.
But Openssl has already defined them internally, need to increase support for 
OPENSLL_SYS_UEFI judgment.

Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Guomin Jiang 
Signed-off-by: Wenxing Hou 
---
 CryptoPkg/Library/Include/CrtLibSupport.h | 15 +++
 CryptoPkg/Library/Include/stdint.h| 10 --
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h 
b/CryptoPkg/Library/Include/CrtLibSupport.h
index f36fe08f0c61..76591f12cb67 100644
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
@@ -424,4 +424,19 @@ strcpy (
 #define atoi(nptr)  AsciiStrDecimalToUintn(nptr) #define 
gettimeofday(tvp, tz)   do { (tvp)->tv_sec = time(NULL); (tvp)->tv_usec = 0; } 
while (0) +//+// only use in Mbedlts. The Openssl has defined them 
internally.+//+#ifndef OPENSSL_SYS_UEFI+typedef INT8   int8_t;+typedef UINT8  
uint8_t;+typedef INT16  int16_t;+typedef UINT16 uint16_t;+typedef INT32  
int32_t;+typedef UINT32 uint32_t;+typedef INT64  int64_t;+typedef UINT64 
uint64_t;+typedef UINTN  uintptr_t;+#endif+ #endifdiff --git 
a/CryptoPkg/Library/Include/stdint.h b/CryptoPkg/Library/Include/stdint.h
index 17b8c767d7be..786d57e8d53d 100644
--- a/CryptoPkg/Library/Include/stdint.h
+++ b/CryptoPkg/Library/Include/stdint.h
@@ -7,13 +7,3 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 **/  #include --typedef INT8int8_t;-typedef UINT8   
uint8_t;-typedef INT16   int16_t;-typedef UINT16  uint16_t;-typedef INT32   
int32_t;-typedef UINT32  uint32_t;-typedef INT64   int64_t;-typedef UINT64  
uint64_t;-typedef UINTN   uintptr_t;-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113152): https://edk2.groups.io/g/devel/message/113152
Mute This Topic: https://groups.io/mt/103519077/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V2 0/2] Add DECLARE_LENGTH opcode of dependency expression

[Li, Yi]

Hi Liming,

I created a PR and CI passed, could you help merge it?
https://github.com/tianocore/edk2/pull/5210

Thanks,
Yi

-Original Message-
From: gaoliming  
Sent: Wednesday, January 3, 2024 8:52 AM
To: Xu, Wei6 ; Li, Yi1 ; 
devel@edk2.groups.io
Cc: Kinney, Michael D ; Liu, Zhiguang 

Subject: 回复: [PATCH V2 0/2] Add DECLARE_LENGTH opcode of dependency expression

Reviewed-by: Liming Gao  for this patch set. 

> -邮件原件-
> 发件人: Xu, Wei6 
> 发送时间: 2024年1月2日 9:43
> 收件人: Li, Yi1 ; devel@edk2.groups.io
> 抄送: Kinney, Michael D ; Gao, Liming 
> ; Liu, Zhiguang 
> 主题: RE: [PATCH V2 0/2] Add DECLARE_LENGTH opcode of dependency 
> expression
> 
> Reviewed-by: Wei6 Xu 
> 
> -Original Message-
> From: Li, Yi1 
> Sent: Wednesday, December 20, 2023 9:55 AM
> To: devel@edk2.groups.io
> Cc: Li, Yi1 ; Kinney, Michael D 
> ; Gao, Liming ; 
> Liu, Zhiguang ; Xu, Wei6 
> Subject: [PATCH V2 0/2] Add DECLARE_LENGTH opcode of dependency 
> expression
> 
> To avoid messy parsing of the Depex section of a Capsule, it would be 
> a
lot
> easier for everyone involved if we preceded the Capsule Depex Section 
> with
a
> length declaration. It provides simple bounds checking to avoid having 
> to parse the op-codes, but in the case of a malformed depex being 
> parsed,
avoid
> other issues which can be messy.
> 
> Syntax
> DECLARE_LENGTH <32-bit Length>
> Description
> Declares an 32-bit byte length of the entire dependency expression.
> Behaviors and Restrictions
> This opcode must be the first one in a dependency expression.
> 
> REF: UEFI spec 2.10 Table 23.4
> 
> Cc: Michael D Kinney 
> Cc: Liming Gao 
> Cc: Zhiguang Liu 
> Cc: Wei6 Xu 
> 
> Yi Li (2):
>   MdePkg: Add DECLARE_LENGTH opcode of dependency expression
>   FmpDevicePkg: Add DECLARE_LENGTH opcode of dependency expression
> 
>  .../FmpDependencyLib/FmpDependencyLib.c   | 35 
>  .../PrivateInclude/FmpLastAttemptStatus.h |  3 +
>  .../EvaluateDependencyUnitTest.c  | 84
> ---
>  MdePkg/Include/Protocol/FirmwareManagement.h  | 29 +++
>  4 files changed, 125 insertions(+), 26 deletions(-)
> 
> --
> 2.42.0.windows.2





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113067): https://edk2.groups.io/g/devel/message/113067
Mute This Topic: https://groups.io/mt/103499595/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V2 0/2] Update keybaord map based on UEFI spec 2.10

[Li, Yi]

Hello, any comments about this patch series?

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Li, Yi
Sent: Monday, December 25, 2023 10:23 AM
To: devel@edk2.groups.io
Cc: Li, Yi1 ; Kinney, Michael D ; 
Gao, Liming ; Liu, Zhiguang ; 
Rebecca Cran ; Feng, Bob C ; Chen, 
Christine 
Subject: [edk2-devel] [PATCH V2 0/2] Update keybaord map based on UEFI spec 2.10

REF: UEFI SPEC 2.10 34.8.10 EFI_KEY

Add EfiKeyIntl0-9.

Signed-off-by: Yi Li 

v2:
Remove changes in HiiFramework.h because it should follow HII spec.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
Cc: Rebecca Cran 
Cc: Liming Gao 
Cc: Bob Feng 
Cc: Yuwei Chen 

Yi Li (2):
  MdePkg: Update keybaord map based on UEFI spec 2.10
  BaseTools: Update keybaord map based on UEFI spec 2.10

 .../Include/Common/UefiInternalFormRepresentation.h  | 12 +++-  
MdePkg/Include/Uefi/UefiInternalFormRepresentation.h | 12 +++-
 2 files changed, 22 insertions(+), 2 deletions(-)

--
2.42.0.windows.2








-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112999): https://edk2.groups.io/g/devel/message/112999
Mute This Topic: https://groups.io/mt/103355716/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V2 0/2] Add DECLARE_LENGTH opcode of dependency expression

[Li, Yi]

Hello, any comments about this patch series?

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Li, Yi
Sent: Wednesday, December 20, 2023 9:55 AM
To: devel@edk2.groups.io
Cc: Li, Yi1 ; Kinney, Michael D ; 
Gao, Liming ; Liu, Zhiguang ; 
Xu, Wei6 
Subject: [edk2-devel] [PATCH V2 0/2] Add DECLARE_LENGTH opcode of dependency 
expression

To avoid messy parsing of the Depex section of a Capsule, it would be a lot 
easier for everyone involved if we preceded the Capsule Depex Section with a 
length declaration. It provides simple bounds checking to avoid having to parse 
the op-codes, but in the case of a malformed depex being parsed, avoid other 
issues which can be messy.

Syntax
DECLARE_LENGTH <32-bit Length>
Description
Declares an 32-bit byte length of the entire dependency expression.
Behaviors and Restrictions
This opcode must be the first one in a dependency expression.

REF: UEFI spec 2.10 Table 23.4

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
Cc: Wei6 Xu 

Yi Li (2):
  MdePkg: Add DECLARE_LENGTH opcode of dependency expression
  FmpDevicePkg: Add DECLARE_LENGTH opcode of dependency expression

 .../FmpDependencyLib/FmpDependencyLib.c   | 35 
 .../PrivateInclude/FmpLastAttemptStatus.h |  3 +
 .../EvaluateDependencyUnitTest.c  | 84 ---
 MdePkg/Include/Protocol/FirmwareManagement.h  | 29 +++
 4 files changed, 125 insertions(+), 26 deletions(-)

--
2.42.0.windows.2








-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112998): https://edk2.groups.io/g/devel/message/112998
Mute This Topic: https://groups.io/mt/103274336/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 2/2] BaseTools: Update keybaord map based on UEFI spec 2.10

[Li, Yi]

Thanks for your review, patch updated.

Regards,
Yi

-Original Message-
From: gaoliming  
Sent: Saturday, December 23, 2023 10:16 AM
To: Li, Yi1 ; devel@edk2.groups.io
Cc: 'Rebecca Cran' ; Feng, Bob C ; 
Chen, Christine 
Subject: 回复: [PATCH 2/2] BaseTools: Update keybaord map based on UEFI spec 2.10

Don't need to update HiiFramework.h , because this protocol is from HII spec, 
not from UEFI spec. 

Thanks
Liming
> -邮件原件-
> 发件人: Yi Li 
> 发送时间: 2023年12月22日 11:40
> 收件人: devel@edk2.groups.io
> 抄送: Yi Li ; Rebecca Cran ; Liming 
> Gao ; Bob Feng ; Yuwei 
> Chen 
> 主题: [PATCH 2/2] BaseTools: Update keybaord map based on UEFI spec 2.10
> 
> REF: UEFI SPEC 2.10 34.8.10 EFI_KEY
> 
> Add EfiKeyIntl0-9.
> 
> Signed-off-by: Yi Li 
> 
> Cc: Rebecca Cran 
> Cc: Liming Gao 
> Cc: Bob Feng 
> Cc: Yuwei Chen 
> ---
>  .../Include/Common/UefiInternalFormRepresentation.h  | 12
> +++-
>  BaseTools/Source/C/Include/Protocol/HiiFramework.h   | 12
> +++-
>  2 files changed, 22 insertions(+), 2 deletions(-)
> 
> diff --git
> a/BaseTools/Source/C/Include/Common/UefiInternalFormRepresentation.h
> b/BaseTools/Source/C/Include/Common/UefiInternalFormRepresentation.h
> index b9fa8c39a6d0..cb009ed68ecb 100644
> ---
> a/BaseTools/Source/C/Include/Common/UefiInternalFormRepresentation.h
> +++
> b/BaseTools/Source/C/Include/Common/UefiInternalFormRepresentation.h
> @@ -1556,7 +1556,17 @@ typedef enum {
>EfiKeyF12,
>EfiKeyPrint,
>EfiKeySLck,
> -  EfiKeyPause
> +  EfiKeyPause,
> +  EfiKeyIntl0,
> +  EfiKeyIntl1,
> +  EfiKeyIntl2,
> +  EfiKeyIntl3,
> +  EfiKeyIntl4,
> +  EfiKeyIntl5,
> +  EfiKeyIntl6,
> +  EfiKeyIntl7,
> +  EfiKeyIntl8,
> +  EfiKeyIntl9
>  } EFI_KEY;
> 
>  typedef struct {
> diff --git a/BaseTools/Source/C/Include/Protocol/HiiFramework.h
> b/BaseTools/Source/C/Include/Protocol/HiiFramework.h
> index 448350967bbf..874889095700 100644
> --- a/BaseTools/Source/C/Include/Protocol/HiiFramework.h
> +++ b/BaseTools/Source/C/Include/Protocol/HiiFramework.h
> @@ -350,7 +350,17 @@ typedef enum {
>EfiKeyF12,
>EfiKeyPrint,
>EfiKeySLck,
> -  EfiKeyPause
> +  EfiKeyPause,
> +  EfiKeyIntl0,
> +  EfiKeyIntl1,
> +  EfiKeyIntl2,
> +  EfiKeyIntl3,
> +  EfiKeyIntl4,
> +  EfiKeyIntl5,
> +  EfiKeyIntl6,
> +  EfiKeyIntl7,
> +  EfiKeyIntl8,
> +  EfiKeyIntl9
>  } EFI_KEY;
> 
>  typedef struct {
> --
> 2.42.0.windows.2





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112881): https://edk2.groups.io/g/devel/message/112881
Mute This Topic: https://groups.io/mt/103355726/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 2/2] BaseTools: Update keybaord map based on UEFI spec 2.10

[Li, Yi]

REF: UEFI SPEC 2.10 34.8.10 EFI_KEY

Add EfiKeyIntl0-9.

Signed-off-by: Yi Li 

Cc: Rebecca Cran 
Cc: Liming Gao 
Cc: Bob Feng 
Cc: Yuwei Chen 
---
 .../Include/Common/UefiInternalFormRepresentation.h  | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/BaseTools/Source/C/Include/Common/UefiInternalFormRepresentation.h 
b/BaseTools/Source/C/Include/Common/UefiInternalFormRepresentation.h
index b9fa8c39a6d0..cb009ed68ecb 100644
--- a/BaseTools/Source/C/Include/Common/UefiInternalFormRepresentation.h
+++ b/BaseTools/Source/C/Include/Common/UefiInternalFormRepresentation.h
@@ -1556,7 +1556,17 @@ typedef enum {
   EfiKeyF12,
   EfiKeyPrint,
   EfiKeySLck,
-  EfiKeyPause
+  EfiKeyPause,
+  EfiKeyIntl0,
+  EfiKeyIntl1,
+  EfiKeyIntl2,
+  EfiKeyIntl3,
+  EfiKeyIntl4,
+  EfiKeyIntl5,
+  EfiKeyIntl6,
+  EfiKeyIntl7,
+  EfiKeyIntl8,
+  EfiKeyIntl9
 } EFI_KEY;
 
 typedef struct {
-- 
2.42.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112880): https://edk2.groups.io/g/devel/message/112880
Mute This Topic: https://groups.io/mt/103355719/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 1/2] MdePkg: Update keybaord map based on UEFI spec 2.10

[Li, Yi]

REF: UEFI SPEC 2.10 34.8.10 EFI_KEY

Add EfiKeyIntl0-9.

Signed-off-by: Yi Li 

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
---
 MdePkg/Include/Uefi/UefiInternalFormRepresentation.h | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/MdePkg/Include/Uefi/UefiInternalFormRepresentation.h 
b/MdePkg/Include/Uefi/UefiInternalFormRepresentation.h
index 3be9a0d7d66b..3f8974857258 100644
--- a/MdePkg/Include/Uefi/UefiInternalFormRepresentation.h
+++ b/MdePkg/Include/Uefi/UefiInternalFormRepresentation.h
@@ -1696,7 +1696,17 @@ typedef enum {
   EfiKeyF12,
   EfiKeyPrint,
   EfiKeySLck,
-  EfiKeyPause
+  EfiKeyPause,
+  EfiKeyIntl0,
+  EfiKeyIntl1,
+  EfiKeyIntl2,
+  EfiKeyIntl3,
+  EfiKeyIntl4,
+  EfiKeyIntl5,
+  EfiKeyIntl6,
+  EfiKeyIntl7,
+  EfiKeyIntl8,
+  EfiKeyIntl9
 } EFI_KEY;
 
 typedef struct {
-- 
2.42.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112879): https://edk2.groups.io/g/devel/message/112879
Mute This Topic: https://groups.io/mt/103355717/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 0/2] Update keybaord map based on UEFI spec 2.10

[Li, Yi]

REF: UEFI SPEC 2.10 34.8.10 EFI_KEY

Add EfiKeyIntl0-9.

Signed-off-by: Yi Li 

v2:
Remove changes in HiiFramework.h because it should follow HII spec.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
Cc: Rebecca Cran 
Cc: Liming Gao 
Cc: Bob Feng 
Cc: Yuwei Chen 

Yi Li (2):
  MdePkg: Update keybaord map based on UEFI spec 2.10
  BaseTools: Update keybaord map based on UEFI spec 2.10

 .../Include/Common/UefiInternalFormRepresentation.h  | 12 +++-
 MdePkg/Include/Uefi/UefiInternalFormRepresentation.h | 12 +++-
 2 files changed, 22 insertions(+), 2 deletions(-)

-- 
2.42.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112878): https://edk2.groups.io/g/devel/message/112878
Mute This Topic: https://groups.io/mt/103355716/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 2/2] BaseTools: Update keybaord map based on UEFI spec 2.10

[Li, Yi]

REF: UEFI SPEC 2.10 34.8.10 EFI_KEY

Add EfiKeyIntl0-9.

Signed-off-by: Yi Li 

Cc: Rebecca Cran 
Cc: Liming Gao 
Cc: Bob Feng 
Cc: Yuwei Chen 
---
 .../Include/Common/UefiInternalFormRepresentation.h  | 12 +++-
 BaseTools/Source/C/Include/Protocol/HiiFramework.h   | 12 +++-
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/BaseTools/Source/C/Include/Common/UefiInternalFormRepresentation.h 
b/BaseTools/Source/C/Include/Common/UefiInternalFormRepresentation.h
index b9fa8c39a6d0..cb009ed68ecb 100644
--- a/BaseTools/Source/C/Include/Common/UefiInternalFormRepresentation.h
+++ b/BaseTools/Source/C/Include/Common/UefiInternalFormRepresentation.h
@@ -1556,7 +1556,17 @@ typedef enum {
   EfiKeyF12,
   EfiKeyPrint,
   EfiKeySLck,
-  EfiKeyPause
+  EfiKeyPause,
+  EfiKeyIntl0,
+  EfiKeyIntl1,
+  EfiKeyIntl2,
+  EfiKeyIntl3,
+  EfiKeyIntl4,
+  EfiKeyIntl5,
+  EfiKeyIntl6,
+  EfiKeyIntl7,
+  EfiKeyIntl8,
+  EfiKeyIntl9
 } EFI_KEY;
 
 typedef struct {
diff --git a/BaseTools/Source/C/Include/Protocol/HiiFramework.h 
b/BaseTools/Source/C/Include/Protocol/HiiFramework.h
index 448350967bbf..874889095700 100644
--- a/BaseTools/Source/C/Include/Protocol/HiiFramework.h
+++ b/BaseTools/Source/C/Include/Protocol/HiiFramework.h
@@ -350,7 +350,17 @@ typedef enum {
   EfiKeyF12,
   EfiKeyPrint,
   EfiKeySLck,
-  EfiKeyPause
+  EfiKeyPause,
+  EfiKeyIntl0,
+  EfiKeyIntl1,
+  EfiKeyIntl2,
+  EfiKeyIntl3,
+  EfiKeyIntl4,
+  EfiKeyIntl5,
+  EfiKeyIntl6,
+  EfiKeyIntl7,
+  EfiKeyIntl8,
+  EfiKeyIntl9
 } EFI_KEY;
 
 typedef struct {
-- 
2.42.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112832): https://edk2.groups.io/g/devel/message/112832
Mute This Topic: https://groups.io/mt/103313001/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 1/2] MdePkg: Update keybaord map based on UEFI spec 2.10

[Li, Yi]

REF: UEFI SPEC 2.10 34.8.10 EFI_KEY

Add EfiKeyIntl0-9.

Signed-off-by: Yi Li 

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
---
 MdePkg/Include/Uefi/UefiInternalFormRepresentation.h | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/MdePkg/Include/Uefi/UefiInternalFormRepresentation.h 
b/MdePkg/Include/Uefi/UefiInternalFormRepresentation.h
index 3be9a0d7d66b..3f8974857258 100644
--- a/MdePkg/Include/Uefi/UefiInternalFormRepresentation.h
+++ b/MdePkg/Include/Uefi/UefiInternalFormRepresentation.h
@@ -1696,7 +1696,17 @@ typedef enum {
   EfiKeyF12,
   EfiKeyPrint,
   EfiKeySLck,
-  EfiKeyPause
+  EfiKeyPause,
+  EfiKeyIntl0,
+  EfiKeyIntl1,
+  EfiKeyIntl2,
+  EfiKeyIntl3,
+  EfiKeyIntl4,
+  EfiKeyIntl5,
+  EfiKeyIntl6,
+  EfiKeyIntl7,
+  EfiKeyIntl8,
+  EfiKeyIntl9
 } EFI_KEY;
 
 typedef struct {
-- 
2.42.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112831): https://edk2.groups.io/g/devel/message/112831
Mute This Topic: https://groups.io/mt/103312999/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 0/2] Update keybaord map based on UEFI spec 2.10

[Li, Yi]

REF: UEFI SPEC 2.10 34.8.10 EFI_KEY

Add EfiKeyIntl0-9.

Signed-off-by: Yi Li 

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
Cc: Rebecca Cran 
Cc: Liming Gao 
Cc: Bob Feng 
Cc: Yuwei Chen 

Yi Li (2):
  MdePkg: Update keybaord map based on UEFI spec 2.10
  BaseTools: Update keybaord map based on UEFI spec 2.10

 .../Include/Common/UefiInternalFormRepresentation.h  | 12 +++-
 BaseTools/Source/C/Include/Protocol/HiiFramework.h   | 12 +++-
 MdePkg/Include/Uefi/UefiInternalFormRepresentation.h | 12 +++-
 3 files changed, 33 insertions(+), 3 deletions(-)

-- 
2.42.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112830): https://edk2.groups.io/g/devel/message/112830
Mute This Topic: https://groups.io/mt/103312998/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 2/2] FmpDevicePkg: Add DECLARE_LENGTH opcode of dependency expression

[Li, Yi]

To avoid messy parsing of the Depex section of a Capsule, it would
be a lot easier for everyone involved if we preceded the Capsule Depex
Section with a length declaration. It provides simple bounds checking
to avoid having to parse the op-codes, but in the case of a malformed
depex being parsed, avoid other issues which can be messy.

Syntax
DECLARE_LENGTH <32-bit Length>
Description
Declares an 32-bit byte length of the entire dependency expression.
Behaviors and Restrictions
This opcode must be the first one in a dependency expression.

REF: UEFI spec 2.10 Table 23.4

Signed-off-by: Yi Li 

Cc: Liming Gao 
Cc: Michael D Kinney 
Cc: Wei6 Xu 
---
 .../FmpDependencyLib/FmpDependencyLib.c   | 35 
 .../PrivateInclude/FmpLastAttemptStatus.h |  3 +
 .../EvaluateDependencyUnitTest.c  | 84 ---
 3 files changed, 110 insertions(+), 12 deletions(-)

diff --git a/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c 
b/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c
index 76a1ee3f40db..50662e74e065 100644
--- a/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c
+++ b/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c
@@ -234,6 +234,7 @@ EvaluateDependency (
   GUID   ImageTypeId;
   UINT32 Version;
   UINT32 LocalLastAttemptStatus;
+  UINT32 DeclaredLength;
 
   LocalLastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;
 
@@ -489,6 +490,37 @@ EvaluateDependency (
 }
 
 return Element1.Value.Boolean;
+  case EFI_FMP_DEP_DECLARE_LENGTH:
+if (Iterator + sizeof (UINT32) >= (UINT8 *)Dependencies->Dependencies 
+ DependenciesSize ) {
+  DEBUG ((DEBUG_ERROR, "EvaluateDependency: DECLARE_LENGTH extends 
beyond end of dependency expression!\n"));
+  LocalLastAttemptStatus = 
LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_DECLARE_LENGTH_BEYOND_DEPEX;
+  goto Error;
+}
+
+//
+// This opcode must be the first one in a dependency expression.
+//
+if (Iterator != Dependencies->Dependencies) {
+  DEBUG ((DEBUG_ERROR, "EvaluateDependency: DECLARE_LENGTH is not the 
first opcode!\n"));
+  LocalLastAttemptStatus = 
LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_DECLARE_LENGTH_NOT_FIRST_OPCODE;
+  goto Error;
+}
+
+DeclaredLength = *(UINT32 *)(Iterator + 1);
+if (DeclaredLength != DependenciesSize) {
+  DEBUG ((DEBUG_ERROR, "EvaluateDependency: DECLARE_LENGTH is not 
equal to length of dependency expression!\n"));
+  LocalLastAttemptStatus = 
LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_DECLARE_LENGTH_INCORRECT;
+  goto Error;
+}
+
+Status = Push (DeclaredLength, VersionType);
+if (EFI_ERROR (Status)) {
+  LocalLastAttemptStatus = 
LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_PUSH_FAILURE;
+  goto Error;
+}
+
+Iterator = Iterator + sizeof (UINT32);
+break;
   default:
 DEBUG ((DEBUG_ERROR, "EvaluateDependency: Unknown Opcode - %02x!\n", 
*Iterator));
 LocalLastAttemptStatus = 
LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_UNKNOWN_OPCODE;
@@ -574,6 +606,9 @@ ValidateDependency (
 }
 
 return TRUE;
+  case EFI_FMP_DEP_DECLARE_LENGTH:
+Depex += sizeof (UINT32) + 1;
+break;
   default:
 return FALSE;
 }
diff --git a/FmpDevicePkg/PrivateInclude/FmpLastAttemptStatus.h 
b/FmpDevicePkg/PrivateInclude/FmpLastAttemptStatus.h
index 39a55dd2c643..aaa3334909c8 100644
--- a/FmpDevicePkg/PrivateInclude/FmpLastAttemptStatus.h
+++ b/FmpDevicePkg/PrivateInclude/FmpLastAttemptStatus.h
@@ -66,6 +66,9 @@ enum LAST_ATTEMPT_STATUS_EXPANDED_ERROR_LIST {
   LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_FMP_NOT_FOUND,
   LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_PUSH_FAILURE,
   LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_POP_FAILURE,
+  LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_DECLARE_LENGTH_NOT_FIRST_OPCODE,
+  LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_DECLARE_LENGTH_BEYOND_DEPEX,
+  LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_DECLARE_LENGTH_INCORRECT,
 
   ///
   /// Last attempt status codes used in FmpDependencyCheckLib
diff --git 
a/FmpDevicePkg/Test/UnitTest/Library/FmpDependencyLib/EvaluateDependencyUnitTest.c
 
b/FmpDevicePkg/Test/UnitTest/Library/FmpDependencyLib/EvaluateDependencyUnitTest.c
index 0edb7f67306f..352887af2c5e 100644
--- 
a/FmpDevicePkg/Test/UnitTest/Library/FmpDependencyLib/EvaluateDependencyUnitTest.c
+++ 
b/FmpDevicePkg/Test/UnitTest/Library/FmpDependencyLib/EvaluateDependencyUnitTest.c
@@ -125,19 +125,75 @@ static UINT8  mExpression11[] = {
   EFI_FMP_DEP_END
 };
 
+// Valid Dependency Expression 7: With correct declared length
+static UINT8  mExpression12[] = {
+  EFI_FMP_DEP_DECLARE_LENGTH, 0x35, 0x00, 0x00, 0x00,
+  EFI_FMP_DEP_PUSH_VERSION,   0x01, 0x00, 0x00, 0x00,
+  EFI_FMP_DEP_PUSH_GUID,  0xFA, 0x4D, 0x14, 0x97,0x8E,  0xEB, 0x4D, 0xD1, 
0x8B, 0x4D, 0x39, 0x88, 0x24, 

[edk2-devel] [PATCH V2 1/2] MdePkg: Add DECLARE_LENGTH opcode of dependency expression

[Li, Yi]

To avoid messy parsing of the Depex section of a Capsule, it would
be a lot easier for everyone involved if we preceded the Capsule Depex
Section with a length declaration. It provides simple bounds checking
to avoid having to parse the op-codes, but in the case of a malformed
depex being parsed, avoid other issues which can be messy.

Syntax
DECLARE_LENGTH <32-bit Length>
Description
Declares an 32-bit byte length of the entire dependency expression.
Behaviors and Restrictions
This opcode must be the first one in a dependency expression.

REF: UEFI spec 2.10 Table 23.4

Signed-off-by: Yi Li 

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
---
 MdePkg/Include/Protocol/FirmwareManagement.h | 29 ++--
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/MdePkg/Include/Protocol/FirmwareManagement.h 
b/MdePkg/Include/Protocol/FirmwareManagement.h
index f37067df3455..e535bb697d88 100644
--- a/MdePkg/Include/Protocol/FirmwareManagement.h
+++ b/MdePkg/Include/Protocol/FirmwareManagement.h
@@ -30,20 +30,21 @@ typedef struct _EFI_FIRMWARE_MANAGEMENT_PROTOCOL 
EFI_FIRMWARE_MANAGEMENT_PROTOCO
 ///
 /// Dependency Expression Opcode
 ///
-#define EFI_FMP_DEP_PUSH_GUID 0x00
-#define EFI_FMP_DEP_PUSH_VERSION  0x01
-#define EFI_FMP_DEP_VERSION_STR   0x02
-#define EFI_FMP_DEP_AND   0x03
-#define EFI_FMP_DEP_OR0x04
-#define EFI_FMP_DEP_NOT   0x05
-#define EFI_FMP_DEP_TRUE  0x06
-#define EFI_FMP_DEP_FALSE 0x07
-#define EFI_FMP_DEP_EQ0x08
-#define EFI_FMP_DEP_GT0x09
-#define EFI_FMP_DEP_GTE   0x0A
-#define EFI_FMP_DEP_LT0x0B
-#define EFI_FMP_DEP_LTE   0x0C
-#define EFI_FMP_DEP_END   0x0D
+#define EFI_FMP_DEP_PUSH_GUID   0x00
+#define EFI_FMP_DEP_PUSH_VERSION0x01
+#define EFI_FMP_DEP_VERSION_STR 0x02
+#define EFI_FMP_DEP_AND 0x03
+#define EFI_FMP_DEP_OR  0x04
+#define EFI_FMP_DEP_NOT 0x05
+#define EFI_FMP_DEP_TRUE0x06
+#define EFI_FMP_DEP_FALSE   0x07
+#define EFI_FMP_DEP_EQ  0x08
+#define EFI_FMP_DEP_GT  0x09
+#define EFI_FMP_DEP_GTE 0x0A
+#define EFI_FMP_DEP_LT  0x0B
+#define EFI_FMP_DEP_LTE 0x0C
+#define EFI_FMP_DEP_END 0x0D
+#define EFI_FMP_DEP_DECLARE_LENGTH  0x0E
 
 ///
 /// Image Attribute - Dependency
-- 
2.42.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112738): https://edk2.groups.io/g/devel/message/112738
Mute This Topic: https://groups.io/mt/103274337/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 0/2] Add DECLARE_LENGTH opcode of dependency expression

[Li, Yi]

To avoid messy parsing of the Depex section of a Capsule, it would
be a lot easier for everyone involved if we preceded the Capsule Depex
Section with a length declaration. It provides simple bounds checking
to avoid having to parse the op-codes, but in the case of a malformed
depex being parsed, avoid other issues which can be messy.

Syntax
DECLARE_LENGTH <32-bit Length>
Description
Declares an 32-bit byte length of the entire dependency expression.
Behaviors and Restrictions
This opcode must be the first one in a dependency expression.

REF: UEFI spec 2.10 Table 23.4

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
Cc: Wei6 Xu 

Yi Li (2):
  MdePkg: Add DECLARE_LENGTH opcode of dependency expression
  FmpDevicePkg: Add DECLARE_LENGTH opcode of dependency expression

 .../FmpDependencyLib/FmpDependencyLib.c   | 35 
 .../PrivateInclude/FmpLastAttemptStatus.h |  3 +
 .../EvaluateDependencyUnitTest.c  | 84 ---
 MdePkg/Include/Protocol/FirmwareManagement.h  | 29 +++
 4 files changed, 125 insertions(+), 26 deletions(-)

-- 
2.42.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112737): https://edk2.groups.io/g/devel/message/112737
Mute This Topic: https://groups.io/mt/103274336/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 2/2] FmpDevicePkg: Add DECLARE_LENGTH opcode of dependency expression

[Li, Yi]

Mantis: https://mantis.uefi.org/mantis/view.php?id=2025

To avoid messy parsing of the Depex section of a Capsule, it would
be a lot easier for everyone involved if we preceded the Capsule Depex
Section with a length declaration. It provides simple bounds checking
to avoid having to parse the op-codes, but in the case of a malformed
depex being parsed, avoid other issues which can be messy.

REF: UEFI spec 2.10 Table 23.4

Signed-off-by: Yi Li 

Cc: Liming Gao 
Cc: Michael D Kinney 
Cc: Wei6 Xu 
---
 .../FmpDependencyLib/FmpDependencyLib.c   | 35 
 .../PrivateInclude/FmpLastAttemptStatus.h |  3 +
 .../EvaluateDependencyUnitTest.c  | 84 ---
 3 files changed, 110 insertions(+), 12 deletions(-)

diff --git a/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c 
b/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c
index 76a1ee3f40db..50662e74e065 100644
--- a/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c
+++ b/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c
@@ -234,6 +234,7 @@ EvaluateDependency (
   GUID   ImageTypeId;
   UINT32 Version;
   UINT32 LocalLastAttemptStatus;
+  UINT32 DeclaredLength;
 
   LocalLastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;
 
@@ -489,6 +490,37 @@ EvaluateDependency (
 }
 
 return Element1.Value.Boolean;
+  case EFI_FMP_DEP_DECLARE_LENGTH:
+if (Iterator + sizeof (UINT32) >= (UINT8 *)Dependencies->Dependencies 
+ DependenciesSize ) {
+  DEBUG ((DEBUG_ERROR, "EvaluateDependency: DECLARE_LENGTH extends 
beyond end of dependency expression!\n"));
+  LocalLastAttemptStatus = 
LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_DECLARE_LENGTH_BEYOND_DEPEX;
+  goto Error;
+}
+
+//
+// This opcode must be the first one in a dependency expression.
+//
+if (Iterator != Dependencies->Dependencies) {
+  DEBUG ((DEBUG_ERROR, "EvaluateDependency: DECLARE_LENGTH is not the 
first opcode!\n"));
+  LocalLastAttemptStatus = 
LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_DECLARE_LENGTH_NOT_FIRST_OPCODE;
+  goto Error;
+}
+
+DeclaredLength = *(UINT32 *)(Iterator + 1);
+if (DeclaredLength != DependenciesSize) {
+  DEBUG ((DEBUG_ERROR, "EvaluateDependency: DECLARE_LENGTH is not 
equal to length of dependency expression!\n"));
+  LocalLastAttemptStatus = 
LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_DECLARE_LENGTH_INCORRECT;
+  goto Error;
+}
+
+Status = Push (DeclaredLength, VersionType);
+if (EFI_ERROR (Status)) {
+  LocalLastAttemptStatus = 
LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_PUSH_FAILURE;
+  goto Error;
+}
+
+Iterator = Iterator + sizeof (UINT32);
+break;
   default:
 DEBUG ((DEBUG_ERROR, "EvaluateDependency: Unknown Opcode - %02x!\n", 
*Iterator));
 LocalLastAttemptStatus = 
LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_UNKNOWN_OPCODE;
@@ -574,6 +606,9 @@ ValidateDependency (
 }
 
 return TRUE;
+  case EFI_FMP_DEP_DECLARE_LENGTH:
+Depex += sizeof (UINT32) + 1;
+break;
   default:
 return FALSE;
 }
diff --git a/FmpDevicePkg/PrivateInclude/FmpLastAttemptStatus.h 
b/FmpDevicePkg/PrivateInclude/FmpLastAttemptStatus.h
index 39a55dd2c643..aaa3334909c8 100644
--- a/FmpDevicePkg/PrivateInclude/FmpLastAttemptStatus.h
+++ b/FmpDevicePkg/PrivateInclude/FmpLastAttemptStatus.h
@@ -66,6 +66,9 @@ enum LAST_ATTEMPT_STATUS_EXPANDED_ERROR_LIST {
   LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_FMP_NOT_FOUND,
   LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_PUSH_FAILURE,
   LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_POP_FAILURE,
+  LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_DECLARE_LENGTH_NOT_FIRST_OPCODE,
+  LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_DECLARE_LENGTH_BEYOND_DEPEX,
+  LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_DECLARE_LENGTH_INCORRECT,
 
   ///
   /// Last attempt status codes used in FmpDependencyCheckLib
diff --git 
a/FmpDevicePkg/Test/UnitTest/Library/FmpDependencyLib/EvaluateDependencyUnitTest.c
 
b/FmpDevicePkg/Test/UnitTest/Library/FmpDependencyLib/EvaluateDependencyUnitTest.c
index 0edb7f67306f..352887af2c5e 100644
--- 
a/FmpDevicePkg/Test/UnitTest/Library/FmpDependencyLib/EvaluateDependencyUnitTest.c
+++ 
b/FmpDevicePkg/Test/UnitTest/Library/FmpDependencyLib/EvaluateDependencyUnitTest.c
@@ -125,19 +125,75 @@ static UINT8  mExpression11[] = {
   EFI_FMP_DEP_END
 };
 
+// Valid Dependency Expression 7: With correct declared length
+static UINT8  mExpression12[] = {
+  EFI_FMP_DEP_DECLARE_LENGTH, 0x35, 0x00, 0x00, 0x00,
+  EFI_FMP_DEP_PUSH_VERSION,   0x01, 0x00, 0x00, 0x00,
+  EFI_FMP_DEP_PUSH_GUID,  0xFA, 0x4D, 0x14, 0x97,0x8E,  0xEB, 0x4D, 0xD1, 
0x8B, 0x4D, 0x39, 0x88, 0x24, 0x96, 0x56, 0x42,
+  EFI_FMP_DEP_GT,
+  EFI_FMP_DEP_PUSH_VERSION,   0x03, 0x00, 0x00, 0x00,
+  EFI_FMP_DEP_PUSH_GUID,  0x70, 0x73, 0x2A, 0xA4,0x3A,  

[edk2-devel] [PATCH 1/2] MdePkg: Add DECLARE_LENGTH opcode of dependency expression

[Li, Yi]

Mantis: https://mantis.uefi.org/mantis/view.php?id=2025

To avoid messy parsing of the Depex section of a Capsule, it would
be a lot easier for everyone involved if we preceded the Capsule Depex
Section with a length declaration. It provides simple bounds checking
to avoid having to parse the op-codes, but in the case of a malformed
depex being parsed, avoid other issues which can be messy.

REF: UEFI spec 2.10 Table 23.4

Signed-off-by: Yi Li 

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
---
 MdePkg/Include/Protocol/FirmwareManagement.h | 29 ++--
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/MdePkg/Include/Protocol/FirmwareManagement.h 
b/MdePkg/Include/Protocol/FirmwareManagement.h
index f37067df3455..e535bb697d88 100644
--- a/MdePkg/Include/Protocol/FirmwareManagement.h
+++ b/MdePkg/Include/Protocol/FirmwareManagement.h
@@ -30,20 +30,21 @@ typedef struct _EFI_FIRMWARE_MANAGEMENT_PROTOCOL 
EFI_FIRMWARE_MANAGEMENT_PROTOCO
 ///
 /// Dependency Expression Opcode
 ///
-#define EFI_FMP_DEP_PUSH_GUID 0x00
-#define EFI_FMP_DEP_PUSH_VERSION  0x01
-#define EFI_FMP_DEP_VERSION_STR   0x02
-#define EFI_FMP_DEP_AND   0x03
-#define EFI_FMP_DEP_OR0x04
-#define EFI_FMP_DEP_NOT   0x05
-#define EFI_FMP_DEP_TRUE  0x06
-#define EFI_FMP_DEP_FALSE 0x07
-#define EFI_FMP_DEP_EQ0x08
-#define EFI_FMP_DEP_GT0x09
-#define EFI_FMP_DEP_GTE   0x0A
-#define EFI_FMP_DEP_LT0x0B
-#define EFI_FMP_DEP_LTE   0x0C
-#define EFI_FMP_DEP_END   0x0D
+#define EFI_FMP_DEP_PUSH_GUID   0x00
+#define EFI_FMP_DEP_PUSH_VERSION0x01
+#define EFI_FMP_DEP_VERSION_STR 0x02
+#define EFI_FMP_DEP_AND 0x03
+#define EFI_FMP_DEP_OR  0x04
+#define EFI_FMP_DEP_NOT 0x05
+#define EFI_FMP_DEP_TRUE0x06
+#define EFI_FMP_DEP_FALSE   0x07
+#define EFI_FMP_DEP_EQ  0x08
+#define EFI_FMP_DEP_GT  0x09
+#define EFI_FMP_DEP_GTE 0x0A
+#define EFI_FMP_DEP_LT  0x0B
+#define EFI_FMP_DEP_LTE 0x0C
+#define EFI_FMP_DEP_END 0x0D
+#define EFI_FMP_DEP_DECLARE_LENGTH  0x0E
 
 ///
 /// Image Attribute - Dependency
-- 
2.42.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112687): https://edk2.groups.io/g/devel/message/112687
Mute This Topic: https://groups.io/mt/103257908/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 0/2] Add DECLARE_LENGTH opcode of dependency expression

[Li, Yi]

Mantis: https://mantis.uefi.org/mantis/view.php?id=2025

To avoid messy parsing of the Depex section of a Capsule, it would
be a lot easier for everyone involved if we preceded the Capsule Depex
Section with a length declaration. It provides simple bounds checking
to avoid having to parse the op-codes, but in the case of a malformed
depex being parsed, avoid other issues which can be messy.

REF: UEFI spec 2.10 Table 23.4
Syntax
DECLARE_LENGTH <32-bit Length>
Description
Declares an 32-bit byte length of the entire dependency expression.
Behaviors and Restrictions
This opcode must be the first one in a dependency expression.

Yi Li (2):
  MdePkg: Add DECLARE_LENGTH opcode of dependency expression
  FmpDevicePkg: Add DECLARE_LENGTH opcode of dependency expression

 .../FmpDependencyLib/FmpDependencyLib.c   | 35 
 .../PrivateInclude/FmpLastAttemptStatus.h |  3 +
 .../EvaluateDependencyUnitTest.c  | 84 ---
 MdePkg/Include/Protocol/FirmwareManagement.h  | 29 +++
 4 files changed, 125 insertions(+), 26 deletions(-)

-- 
2.42.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112686): https://edk2.groups.io/g/devel/message/112686
Mute This Topic: https://groups.io/mt/103257906/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [edk2-platforms][PATCH] MinPlatformPkg: should build Performance driver only when perf enabled

[Li, Yi]

Should build FirmwarePerformancePei only when perf enabled.
Avoiding unconditional compilation of performance PEI drivers can
save 2KB(LZMA compressed) in PostMem FV, small but important.

Cc: Chasel Chiu 
Cc: Nate DeSimone 
Cc: Liming Gao 
Cc: Eric Dong 
Signed-off-by: Yi Li 
---
 .../MinPlatformPkg/Include/Fdf/CorePostMemoryInclude.fdf| 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git 
a/Platform/Intel/MinPlatformPkg/Include/Fdf/CorePostMemoryInclude.fdf 
b/Platform/Intel/MinPlatformPkg/Include/Fdf/CorePostMemoryInclude.fdf
index 3edc239e5..bc8ebc84b 100644
--- a/Platform/Intel/MinPlatformPkg/Include/Fdf/CorePostMemoryInclude.fdf
+++ b/Platform/Intel/MinPlatformPkg/Include/Fdf/CorePostMemoryInclude.fdf
@@ -1,12 +1,14 @@
 ## @file
 #  FDF file of Platform.
 #
-# Copyright (c) 2017, Intel Corporation. All rights reserved.
+# Copyright (c) 2017 - 2023, Intel Corporation. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
 
 !if gMinPlatformPkgTokenSpaceGuid.PcdBootToShellOnly == FALSE
-  INF  
MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.inf
+  !if gMinPlatformPkgTokenSpaceGuid.PcdPerformanceEnable == TRUE
+INF  
MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.inf
+  !endif
 !endif
-- 
2.42.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111793): https://edk2.groups.io/g/devel/message/111793
Mute This Topic: https://groups.io/mt/102845821/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 0/7] CryptoPkg: Enable Openssl native instruction support for AARCH64

[Li, Yi]

Hi Pierre,

Could you share what tests you did and the test results?

Regards,
Yi

-Original Message-
From: Pierre Gondois  
Sent: Thursday, November 2, 2023 9:54 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 ; Lu, Xiaoyu1 
; Jiang, Guomin ; Leif Lindholm 
; Ard Biesheuvel ; Sami 
Mujawar ; Gerd Hoffmann 
Subject: [PATCH v1 0/7] CryptoPkg: Enable Openssl native instruction support 
for AARCH64

Various OpensslLib implementations are available in edk2. The 
OpensslLibAccel.inf and OpensslLibFullAccel.inf ones use architecture specific 
instructions, e.g. AESE, PMULL, SHA256H, ..., allowing to improve speed.

Enable support for Aarch64's native instructions:
- Add ArmReadCntPctReg() and ArmReadIdAA64Isar0Reg() to
  Aarch64's BaseLib.
- Generate Aarch64's specific Openssl functions.
- Add a OpensslStub/AArch64Cap.c file to allow Openssl
  to probe Aarch64 native instruction support.

This patch-set only enable support for GCC for now (MSFT support not added).

Pierre Gondois (7):
  MdePkg/BaseLib: AARCH64: Add ArmReadCntPctReg()
  MdePkg/BaseLib: AARCH64: Add ArmReadIdAA64Isar0Reg()
  MdePkg/BaseRngLib: Prefer ArmReadIdAA64Isar0Reg() over
ArmReadIdIsar0()
  CryptoPkg/OpensslLib: Add native instruction support for AARCH64
  CryptoPkg/OpensslLib: Generate files for AARCH64 native support
  CryptoPkg/OpensslLib: Add AArch64Cap for arch specific hooks
  CryptoPkg: Enable Openssl Accel builds for AARCH64

 CryptoPkg/CryptoPkg.dsc   |   23 +-
 .../AARCH64-GCC/crypto/aes/aesv8-armx.S   | 3180 
 .../AARCH64-GCC/crypto/aes/vpaes-armv8.S  | 1196 +++
 .../AARCH64-GCC/crypto/arm64cpuid.S   |  129 +
 .../AARCH64-GCC/crypto/bn/armv8-mont.S| 2124 ++
 .../crypto/ec/ecp_nistz256-armv8.S| 4242 +++
 .../crypto/modes/aes-gcm-armv8_64.S   | 6389 +
 .../AARCH64-GCC/crypto/modes/ghashv8-armx.S   |  552 ++
 .../AARCH64-GCC/crypto/sha/keccak1600-armv8.S | 1009 +++
 .../AARCH64-GCC/crypto/sha/sha1-armv8.S   | 1211 
 .../AARCH64-GCC/crypto/sha/sha256-armv8.S | 2051 ++
 .../AARCH64-GCC/crypto/sha/sha512-armv8.S | 1606 +
 .../Library/OpensslLib/OpensslLibAccel.inf|  642 +-
 .../OpensslLib/OpensslLibFullAccel.inf|  691 +-
 .../OpensslLib/OpensslStub/AArch64Cap.c   |  107 +
 CryptoPkg/Library/OpensslLib/UefiAsm.conf |6 +
 CryptoPkg/Library/OpensslLib/configure.py |5 +-
 CryptoPkg/Readme.md   |   14 +-
 MdePkg/Include/Library/BaseLib.h  |   86 +
 .../BaseLib/AArch64/ArmReadCntPctReg.S|   30 +
 .../BaseLib/AArch64/ArmReadCntPctReg.asm  |   30 +
 .../AArch64/ArmReadIdAA64Isar0Reg.S}  |   10 +-
 .../AArch64/ArmReadIdAA64Isar0Reg.asm}|   10 +-
 MdePkg/Library/BaseLib/BaseLib.inf|6 +-
 MdePkg/Library/BaseRngLib/AArch64/ArmRng.h|   12 -
 MdePkg/Library/BaseRngLib/AArch64/Rndr.c  |   14 +-
 MdePkg/Library/BaseRngLib/BaseRngLib.inf  |2 -
 27 files changed, 25320 insertions(+), 57 deletions(-)  create mode 100644 
CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/aes/aesv8-armx.S
 create mode 100644 
CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/aes/vpaes-armv8.S
 create mode 100644 
CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/arm64cpuid.S
 create mode 100644 
CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/bn/armv8-mont.S
 create mode 100644 
CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/ec/ecp_nistz256-armv8.S
 create mode 100644 
CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/modes/aes-gcm-armv8_64.S
 create mode 100644 
CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/modes/ghashv8-armx.S
 create mode 100644 
CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/sha/keccak1600-armv8.S
 create mode 100644 
CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/sha/sha1-armv8.S
 create mode 100644 
CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/sha/sha256-armv8.S
 create mode 100644 
CryptoPkg/Library/OpensslLib/OpensslGen/AARCH64-GCC/crypto/sha/sha512-armv8.S
 create mode 100644 CryptoPkg/Library/OpensslLib/OpensslStub/AArch64Cap.c
 create mode 100644 MdePkg/Library/BaseLib/AArch64/ArmReadCntPctReg.S
 create mode 100644 MdePkg/Library/BaseLib/AArch64/ArmReadCntPctReg.asm
 rename MdePkg/Library/{BaseRngLib/AArch64/ArmReadIdIsar0.S => 
BaseLib/AArch64/ArmReadIdAA64Isar0Reg.S} (70%)  rename 
MdePkg/Library/{BaseRngLib/AArch64/ArmReadIdIsar0.asm => 
BaseLib/AArch64/ArmReadIdAA64Isar0Reg.asm} (72%)

--
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110785): https://edk2.groups.io/g/devel/message/110785
Mute This Topic: https://groups.io/mt/102342394/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v3 00/11] Add HMAC/HKDF/RSA/HASH/AES features based on Mbedtls

[Li, Yi]

Patch merged via: https://github.com/tianocore/edk2/pull/4897
Thanks for your contribution.

Regards,
Yi 

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Li, Yi
Sent: Saturday, October 7, 2023 8:38 PM
To: Hou, Wenxing ; devel@edk2.groups.io
Cc: Yao, Jiewen ; Lu, Xiaoyu1 ; 
Jiang, Guomin 
Subject: Re: [edk2-devel] [PATCH v3 00/11] Add HMAC/HKDF/RSA/HASH/AES features 
based on Mbedtls


Looks good to me.
Reviewed-by: Yi Li 

-Original Message-
From: Hou, Wenxing  
Sent: Thursday, September 28, 2023 11:34 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 ; Lu, Xiaoyu1 
; Jiang, Guomin 
Subject: [PATCH v3 00/11] Add HMAC/HKDF/RSA/HASH/AES features based on Mbedtls

Purpose: This patch is needed to resolve the limitation from OpenSSL 3.0 that 
HMAC/HKDF/RSA cannot work in pre-memory phase.

There are five features based on mbedtls in the patch: HMAC/HKDF/RSA/HASH/AES.

Test: The patch has passed the unit_test and fuzz test. And the patch has 
passed testing on the Intel platform.

POC: https://github.com/tianocore/edk2-
staging/tree/OpenSSL11_EOL/CryptoPkg/Library/BaseCryptLibMbedTls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
Signed-off-by: Wenxing Hou 

Wenxing Hou (11):
  CryptoPkg: Add mbedtls submodule for EDKII
  CryptoPkg: Add mbedtls_config and MbedTlsLib.inf
  CryptoPkg: Add HMAC functions based on Mbedtls
  CryptoPkg: Add HKDF functions based on Mbedtls
  CryptoPkg: Add RSA functions based on Mbedtls
  CryptoPkg: Add all .inf files for BaseCryptLibMbedTls
  CryptoPkg: Add Null functions for building pass
  CryptoPkg: Add MD5/SHA1/SHA2 functions based on Mbedtls
  CryptoPkg: Add Mbedtls submodule in CI
  CryptoPkg: Add basic Readme for BaseCryptLibMbedTls
  CryptoPkg: Add CryptAes functions based on Mbedtls Add CryptAes APIS.

 .gitmodules   |3 +
 .pytool/CISettings.py |2 +
 CryptoPkg/CryptoPkg.ci.yaml   |   12 +-
 CryptoPkg/CryptoPkg.dec   |5 +
 CryptoPkg/CryptoPkg.dsc   |8 +
 CryptoPkg/CryptoPkgMbedTls.dsc|  280 ++
 .../BaseCryptLibMbedTls/BaseCryptLib.inf  |   81 +
 .../BaseCryptLibMbedTls/Bn/CryptBnNull.c  |  520 +++
 .../Cipher/CryptAeadAesGcmNull.c  |  100 +
 .../BaseCryptLibMbedTls/Cipher/CryptAes.c |  225 +
 .../BaseCryptLibMbedTls/Cipher/CryptAesNull.c |  159 +
 .../BaseCryptLibMbedTls/Hash/CryptMd5.c   |  226 +
 .../BaseCryptLibMbedTls/Hash/CryptMd5Null.c   |  163 +
 .../Hash/CryptParallelHashNull.c  |   40 +
 .../BaseCryptLibMbedTls/Hash/CryptSha1.c  |  226 +
 .../BaseCryptLibMbedTls/Hash/CryptSha1Null.c  |  166 +
 .../BaseCryptLibMbedTls/Hash/CryptSha256.c|  219 +
 .../Hash/CryptSha256Null.c|  162 +
 .../BaseCryptLibMbedTls/Hash/CryptSha512.c|  431 ++
 .../Hash/CryptSha512Null.c|  275 ++
 .../BaseCryptLibMbedTls/Hash/CryptSm3Null.c   |  164 +
 .../BaseCryptLibMbedTls/Hmac/CryptHmac.c  |  678 +++
 .../BaseCryptLibMbedTls/Hmac/CryptHmacNull.c  |  359 ++
 .../BaseCryptLibMbedTls/InternalCryptLib.h|   25 +
 .../BaseCryptLibMbedTls/Kdf/CryptHkdf.c   |  372 ++
 .../BaseCryptLibMbedTls/Kdf/CryptHkdfNull.c   |  192 +
 .../BaseCryptLibMbedTls/PeiCryptLib.inf   |  101 +
 .../BaseCryptLibMbedTls/PeiCryptLib.uni   |   25 +
 .../BaseCryptLibMbedTls/Pem/CryptPemNull.c|   69 +
 .../Pk/CryptAuthenticodeNull.c|   45 +
 .../BaseCryptLibMbedTls/Pk/CryptDhNull.c  |  150 +
 .../BaseCryptLibMbedTls/Pk/CryptEcNull.c  |  578 +++
 .../Pk/CryptPkcs1OaepNull.c   |   51 +
 .../Pk/CryptPkcs5Pbkdf2Null.c |   48 +
 .../Pk/CryptPkcs7Internal.h   |   83 +
 .../Pk/CryptPkcs7SignNull.c   |   53 +
 .../Pk/CryptPkcs7VerifyEkuNull.c  |  152 +
 .../Pk/CryptPkcs7VerifyEkuRuntime.c   |   56 +
 .../Pk/CryptPkcs7VerifyNull.c |  163 +
 .../Pk/CryptPkcs7VerifyRuntime.c  |   38 +
 .../BaseCryptLibMbedTls/Pk/CryptRsaBasic.c|  278 ++
 .../Pk/CryptRsaBasicNull.c|  121 +
 .../BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c  |  117 +
 .../BaseCryptLibMbedTls/Pk/CryptRsaPss.c  |  174 +
 .../BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c  |   46 +
 .../Pk/CryptRsaPssSignNull.c  |   60 +
 .../BaseCryptLibMbedTls/Pk/CryptTsNull.c  |   42 +
 .../BaseCryptLibMbedTls/Pk/CryptX509Null.c|  753 
 .../BaseCryptLibMbedTls/Rand/CryptRandNull.c  |   56 +
 .../BaseCryptLibMbedTls/RuntimeCryptLib.inf   |   92 +
 .../BaseCryptLibMbedTls/RuntimeCryptLib.uni   |   22 +
 .../BaseCryptLibMbedTls/SecCryptLib.inf   |   84 +
 .../BaseCryptLibMbedTls/SecCryptLib.uni   |   17 +
 .../BaseCryptLibMbedTls/SmmCryptLib.inf   |   92 +
 .../BaseCryptLibMbedTls/SmmCryptLib.uni   |   22 +
 .../SysCall/ConstantTimeClock.c

Re: [edk2-devel] [PATCH v3 09/11] CryptoPkg: Add Mbedtls submodule in CI

[Li, Yi]

Hello .pytools maintainers and reviewers, any comments for this patch series?

Background:
https://github.com/tianocore/edk2-staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md#openssl30-mbedtls-dual-mode
This patch series is needed to resolve the limitation from OpenSSL 3.0 that 
provider based algorithms cannot work in pre-memory phase.
There are five features based on mbedtls in the patch series: 
HMAC/HKDF/RSA/HASH/AES.


Thanks,
Yi

-Original Message-
From: Hou, Wenxing  
Sent: Tuesday, October 10, 2023 9:50 AM
To: devel@edk2.groups.io; sean.bro...@microsoft.com; 
mikub...@linux.microsoft.com; Kinney, Michael D ; 
Gao, Liming 
Cc: Li, Yi1 
Subject: RE: [edk2-devel] [PATCH v3 09/11] CryptoPkg: Add Mbedtls submodule in 
CI

Hi all,

Could you help me take a look at this patch? 

Thank you very much!!



Thanks.
Wenxing



-Original Message-
From: Hou, Wenxing
Sent: Saturday, October 7, 2023 9:39 PM
To: devel@edk2.groups.io; sean.bro...@microsoft.com; 
mikub...@linux.microsoft.com; Kinney, Michael D ; 
gaolim...@byosoft.com.cn
Cc: Li, Yi1 
Subject: RE: [edk2-devel] [PATCH v3 09/11] CryptoPkg: Add Mbedtls submodule in 
CI

Hi all,


My patch is about enabling Mbedtls. And this patch will change the pytool.

Could you review this patch for the pytool change?

Thanks
Wenxing



-Original Message-
From: devel@edk2.groups.io  On Behalf Of Wenxing Hou
Sent: Thursday, September 28, 2023 11:34 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 ; Lu, Xiaoyu1 
; Jiang, Guomin 
Subject: [edk2-devel] [PATCH v3 09/11] CryptoPkg: Add Mbedtls submodule in CI

Change CI for new Mbedtls submodule.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
Signed-off-by: Wenxing Hou 
---
 .pytool/CISettings.py  |  2 ++
 CryptoPkg/CryptoPkg.ci.yaml| 12 +++-
 CryptoPkg/CryptoPkg.dec|  3 ++-
 CryptoPkg/CryptoPkg.dsc|  8 
 CryptoPkg/Private/Library/MbedTlsLib.h | 12 
 5 files changed, 35 insertions(+), 2 deletions(-)  create mode 100644 
CryptoPkg/Private/Library/MbedTlsLib.h

diff --git a/.pytool/CISettings.py b/.pytool/CISettings.py index 
6fb7342f81..c5803a877c 100644
--- a/.pytool/CISettings.py
+++ b/.pytool/CISettings.py
@@ -199,6 +199,8 @@ class Settings(CiBuildSettingsManager, 
UpdateSettingsManager, SetupSettingsManag
 "MdePkg/Library/BaseFdtLib/libfdt", False)) 
rs.append(RequiredSubmodule( "MdePkg/Library/MipiSysTLib/mipisyst", 
False))+rs.append(RequiredSubmodule(+
"CryptoPkg/Library/MbedTlsLib/mbedtls", False)) return rs  def 
GetName(self):diff --git a/CryptoPkg/CryptoPkg.ci.yaml 
b/CryptoPkg/CryptoPkg.ci.yaml
index 59ba56d41e..967612230d 100644
--- a/CryptoPkg/CryptoPkg.ci.yaml
+++ b/CryptoPkg/CryptoPkg.ci.yaml
@@ -38,10 +38,20 @@
 # This has OpenSSL interfaces that aren't UEFI spec compliant  
   "Library/BaseCryptLib/Hash/CryptParallelHash.h", 
"Library/Include/fcntl.h",+# This has Mbedtls interfaces that 
aren't UEFI spec compliant+"Library/Include/stdint.h",+
"Library/Include/stubs-32.h", # These directories contain 
auto-generated OpenSSL content "Library/OpensslLib", 
"Library/IntrinsicLib",-
"Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c"+
"Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c",+# mbedtls+
"Library/MbedTlsLib/mbedtls",+# This has mbedtls interfaces 
that aren't UEFI spec compliant+"Library/MbedTlsLib/EcSm2Null.c",+  
  "Library/MbedTlsLib/CrtWrapper.c",+
"Library/MbedTlsLib/Include/mbedtls/mbedtls_config.h",+
"Library/BaseCryptLibMbedTls/SysCall" ] }, "CompilerPlugin": 
{diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index a5fa81a338..e613b6b1ae 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -28,9 +28,9 @@
   Library/OpensslLib/OpensslGen/include   
Library/OpensslLib/OpensslGen/providers/common/include   
Library/MbedTlsLib/Include-  Library/MbedTlsLib/mbedtls   
Library/MbedTlsLib/mbedtls/include   
Library/MbedTlsLib/mbedtls/include/mbedtls+  Library/MbedTlsLib/mbedtls/library 
 [LibraryClasses]   ##  @libraryclass  Provides basic library functions for 
cryptographic primitives.@@ -49,6 +49,7 @@
   ##  @libraryclass  Provides library functions from the openssl project.   #  
 OpensslLib|Private/Library/OpensslLib.h+  
MbedTlsLib|Private/Library/MbedTlsLib.h##  @libraryclass  Provides compiler 
intrinsic functions required to link openssl project.   #diff --git 
a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index a55dcb9668..6a0104a3bb 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -364,6 +364,14 @@
   CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf   

Re: [edk2-devel] [PATCH v2 1/1] CryptoPkg/TlsLib: fix tls cipher configuration

[Li, Yi]

Sorry for delayed response due to PRC holiday.
This is a pretty good solution, I also ran some basic HTTPSBOOT and EAP-TLS 
test cases, and all passed.

Reviewed-by: Yi Li 

-Original Message-
From: Gerd Hoffmann  
Sent: Wednesday, October 4, 2023 5:20 PM
To: devel@edk2.groups.io
Cc: Li, Yi1 ; Pawel Polawski ; László 
Érsek ; Jiang, Guomin ; Yao, Jiewen 
; Oliver Steffen ; Lu, Xiaoyu1 
; Gerd Hoffmann 
Subject: [PATCH v2 1/1] CryptoPkg/TlsLib: fix tls cipher configuration

Trying to configure the TLS ciphers can lead to TLS handshake failures because 
TlsCipherMappingTable is not in line with the ciphers actually supported by 
OpensslLib.

Fix that by removing TlsCipherMappingTable altogether.  Use
SSL_get_ciphers() instead to get the stack of ciphers supported by openssl.  
Name and ID of the ciphers can be queried using the
SSL_CIPHER_get_name() and SSL_CIPHER_get_protocol_id() functions, which allows 
us to map IDs to names without a hard-code table.

Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=2541
Signed-off-by: Gerd Hoffmann 
---
 CryptoPkg/Library/TlsLib/TlsConfig.c | 164 ++-
 1 file changed, 36 insertions(+), 128 deletions(-)

diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c 
b/CryptoPkg/Library/TlsLib/TlsConfig.c
index f9333165a913..29d24abdca0f 100644
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -9,65 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 
 #include "InternalTlsLib.h"
 
-typedef struct {
-  //
-  // IANA/IETF defined Cipher Suite ID
-  //
-  UINT16 IanaCipher;
-  //
-  // OpenSSL-used Cipher Suite String
-  //
-  CONST CHAR8*OpensslCipher;
-  //
-  // Length of OpensslCipher
-  //
-  UINTN  OpensslCipherLength;
-} TLS_CIPHER_MAPPING;
-
-//
-// Create a TLS_CIPHER_MAPPING initializer from IanaCipher and OpensslCipher 
so -// that OpensslCipherLength is filled in automatically. IanaCipher must be 
an -// integer constant expression, and OpensslCipher must be a string literal.
-//
-#define MAP(IanaCipher, OpensslCipher) \
-  { (IanaCipher), (OpensslCipher), sizeof (OpensslCipher) - 1 }
-
-//
-// The mapping table between IANA/IETF Cipher Suite definitions and -// 
OpenSSL-used Cipher Suite name.
-//
-// Keep the table uniquely sorted by the IanaCipher field, in increasing order.
-//
-STATIC CONST TLS_CIPHER_MAPPING  TlsCipherMappingTable[] = {
-  MAP (0x0001, "NULL-MD5"), /// TLS_RSA_WITH_NULL_MD5
-  MAP (0x0002, "NULL-SHA"), /// TLS_RSA_WITH_NULL_SHA
-  MAP (0x0004, "RC4-MD5"),  /// 
TLS_RSA_WITH_RC4_128_MD5
-  MAP (0x0005, "RC4-SHA"),  /// 
TLS_RSA_WITH_RC4_128_SHA
-  MAP (0x000A, "DES-CBC3-SHA"), /// 
TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1
-  MAP (0x0016, "DHE-RSA-DES-CBC3-SHA"), /// 
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
-  MAP (0x002F, "AES128-SHA"),   /// 
TLS_RSA_WITH_AES_128_CBC_SHA, mandatory TLS 1.2
-  MAP (0x0030, "DH-DSS-AES128-SHA"),/// 
TLS_DH_DSS_WITH_AES_128_CBC_SHA
-  MAP (0x0031, "DH-RSA-AES128-SHA"),/// 
TLS_DH_RSA_WITH_AES_128_CBC_SHA
-  MAP (0x0033, "DHE-RSA-AES128-SHA"),   /// 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
-  MAP (0x0035, "AES256-SHA"),   /// 
TLS_RSA_WITH_AES_256_CBC_SHA
-  MAP (0x0036, "DH-DSS-AES256-SHA"),/// 
TLS_DH_DSS_WITH_AES_256_CBC_SHA
-  MAP (0x0037, "DH-RSA-AES256-SHA"),/// 
TLS_DH_RSA_WITH_AES_256_CBC_SHA
-  MAP (0x0039, "DHE-RSA-AES256-SHA"),   /// 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
-  MAP (0x003B, "NULL-SHA256"),  /// 
TLS_RSA_WITH_NULL_SHA256
-  MAP (0x003C, "AES128-SHA256"),/// 
TLS_RSA_WITH_AES_128_CBC_SHA256
-  MAP (0x003D, "AES256-SHA256"),/// 
TLS_RSA_WITH_AES_256_CBC_SHA256
-  MAP (0x003E, "DH-DSS-AES128-SHA256"), /// 
TLS_DH_DSS_WITH_AES_128_CBC_SHA256
-  MAP (0x003F, "DH-RSA-AES128-SHA256"), /// 
TLS_DH_RSA_WITH_AES_128_CBC_SHA256
-  MAP (0x0067, "DHE-RSA-AES128-SHA256"),/// 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
-  MAP (0x0068, "DH-DSS-AES256-SHA256"), /// 
TLS_DH_DSS_WITH_AES_256_CBC_SHA256
-  MAP (0x0069, "DH-RSA-AES256-SHA256"), /// 
TLS_DH_RSA_WITH_AES_256_CBC_SHA256
-  MAP (0x006B, "DHE-RSA-AES256-SHA256"),/// 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
-  MAP (0x009F, "DHE-RSA-AES256-GCM-SHA384"),/// 
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
-  MAP (0xC02B, "ECDHE-ECDSA-AES128-GCM-SHA256"),/// 
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-  MAP (0xC02C, "ECDHE-ECDSA-AES256-GCM-SHA384"),/// 
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-  MAP (0xC030, "ECDHE-RSA-AES256-GCM-SHA384"),  /// 
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-};
-
 typedef struct {
   //
   // TLS Algorithm
@@ -96,54 +37,6 @@ STATIC CONST TLS_ALGO_TO_NAME  

Re: [edk2-devel] [PATCH v3 00/11] Add HMAC/HKDF/RSA/HASH/AES features based on Mbedtls

[Li, Yi]

Looks good to me.
Reviewed-by: Yi Li 

-Original Message-
From: Hou, Wenxing  
Sent: Thursday, September 28, 2023 11:34 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 ; Lu, Xiaoyu1 
; Jiang, Guomin 
Subject: [PATCH v3 00/11] Add HMAC/HKDF/RSA/HASH/AES features based on Mbedtls

Purpose: This patch is needed to resolve the limitation from OpenSSL 3.0 that 
HMAC/HKDF/RSA cannot work in pre-memory phase.

There are five features based on mbedtls in the patch: HMAC/HKDF/RSA/HASH/AES.

Test: The patch has passed the unit_test and fuzz test. And the patch has 
passed testing on the Intel platform.

POC: https://github.com/tianocore/edk2-
staging/tree/OpenSSL11_EOL/CryptoPkg/Library/BaseCryptLibMbedTls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
Signed-off-by: Wenxing Hou 

Wenxing Hou (11):
  CryptoPkg: Add mbedtls submodule for EDKII
  CryptoPkg: Add mbedtls_config and MbedTlsLib.inf
  CryptoPkg: Add HMAC functions based on Mbedtls
  CryptoPkg: Add HKDF functions based on Mbedtls
  CryptoPkg: Add RSA functions based on Mbedtls
  CryptoPkg: Add all .inf files for BaseCryptLibMbedTls
  CryptoPkg: Add Null functions for building pass
  CryptoPkg: Add MD5/SHA1/SHA2 functions based on Mbedtls
  CryptoPkg: Add Mbedtls submodule in CI
  CryptoPkg: Add basic Readme for BaseCryptLibMbedTls
  CryptoPkg: Add CryptAes functions based on Mbedtls Add CryptAes APIS.

 .gitmodules   |3 +
 .pytool/CISettings.py |2 +
 CryptoPkg/CryptoPkg.ci.yaml   |   12 +-
 CryptoPkg/CryptoPkg.dec   |5 +
 CryptoPkg/CryptoPkg.dsc   |8 +
 CryptoPkg/CryptoPkgMbedTls.dsc|  280 ++
 .../BaseCryptLibMbedTls/BaseCryptLib.inf  |   81 +
 .../BaseCryptLibMbedTls/Bn/CryptBnNull.c  |  520 +++
 .../Cipher/CryptAeadAesGcmNull.c  |  100 +
 .../BaseCryptLibMbedTls/Cipher/CryptAes.c |  225 +
 .../BaseCryptLibMbedTls/Cipher/CryptAesNull.c |  159 +
 .../BaseCryptLibMbedTls/Hash/CryptMd5.c   |  226 +
 .../BaseCryptLibMbedTls/Hash/CryptMd5Null.c   |  163 +
 .../Hash/CryptParallelHashNull.c  |   40 +
 .../BaseCryptLibMbedTls/Hash/CryptSha1.c  |  226 +
 .../BaseCryptLibMbedTls/Hash/CryptSha1Null.c  |  166 +
 .../BaseCryptLibMbedTls/Hash/CryptSha256.c|  219 +
 .../Hash/CryptSha256Null.c|  162 +
 .../BaseCryptLibMbedTls/Hash/CryptSha512.c|  431 ++
 .../Hash/CryptSha512Null.c|  275 ++
 .../BaseCryptLibMbedTls/Hash/CryptSm3Null.c   |  164 +
 .../BaseCryptLibMbedTls/Hmac/CryptHmac.c  |  678 +++
 .../BaseCryptLibMbedTls/Hmac/CryptHmacNull.c  |  359 ++
 .../BaseCryptLibMbedTls/InternalCryptLib.h|   25 +
 .../BaseCryptLibMbedTls/Kdf/CryptHkdf.c   |  372 ++
 .../BaseCryptLibMbedTls/Kdf/CryptHkdfNull.c   |  192 +
 .../BaseCryptLibMbedTls/PeiCryptLib.inf   |  101 +
 .../BaseCryptLibMbedTls/PeiCryptLib.uni   |   25 +
 .../BaseCryptLibMbedTls/Pem/CryptPemNull.c|   69 +
 .../Pk/CryptAuthenticodeNull.c|   45 +
 .../BaseCryptLibMbedTls/Pk/CryptDhNull.c  |  150 +
 .../BaseCryptLibMbedTls/Pk/CryptEcNull.c  |  578 +++
 .../Pk/CryptPkcs1OaepNull.c   |   51 +
 .../Pk/CryptPkcs5Pbkdf2Null.c |   48 +
 .../Pk/CryptPkcs7Internal.h   |   83 +
 .../Pk/CryptPkcs7SignNull.c   |   53 +
 .../Pk/CryptPkcs7VerifyEkuNull.c  |  152 +
 .../Pk/CryptPkcs7VerifyEkuRuntime.c   |   56 +
 .../Pk/CryptPkcs7VerifyNull.c |  163 +
 .../Pk/CryptPkcs7VerifyRuntime.c  |   38 +
 .../BaseCryptLibMbedTls/Pk/CryptRsaBasic.c|  278 ++
 .../Pk/CryptRsaBasicNull.c|  121 +
 .../BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c  |  117 +
 .../BaseCryptLibMbedTls/Pk/CryptRsaPss.c  |  174 +
 .../BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c  |   46 +
 .../Pk/CryptRsaPssSignNull.c  |   60 +
 .../BaseCryptLibMbedTls/Pk/CryptTsNull.c  |   42 +
 .../BaseCryptLibMbedTls/Pk/CryptX509Null.c|  753 
 .../BaseCryptLibMbedTls/Rand/CryptRandNull.c  |   56 +
 .../BaseCryptLibMbedTls/RuntimeCryptLib.inf   |   92 +
 .../BaseCryptLibMbedTls/RuntimeCryptLib.uni   |   22 +
 .../BaseCryptLibMbedTls/SecCryptLib.inf   |   84 +
 .../BaseCryptLibMbedTls/SecCryptLib.uni   |   17 +
 .../BaseCryptLibMbedTls/SmmCryptLib.inf   |   92 +
 .../BaseCryptLibMbedTls/SmmCryptLib.uni   |   22 +
 .../SysCall/ConstantTimeClock.c   |   75 +
 .../BaseCryptLibMbedTls/SysCall/CrtWrapper.c  |   58 +
 .../SysCall/RuntimeMemAllocation.c|  462 ++
 .../SysCall/TimerWrapper.c|  198 +
 .../BaseCryptLibMbedTls/TestBaseCryptLib.inf  |   76 +
 CryptoPkg/Library/Include/stdint.h|   19 +
 CryptoPkg/Library/Include/stubs-32.h  |9 +
 CryptoPkg/Library/MbedTlsLib/CrtWrapper.c 

Re: [edk2-devel] [PATCH v1 07/24] CryptoPkg: CI: Add PrEval entry

[Li, Yi]

Joey:

I already give feedback for CryptoPkg part.

Seems there are two Crypto patch 07/24 and 13/24, but actually 13 is 
StandaloneMmPkg changes. Please check.
[PATCH v1 13/24] CryptoPkg: CI: Add PrEval entry 

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Li, Yi
Sent: Wednesday, August 2, 2023 12:42 PM
To: Joey Vagedes ; devel@edk2.groups.io
Cc: Yao, Jiewen ; Lu, Xiaoyu1 ; 
Jiang, Guomin 
Subject: Re: [edk2-devel] [PATCH v1 07/24] CryptoPkg: CI: Add PrEval entry


Looks good to me.
Reviewed-by: Yi Li 

-Original Message-
From: Joey Vagedes  
Sent: Tuesday, June 27, 2023 5:34 AM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 ; Lu, Xiaoyu1 
; Jiang, Guomin 
Subject: [PATCH v1 07/24] CryptoPkg: CI: Add PrEval entry

Adds a PrEval entry to the package's ci.yaml file which is used to verify if 
the package uses a particular library instance when that library instance file 
(INF) is updated.

When a library instance file (INF) is updated, PrEval will review each 
package's DSC as described in the ci.yaml file to determine if the package uses 
said library instance. If the package does use the library instance, it will be 
built and tested to ensure the package is not broken from the change.

Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
Signed-off-by: Joey Vagedes 
---
 CryptoPkg/CryptoPkg.ci.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CryptoPkg/CryptoPkg.ci.yaml b/CryptoPkg/CryptoPkg.ci.yaml index 
47f29759676d..4cec206477bc 100644
--- a/CryptoPkg/CryptoPkg.ci.yaml
+++ b/CryptoPkg/CryptoPkg.ci.yaml
@@ -6,6 +6,9 @@
 # SPDX-License-Identifier: BSD-2-Clause-Patent ## {+"PrEval": {+
"DscPath": "CryptoPkg.dsc",+}, "LicenseCheck": { "IgnoreFiles": 
[ # These directories contain auto-generated OpenSSL content-- 
2.41.0.windows.1








-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109377): https://edk2.groups.io/g/devel/message/109377
Mute This Topic: https://groups.io/mt/99798040/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] setting TLS ciphers is broken (openssl 3?)

[Li, Yi]

Hi Gerd,

We have validated HTTPs boot and WIFI with EAP-TLS, where the code consumed 
openssl3.0 TLS lib API.

So we cannot reproduce this issue. Could you provide detail test steps to me, I 
will look into it.

Thanks,
Yi  

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Yao, Jiewen
Sent: Thursday, September 28, 2023 1:31 AM
To: devel@edk2.groups.io; kra...@redhat.com
Subject: Re: [edk2-devel] setting TLS ciphers is broken (openssl 3?)

Hi Gerd
Thanks for the reporting. 

We will look into that. Is below text full reproduce steps? Which server you 
are using? Which TLS version is configured?
Please provide as detail as possible, if you could.


One more thing: We are going to have 1 week National Holiday since Tomorrow.
If we cannot nail down shortly, that would be next next week.

Thank you
Yao, Jiewen



> -Original Message-
> From: devel@edk2.groups.io  On Behalf Of Gerd 
> Hoffmann
> Sent: Wednesday, September 27, 2023 4:39 PM
> To: devel@edk2.groups.io
> Subject: [edk2-devel] setting TLS ciphers is broken (openssl 3?)
> 
>   Hi,
> 
> I've noticed that setting chipers for TLS stopped working in ovmf, 
> most likely due to the openssl 3.0 update.
> 
> Test case: try http boot from https server, set ciphers on the qemu 
> command line using:
> -object tls-cipher-suites,id=tls-cipher0,priority=@SYSTEM
> -fw_cfg name=etc/edk2/https/ciphers,gen_id=tls-cipher0
> 
> OvmfPkg/Library/TlsAuthConfigLib will read it from fwcfg and set 
> EDKII_HTTP_TLS_CIPHER_LIST_VARIABLE.
> 
> CryptoPkg/Library/TlsLib/TlsConfig.c will read the variable, map the 
> IDs to strings and call SSL_set_cipher_list() with the result.
> 
> Later on the tls handshake fails.  From the log:
> 
> [ ... ]
> TlsDxe:TlsSetCipherList: CipherString={
>   ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-
> SHA384:ECDHE-ECDSA-AES128-GC
>   M-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-GCM-
> SHA384:DHE-RSA-A
>   ES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-DES-CBC3-SHA
>   }
> [ ... ]
> TlsDoHandshake SSL_HANDSHAKE_ERROR State=0x10 SSL_ERROR_SSL 
> TlsDoHandshake ERROR 0x308010C=L6:R8010C TlsDoHandshake ERROR 
> 0xA0C0103=L14:RC0103 [ ... ]
> 
> take care,
>   Gerd
> 
> 
> 
> 
> 








-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109131): https://edk2.groups.io/g/devel/message/109131
Mute This Topic: https://groups.io/mt/101613778/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] Maintainers.txt: update maintainer for CryptoPkg

[Li, Yi]

Hi Mike,

I signed up to work as Maintainer for CryptoPkg, need help to add reviewer and 
maintainer permissions. Thanks!

Regards,
Yi 

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Li, Yi
Sent: Friday, June 16, 2023 12:21 PM
To: Wang, Jian J ; devel@edk2.groups.io
Cc: Yao, Jiewen ; Lu, Xiaoyu1 ; 
Jiang, Guomin 
Subject: Re: [edk2-devel] [PATCH] Maintainers.txt: update maintainer for 
CryptoPkg

Reviewed-by: Yi Li 

-Original Message-
From: Wang, Jian J  
Sent: Friday, June 16, 2023 12:09 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 ; Lu, Xiaoyu1 
; Jiang, Guomin 
Subject: [PATCH] Maintainers.txt: update maintainer for CryptoPkg

Cc: Jiewen Yao  [jyao1]
Cc: Yi Li  [liyi77]
Cc: Xiaoyu Lu  [xiaoyuxlu]
Cc: Guomin Jiang  [guominjia]
Signed-off-by: Jian J Wang 
---
 Maintainers.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Maintainers.txt b/Maintainers.txt index 42e40dced3..c645df397c 
100644
--- a/Maintainers.txt
+++ b/Maintainers.txt
@@ -178,7 +178,7 @@ CryptoPkg
 F: CryptoPkg/ W: 
https://github.com/tianocore/tianocore.github.io/wiki/CryptoPkg M: Jiewen Yao 
 [jyao1]-M: Jian J Wang  
[jwang36]+M: Yi Li  [liyi77] R: Xiaoyu Lu 
 [xiaoyuxlu] R: Guomin Jiang  
[guominjia] --
2.39.1.windows.1








-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109026): https://edk2.groups.io/g/devel/message/109026
Mute This Topic: https://groups.io/mt/99564153/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] NetworkPkg: Increase HTTP buffer size and enable TCP window scaling

[Li, Yi]

Hi Saloni and Zachary, can you help to merge this patch?  It got reviewed-by 
but not check-in, Thanks!

-Original Message-
From: Kasbekar, Saloni  
Sent: Tuesday, July 25, 2023 12:18 PM
To: Li, Yi1 ; devel@edk2.groups.io
Cc: Otcheretianski, Andrei ; Clark-williams, 
Zachary 
Subject: RE: [PATCH] NetworkPkg: Increase HTTP buffer size and enable TCP 
window scaling

Reviewed-by: Saloni Kasbekar 

-Original Message-
From: Li, Yi1  
Sent: Thursday, July 20, 2023 10:18 PM
To: devel@edk2.groups.io
Cc: Li, Yi1 ; Otcheretianski, Andrei 
; Kasbekar, Saloni 
; Clark-williams, Zachary 

Subject: [PATCH] NetworkPkg: Increase HTTP buffer size and enable TCP window 
scaling

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4505
This gives something like ~3 fold throughput boost.

Signed-off-by: Andrei Otcheretianski 
Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 
---
 NetworkPkg/HttpBootDxe/HttpBootClient.h |  2 +-
 NetworkPkg/HttpDxe/HttpProto.c  | 48 +
 NetworkPkg/HttpDxe/HttpProto.h  |  2 +-
 3 files changed, 27 insertions(+), 25 deletions(-)

diff --git a/NetworkPkg/HttpBootDxe/HttpBootClient.h 
b/NetworkPkg/HttpBootDxe/HttpBootClient.h
index 2fba713679..86a28bc91a 100644
--- a/NetworkPkg/HttpBootDxe/HttpBootClient.h
+++ b/NetworkPkg/HttpBootDxe/HttpBootClient.h
@@ -10,7 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent  #ifndef 
__EFI_HTTP_BOOT_HTTP_H__  #define __EFI_HTTP_BOOT_HTTP_H__
 
-#define HTTP_BOOT_BLOCK_SIZE   1500
+#define HTTP_BOOT_BLOCK_SIZE   32000
 #define HTTP_USER_AGENT_EFI_HTTP_BOOT  "UefiHttpBoot/1.0"
 #define HTTP_BOOT_AUTHENTICATION_INFO_MAX_LEN  255
 
diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c 
index 33ae622c3f..7dfb82dd2e 100644
--- a/NetworkPkg/HttpDxe/HttpProto.c
+++ b/NetworkPkg/HttpDxe/HttpProto.c
@@ -1073,18 +1073,19 @@ HttpConfigureTcp4 (
   Tcp4AP->ActiveFlag  = TRUE;
   IP4_COPY_ADDRESS (>RemoteAddress, >RemoteAddr);
 
-  Tcp4Option= Tcp4CfgData->ControlOption;
-  Tcp4Option->ReceiveBufferSize = HTTP_BUFFER_SIZE_DEAULT;
-  Tcp4Option->SendBufferSize= HTTP_BUFFER_SIZE_DEAULT;
-  Tcp4Option->MaxSynBackLog = HTTP_MAX_SYN_BACK_LOG;
-  Tcp4Option->ConnectionTimeout = HTTP_CONNECTION_TIMEOUT;
-  Tcp4Option->DataRetries   = HTTP_DATA_RETRIES;
-  Tcp4Option->FinTimeout= HTTP_FIN_TIMEOUT;
-  Tcp4Option->KeepAliveProbes   = HTTP_KEEP_ALIVE_PROBES;
-  Tcp4Option->KeepAliveTime = HTTP_KEEP_ALIVE_TIME;
-  Tcp4Option->KeepAliveInterval = HTTP_KEEP_ALIVE_INTERVAL;
-  Tcp4Option->EnableNagle   = TRUE;
-  Tcp4CfgData->ControlOption= Tcp4Option;
+  Tcp4Option  = Tcp4CfgData->ControlOption;
+  Tcp4Option->ReceiveBufferSize   = HTTP_BUFFER_SIZE_DEAULT;
+  Tcp4Option->SendBufferSize  = HTTP_BUFFER_SIZE_DEAULT;
+  Tcp4Option->MaxSynBackLog   = HTTP_MAX_SYN_BACK_LOG;
+  Tcp4Option->ConnectionTimeout   = HTTP_CONNECTION_TIMEOUT;
+  Tcp4Option->DataRetries = HTTP_DATA_RETRIES;
+  Tcp4Option->FinTimeout  = HTTP_FIN_TIMEOUT;
+  Tcp4Option->KeepAliveProbes = HTTP_KEEP_ALIVE_PROBES;
+  Tcp4Option->KeepAliveTime   = HTTP_KEEP_ALIVE_TIME;
+  Tcp4Option->KeepAliveInterval   = HTTP_KEEP_ALIVE_INTERVAL;
+  Tcp4Option->EnableNagle = TRUE;
+  Tcp4Option->EnableWindowScaling = TRUE;
+  Tcp4CfgData->ControlOption  = Tcp4Option;
 
   if ((HttpInstance->State == HTTP_STATE_TCP_CONNECTED) ||
   (HttpInstance->State == HTTP_STATE_TCP_CLOSED)) @@ -1156,17 +1157,18 @@ 
HttpConfigureTcp6 (
   IP6_COPY_ADDRESS (>StationAddress, 
>Ipv6Node.LocalAddress);
   IP6_COPY_ADDRESS (>RemoteAddress, >RemoteIpv6Addr);
 
-  Tcp6Option= Tcp6CfgData->ControlOption;
-  Tcp6Option->ReceiveBufferSize = HTTP_BUFFER_SIZE_DEAULT;
-  Tcp6Option->SendBufferSize= HTTP_BUFFER_SIZE_DEAULT;
-  Tcp6Option->MaxSynBackLog = HTTP_MAX_SYN_BACK_LOG;
-  Tcp6Option->ConnectionTimeout = HTTP_CONNECTION_TIMEOUT;
-  Tcp6Option->DataRetries   = HTTP_DATA_RETRIES;
-  Tcp6Option->FinTimeout= HTTP_FIN_TIMEOUT;
-  Tcp6Option->KeepAliveProbes   = HTTP_KEEP_ALIVE_PROBES;
-  Tcp6Option->KeepAliveTime = HTTP_KEEP_ALIVE_TIME;
-  Tcp6Option->KeepAliveInterval = HTTP_KEEP_ALIVE_INTERVAL;
-  Tcp6Option->EnableNagle   = TRUE;
+  Tcp6Option  = Tcp6CfgData->ControlOption;
+  Tcp6Option->ReceiveBufferSize   = HTTP_BUFFER_SIZE_DEAULT;
+  Tcp6Option->SendBufferSize  = HTTP_BUFFER_SIZE_DEAULT;
+  Tcp6Option->MaxSynBackLog   = HTTP_MAX_SYN_BACK_LOG;
+  Tcp6Option->ConnectionTimeout   = HTTP_CONNECTION_TIMEOUT;
+  Tcp6Option->DataRetries = HTTP_DATA_RETRIES;
+  Tcp6Option->FinTimeout  = HTTP_FIN_TIMEOUT;
+  Tcp6Option->KeepAliveProbes = HTTP_KEEP_ALIVE_PROBES;
+  Tcp6Option->KeepAliveTime   = HTTP_KEEP_ALIVE_TIME;
+  Tcp6Option->KeepAliveInterval   = HTTP_KEEP_ALIVE_INTERVAL;
+  Tcp6Option->EnableNagle = TRUE;
+  

Re: [edk2-devel] [PATCH v2 09/10] CryptoPkg: Add Mbedtls submodule in CI

[Li, Yi]

Skip those files in DscCompleteCheck is workaround IMO, I think we can add all 
mbedtls libraries and components to CryptoPkg.dsc with new CRYPTO_SERVICES.

-Original Message-
From: Hou, Wenxing  
Sent: Saturday, September 2, 2023 10:16 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 ; Lu, Xiaoyu1 
; Jiang, Guomin 
Subject: [PATCH v2 09/10] CryptoPkg: Add Mbedtls submodule in CI

Change CI for new Mbedtls submodule.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
Signed-off-by: Wenxing Hou 
---
 .pytool/CISettings.py   |  2 ++
 CryptoPkg/CryptoPkg.ci.yaml | 66 +++--
 2 files changed, 65 insertions(+), 3 deletions(-)

diff --git a/.pytool/CISettings.py b/.pytool/CISettings.py index 
6fb7342f81..c5803a877c 100644
--- a/.pytool/CISettings.py
+++ b/.pytool/CISettings.py
@@ -199,6 +199,8 @@ class Settings(CiBuildSettingsManager, 
UpdateSettingsManager, SetupSettingsManag
 "MdePkg/Library/BaseFdtLib/libfdt", False)) 
rs.append(RequiredSubmodule( "MdePkg/Library/MipiSysTLib/mipisyst", 
False))+rs.append(RequiredSubmodule(+
"CryptoPkg/Library/MbedTlsLib/mbedtls", False)) return rs  def 
GetName(self):diff --git a/CryptoPkg/CryptoPkg.ci.yaml 
b/CryptoPkg/CryptoPkg.ci.yaml
index 59ba56d41e..204b97f470 100644
--- a/CryptoPkg/CryptoPkg.ci.yaml
+++ b/CryptoPkg/CryptoPkg.ci.yaml
@@ -41,7 +41,14 @@
 # These directories contain auto-generated OpenSSL content 
"Library/OpensslLib", "Library/IntrinsicLib",-
"Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c"+
"Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c",+# mbedtls+
"Library/MbedTlsLib/mbedtls",+# This has mbedtls interfaces 
that aren't UEFI spec compliant+"Library/MbedTlsLib/EcSm2Null.c",+  
  "Library/MbedTlsLib/CrtWrapper.c",+
"Library/MbedTlsLib/Include/mbedtls/mbedtls_config.h",+
"Library/BaseCryptLibMbedTls/SysCall" ] }, "CompilerPlugin": 
{@@ -68,7 +75,16 @@
 }, "DscCompleteCheck": { "DscPath": "CryptoPkg.dsc",-
"IgnoreInf": []+"IgnoreInf": [+
"CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf",+
"CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf",+
"CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf",+
"CryptoPkg/Library/BaseCryptLibMbedTls/SecCryptLib.inf",+
"CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf",+
"CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf",+
"CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf",+
"CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf"+] }, 
"GuidCheck": { "IgnoreGuidName": [],@@ -76,7 +92,51 @@
 "IgnoreFoldersAndFiles": [] }, "LibraryClassCheck": {-
"IgnoreHeaderFile": []+"IgnoreHeaderFile": [+
"Library/MbedTlsLib/mbedtls/Library/aesni.h",+
"Library/MbedTlsLib/mbedtls/Library/bignum_core.h",+
"Library/MbedTlsLib/mbedtls/Library/bignum_mod.h",+
"Library/MbedTlsLib/mbedtls/Library/bignum_mod_raw.h",+
"Library/MbedTlsLib/mbedtls/Library/bn_mul.h",+
"Library/MbedTlsLib/mbedtls/Library/check_crypto_config.h",+
"Library/MbedTlsLib/mbedtls/Library/cipher_wrap.h",+
"Library/MbedTlsLib/mbedtls/Library/common.h",+
"Library/MbedTlsLib/mbedtls/Library/constant_time_internal.h",+
"Library/MbedTlsLib/mbedtls/Library/constant_time_invasive.h",+
"Library/MbedTlsLib/mbedtls/Library/ecp_internal_alt.h",+
"Library/MbedTlsLib/mbedtls/Library/ecp_invasive.h",+
"Library/MbedTlsLib/mbedtls/Library/entropy_poll.h",+
"Library/MbedTlsLib/mbedtls/Library/hash_info.h",+
"Library/MbedTlsLib/mbedtls/Library/lmots.h",+
"Library/MbedTlsLib/mbedtls/Library/md_wrap.h",+
"Library/MbedTlsLib/mbedtls/Library/mps_common.h",+
"Library/MbedTlsLib/mbedtls/Library/mps_error.h",+
"Library/MbedTlsLib/mbedtls/Library/mps_reader.h",+
"Library/MbedTlsLib/mbedtls/Library/mps_trace.h",+
"Library/MbedTlsLib/mbedtls/Library/padlock.h",+
"Library/MbedTlsLib/mbedtls/Library/pkwrite.h",+
"Library/MbedTlsLib/mbedtls/Library/pk_wrap.h",+
"Library/MbedTlsLib/mbedtls/Library/psa_crypto_aead.h",+
"Library/MbedTlsLib/mbedtls/Library/psa_crypto_cipher.h",+
"Library/MbedTlsLib/mbedtls/Library/psa_crypto_driver_wrappers.h",+
"Library/MbedTlsLib/mbedtls/Library/psa_crypto_ecp.h",+
"Library/MbedTlsLib/mbedtls/Library/psa_crypto_hash.h",+
"Library/MbedTlsLib/mbedtls/Library/psa_crypto_invasive.h",+

Re: [edk2-devel] [PATCH v2 05/10] CryptoPkg: Add RSA functions based on Mbedtls

[Li, Yi]

TestPublicExponent[] is same as default value so this test is nonsense.

Please use a different value to generate key and use RsaGetKey to confirm PE is 
same as expect.

-Original Message-
From: Hou, Wenxing  
Sent: Saturday, September 2, 2023 10:16 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 ; Lu, Xiaoyu1 
; Jiang, Guomin 
Subject: [PATCH v2 05/10] CryptoPkg: Add RSA functions based on Mbedtls

Add RSA APIs.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
Signed-off-by: Wenxing Hou 
---
 .../BaseCryptLibMbedTls/InternalCryptLib.h|  44 +++
 .../BaseCryptLibMbedTls/Pk/CryptRsaBasic.c| 268 ++
 .../Pk/CryptRsaBasicNull.c| 121 +++
 .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c  | 333 ++
 .../BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c  | 117 ++
 .../BaseCryptLibMbedTls/Pk/CryptRsaPss.c  | 164 +
 .../BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c  |  46 +++  
.../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c  | 231 
 .../Pk/CryptRsaPssSignNull.c  |  60 
 .../UnitTest/Library/BaseCryptLib/RsaTests.c  |   4 +
 10 files changed, 1388 insertions(+)
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasicNull.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExtNull.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPss.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssNull.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSignNull.c

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h 
b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
new file mode 100644
index 00..3e56c9a75c
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
@@ -0,0 +1,44 @@
+/** @file+  Internal include file for BaseCryptLib.++Copyright (c) 2023, Intel 
Corporation. All rights reserved.+SPDX-License-Identifier: 
BSD-2-Clause-Patent++**/++#ifndef INTERNAL_CRYPT_LIB_H_+#define 
INTERNAL_CRYPT_LIB_H_++#include +#include 
+#include +#include 
+#include +#include 
++//+// We should alwasy add mbedtls/config.h here+// to ensure the 
config override takes effect.+//+#include ++/**+  The 
MbedTLS function f_rng, which MbedRand implements, is not+  documented well.++  
@param[in]   RngState  RngState.+  @param[in]   OutputOutput.+  
@param[in]   Len   Len.++  @retval  0 success.+  
@retval  non-zero  failed.++**/+INT32+MbedRand (+  VOID   *RngState,+  
UINT8  *OutPut,+  UINTN  Len+  );++#endifdiff --git 
a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c
new file mode 100644
index 00..05c2cbd25a
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaBasic.c
@@ -0,0 +1,268 @@
+/** @file+  RSA Asymmetric Cipher Wrapper Implementation over MbedTLS.++  This 
file implements following APIs which provide basic capabilities for RSA:+  1) 
RsaNew+  2) RsaFree+  3) RsaSetKey+  4) RsaPkcs1Verify++  RFC 8017 - PKCS #1: 
RSA Cryptography Specifications Version 2.2++Copyright (c) 2023, Intel 
Corporation. All rights reserved.+SPDX-License-Identifier: 
BSD-2-Clause-Patent++**/++#include "InternalCryptLib.h"++#include 
++/**+  Allocates and initializes one RSA context for subsequent 
use.++  @return  Pointer to the RSA context that has been initialized.+ 
  If the allocations fails, RsaNew() returns NULL.++**/+VOID *+EFIAPI+RsaNew (+ 
 VOID+  )+{+  VOID  *RsaContext;++  RsaContext = AllocateZeroPool (sizeof 
(mbedtls_rsa_context));+  if (RsaContext == NULL) {+return RsaContext;+  
}++  mbedtls_rsa_init (RsaContext);+  if (mbedtls_rsa_set_padding (RsaContext, 
MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE) != 0) {+return NULL;+  }++  return 
RsaContext;+}++/**+  Release the specified RSA context.++  @param[in]  
RsaContext  Pointer to the RSA context to be released.++**/+VOID+EFIAPI+RsaFree 
(+  IN  VOID  *RsaContext+  )+{+  mbedtls_rsa_free (RsaContext);+  if 
(RsaContext != NULL) {+FreePool (RsaContext);+  }+}++/**+  Sets the 
tag-designated key component into the established RSA context.++  This function 
sets the tag-designated RSA key component into the established+  RSA context 
from the user-specified non-negative integer (octet string format+  represented 
in RSA PKCS#1).+  If BigNumber is NULL, then the specified key component in RSA 
context is cleared.++  If RsaContext is NULL, then return FALSE.++  @param[in, 
out]  RsaContext  Pointer to RSA context being set.+  

Re: [edk2-devel] [edk2/add_mbedtls PATCH 0/9] *** Add HMAC/HKDF/RSA/HASH features based on Mbedtls ***

[Li, Yi]

Hi Sean,

I would like to clarify that the purpose of this patch sequence is to 
supplement the defects of openssl3.0 rather than seek a substitute for openssl.
Crypto implementations other than HASH and AES in Openssl3.0 cannot be used in 
the PREMEM stage, and all implementations will be like this after all legacy 
openssl APIs are deleted in the future (openssl4.0).

This solution, introducing mbedtls to support RSA/HKDF/HMAC in PREMEM, has been 
proposed in the POC stage and I see no objection:
https://github.com/tianocore/edk2-staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md#type-1-openssl-30-main--mbedtls-for-pei-premem

So I prefer to treat this patch sequence as a BUG fix or a supplement to 
existing code, rather than a new CryptoPkg, And it's already a part of our 
openssl3.0 upgrade plan.

Your idea of separating the submodule from CryptoPkg is great even without 
mbedtls, but it sounds more like a new feature which needs a lot of changes. So 
I don't want to block the review of this patch sequence because of it.

Thanks,
Yi

From: devel@edk2.groups.io  On Behalf Of Sean
Sent: Friday, September 1, 2023 1:52 AM
To: devel@edk2.groups.io; Kinney, Michael D ; Yao, 
Jiewen ; Leif Lindholm ; Hou, 
Wenxing 
Cc: af...@apple.com
Subject: Re: [edk2-devel] [edk2/add_mbedtls PATCH 0/9] *** Add 
HMAC/HKDF/RSA/HASH features based on Mbedtls ***


replying to the whole chain.

I am not encouraging importing the source directly but still trying to isolate 
the "wrapper code" and the external mbedtls submodule management.

I am advocating that the underlying crypto implementation is 100% "hidden" from 
public include/dependency and the rest of the edk2 tree.  I am advocating that 
crypto "releases" are in essence independent of Edk2 stable tags (obviously a 
stable tag would still have reference to version tested at that time) because 
crypto needs to be updated more quickly and regularly and should have very 
minimal breaking dependencies.

Regarding Jiewen's options for layout my proposal would be more like option 5.  
:)

Tianocore/Edk2: CryptoPkg

  *   Header files for the crypto api of edk2(protocol, ppi, pcd, library 
definitions).
  *   Modules that are underlying crypto library independent.
  *   Null libraries that support compile test of edk2 CI

Tianocore/MbedTlsRepo: MbedTlsCryptoPkg

  *   No public header files for consumption outside package.
  *   Wrapper code and modules to support edk2 crypto using mbedtls library.
  *   submodule tracking info for mbedtls upstream project
  *   tests
  *   release notes
  *   Security vulnerability management for mbedtls based work

Tianocore/OpenSslRepo: OpenSslCryptoPkg

  *   No public header files for consumption outside package.
  *   Wrapper code and modules to support edk2 crypto using openssl library.
  *   submodule tracking info for openssl upstream project
  *   tests
  *   release notes
  *   Security vulnerability management for OpenSSL based work



I hope that helps explain.

Regarding checking in and then moving later...well i am skeptical.  This is a 
breaking change and once dependencies are formed, edk2 has historically had 
challenges in making these kinds of changes.

Thanks for consideration.

Sean






On 8/31/2023 10:24 AM, Michael D Kinney wrote:

Jiewen,



Thanks.  Option #1 makes more sense if it is the Mbedtls

wrapper code.



I prefer Option #1.



Breaking out into multiple repos also makes it hard to align

Releases across multiple repos.  We already have this as an

unsolved problem for edk2-platforms repo, and I am not interested

in adding more repos until we have a complete solution to do

edk2-platforms releases in place.



Mike



-Original Message-

From: Yao, Jiewen 

Sent: Thursday, August 31, 2023 9:07 AM

To: Kinney, Michael D 
; Leif Lindholm

; 
devel@edk2.groups.io; 
spbro...@outlook.com;

Hou, Wenxing 

Cc: af...@apple.com

Subject: RE: [edk2-devel] [edk2/add_mbedtls PATCH 0/9] *** Add

HMAC/HKDF/RSA/HASH features based on Mbedtls ***



Hi Mike

We are using submodule for mbedtls in this patch. Copying source code is

not preferred.



I think we are discussing multiple ways to layout the *mbedtls crypto

wrapper*. See following 4 options.



Thank you

Yao, Jiewen





-Original Message-

From: Kinney, Michael D 


Sent: Thursday, August 31, 2023 11:45 PM

To: Leif Lindholm 
; Yao, Jiewen

; 
devel@edk2.groups.io; 
spbro...@outlook.com;

Hou,

Wenxing 

Cc: af...@apple.com; Kinney, Michael D 


Subject: RE: [edk2-devel] [edk2/add_mbedtls 

Re: [edk2-devel] [edk2/add_mbedtls PATCH 0/9] *** Add HMAC/HKDF/RSA/HASH features based on Mbedtls ***

[Li, Yi]

Hi Sean,

>  I propose we remove openssl from the edk2 CryptoPkg and into the 
> OpenSslCryptoPkg in another new tianocore repository dedicated to OpenSsl.  
> MbedTls could then be checked into the MbedTlsCryptoPkg and added to another 
> new repository.

It may be a better choice to put openssl and mbedtls in the one CryptoPkg, and 
the users can more easily choose the lib they wants to use in different 
scenarios. openssl and mbedtls have their own disadvantages: mbedtls lacks the 
implementation of SM3 and SHA3, and most of the algorithms of openssl3.0 cannot 
be used in the PREMEM stage due to known issue.

New tianocore repository is a good proposal, actually we did encounter similar 
problems: EDK2 of the old platform was frozen on a Stable tag, but we had to 
continue to apply new patches under EDK2 because of the openssl vulnerability. 
Can we use another bugzilla to track this proposal? It will be a complicated 
thing, I can imagine that CI and customer's EDK2 sync-test process needs lots 
changes.

I hope to merge this patch series first, because some EDK2 users have requested 
to use HKDF, HMAC or RSA algorithms in the PREMEM stage.

Thanks,
Yi

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Sean
Sent: Thursday, August 31, 2023 2:57 AM
To: devel@edk2.groups.io; Hou, Wenxing 
Subject: Re: [edk2-devel] [edk2/add_mbedtls PATCH 0/9] *** Add 
HMAC/HKDF/RSA/HASH features based on Mbedtls ***

I appreciate and really like this work to enable mbedtls but I don't like the 
idea of adding another submodule to edk2.

For a long time there has been discussion about formalizing the abstraction of 
the edk2 crypto api so that it would be practical to implement edk2's crypto 
using various libraries.   I propose we remove openssl from the edk2 CryptoPkg 
and into the OpenSslCryptoPkg in another new tianocore repository dedicated to 
OpenSsl.  MbedTls could then be checked into the MbedTlsCryptoPkg and added to 
another new repository. This would also have the benefit of breaking the tight 
coupling of edk2 stable tags from the crypto used in the code base (crypto has 
more widely tracked vulnerabilities).

Happy to discuss more if others have different ideas.

Thanks

Sean



On 8/30/2023 12:52 AM, Wenxing Hou wrote:
> *** Add BaseCryptLibMbedTls for CryptoPkg, which can be an alternative 
> to OpenSSL in some scenarios. There are four features in the patch: 
> HMAC/HKDF/RSA/HASH.***
>
> Wenxing Hou (9):
>CryptoPkg: Add mbedtls submodule for EDKII
>CryptoPkg: Add mbedtls_config and MbedTlsLib.inf
>CryptoPkg: Add HMAC functions based on Mbedtls
>CryptoPkg: Add HKDF functions based on Mbedtls
>CryptoPkg: Add RSA functions based on Mbedtls
>CryptoPkg: Add all .inf files for BaseCryptLibMbedTls
>CryptoPkg: Add Null functions for building pass
>CryptoPkg: Add MD5/SHA1/SHA2 functions based on Mbedtls
>CryptoPkg: Add Mbedtls submodule in CI
>
>   .gitmodules   |3 +
>   .pytool/CISettings.py |2 +
>   CryptoPkg/CryptoPkg.ci.yaml   |   66 +-
>   CryptoPkg/CryptoPkg.dec   |4 +
>   CryptoPkg/CryptoPkgMbedTls.dsc|  280 ++
>   .../BaseCryptLibMbedTls/BaseCryptLib.inf  |   81 +
>   .../BaseCryptLibMbedTls/Bn/CryptBnNull.c  |  520 +++
>   .../Cipher/CryptAeadAesGcmNull.c  |  100 +
>   .../BaseCryptLibMbedTls/Cipher/CryptAesNull.c |  159 +
>   .../BaseCryptLibMbedTls/Hash/CryptMd5.c   |  234 +
>   .../BaseCryptLibMbedTls/Hash/CryptMd5Null.c   |  163 +
>   .../Hash/CryptParallelHashNull.c  |   40 +
>   .../BaseCryptLibMbedTls/Hash/CryptSha1.c  |  234 +
>   .../BaseCryptLibMbedTls/Hash/CryptSha1Null.c  |  166 +
>   .../BaseCryptLibMbedTls/Hash/CryptSha256.c|  227 +
>   .../Hash/CryptSha256Null.c|  162 +
>   .../BaseCryptLibMbedTls/Hash/CryptSha512.c|  447 ++
>   .../Hash/CryptSha512Null.c|  275 ++
>   .../BaseCryptLibMbedTls/Hash/CryptSm3Null.c   |  164 +
>   .../BaseCryptLibMbedTls/Hmac/CryptHmac.c  |  620 +++
>   .../BaseCryptLibMbedTls/Hmac/CryptHmacNull.c  |  359 ++
>   .../BaseCryptLibMbedTls/InternalCryptLib.h|   44 +
>   .../BaseCryptLibMbedTls/Kdf/CryptHkdf.c   |  372 ++
>   .../BaseCryptLibMbedTls/Kdf/CryptHkdfNull.c   |  192 +
>   .../BaseCryptLibMbedTls/PeiCryptLib.inf   |  101 +
>   .../BaseCryptLibMbedTls/PeiCryptLib.uni   |   25 +
>   .../BaseCryptLibMbedTls/Pem/CryptPemNull.c|   69 +
>   .../Pk/CryptAuthenticodeNull.c|   45 +
>   .../BaseCryptLibMbedTls/Pk/CryptDhNull.c  |  150 +
>   .../BaseCryptLibMbedTls/Pk/CryptEcNull.c  |  578 +++
>   .../Pk/CryptPkcs1OaepNull.c   |   51 +
>   .../Pk/CryptPkcs5Pbkdf2Null.c |   48 +
>   .../Pk/CryptPkcs7Internal.h   |   83 +
>   .../Pk/CryptPkcs7SignNull.c   |   53 +
>   .../Pk/CryptPkcs7VerifyEkuNull.c   

[edk2-devel] [edk2-staging/crypto-new-api][PATCH] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1u

[Li, Yi]

From: Sheng Wei 

(cherry-pick from: master b2de9ec5a759aa4a7ac029cda9079dce077bf856)

Cc: Zhichao Gao 
Cc: Heng Luo 
Signed-off-by: Yi Li 
---
 CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 -
 CryptoPkg/Library/OpensslLib/OpensslLibFull.inf | 1 -
 CryptoPkg/Library/OpensslLib/openssl| 2 +-
 3 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index eec497c7c4..2908bb62a4 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -157,7 +157,6 @@
   $(OPENSSL_PATH)/crypto/bn/bn_srp.c
   $(OPENSSL_PATH)/crypto/bn/bn_word.c
   $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
-  $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c
   $(OPENSSL_PATH)/crypto/buffer/buf_err.c
   $(OPENSSL_PATH)/crypto/buffer/buffer.c
   $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
index b07abec1af..4491b762d0 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
@@ -157,7 +157,6 @@
   $(OPENSSL_PATH)/crypto/bn/bn_srp.c
   $(OPENSSL_PATH)/crypto/bn/bn_word.c
   $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
-  $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c
   $(OPENSSL_PATH)/crypto/buffer/buf_err.c
   $(OPENSSL_PATH)/crypto/buffer/buffer.c
   $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
diff --git a/CryptoPkg/Library/OpensslLib/openssl 
b/CryptoPkg/Library/OpensslLib/openssl
index 830bf8e1e4..70c2912f63 16
--- a/CryptoPkg/Library/OpensslLib/openssl
+++ b/CryptoPkg/Library/OpensslLib/openssl
@@ -1 +1 @@
-Subproject commit 830bf8e1e4749ad65c51b6a1d0d769ae689404ba
+Subproject commit 70c2912f635aac8ab28629a2b5ea0c09740d2bda
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107825): https://edk2.groups.io/g/devel/message/107825
Mute This Topic: https://groups.io/mt/100796057/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 00/29] CryptoPkg: Update OpenSSL submodule to 3.0.9

[Li, Yi]

Hi Liming,

Yes, we'd better catch edk2 202308 stable tag. If there are new CVE problems 
after OpenSSL1.1 EOL, we won't get support from the openssl community. Updating 
to 3.0 ASAP is the best choice.

Regards,
Yi

-Original Message-
From: gaoliming  
Sent: Wednesday, August 2, 2023 6:07 PM
To: devel@edk2.groups.io; Li, Yi1 
Cc: Yao, Jiewen ; Lu, Xiaoyu1 ; 
Jiang, Guomin ; 'Gerd Hoffmann' 
Subject: 回复: [edk2-devel] [PATCH 00/29] CryptoPkg: Update OpenSSL submodule to 
3.0.9

Yi:
  Thanks for your great work to update openssl 3.0. The commit message shows 
this patch set must catch edk2 202308 stable tag. Right?
  Edk2 202308 stable tag will start soft feature free from Aug 7th (next 
Monday). That means this patch set needs to pass code review in one week. 

Jiwen, Gerd:
  Can you give your comments for this patch set this week? If you need more 
time, I will raise the request to defer the soft feature freeze.

Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io  代表 Li, Yi
> 发送时间: 2023年7月28日 14:40
> 收件人: devel@edk2.groups.io
> 抄送: Yi Li ; Jiewen Yao ; 
> Xiaoyu Lu ; Guomin Jiang 
> ; Gerd Hoffmann 
> 主题: [edk2-devel] [PATCH 00/29] CryptoPkg: Update OpenSSL submodule to
> 3.0.9
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3466
> 
> According to https://www.OpenSSL.org/policies/releasestrat.html,
> OpenSSL Version 1.1.1 will be supported until 2023-09-11 (LTS).
> Need to upgrade OpenSsl to 3.0.9 before 1.1.1 support stopping.
> 
> PR： https://github.com/tianocore/edk2/pull/4692
> 
> Cc: Jiewen Yao 
> Cc: Xiaoyu Lu 
> Cc: Guomin Jiang 
> Cc: Gerd Hoffmann 
> Gerd Hoffmann (15):
>   CryptoPkg/openssl: update submodule to openssl-3.0.9
>   CryptoPkg/openssl: cleanup all openssl1.1.1 generated files and code
>   CryptoPkg/openssl: update Openssl*.inf files for openssl 3.0
>   CryptoPkg/openssl: add openssl3 configure scripts
>   CryptoPkg/openssl: UefiAsm.conf update for openssl 3.0
>   CryptoPkg/BaseCryptLib: no openssl deprecation warnings please
>   CryptoPkg/BaseCryptLib: adapt CryptSm3.c to openssl 3.0 changes.
>   CryptoPkg/BaseCryptLib: drop BIO_* dummy functions
>   CryptoPkg/TlsLib: ERR_GET_FUNC is gone
>   CryptoPkg/openssl: adapt rand_pool.c to openssl 3.0 changes
>   CryptoPkg/openssl: move compiler_flags to buildinf.c
>   CryptoPkg/openssl: store dummy update for openssl 3.0
>   CryptoPkg/openssl: adapt EcSm2Null.c for openssl 3.0
>   CryptoPkg/TlsLib: use unsigned long for ErrorCode
>   CryptoPkg/openssl: update CI config for openssl 3.0
> 
> Yi Li (14):
>   CryptoPkg: Move all UEFI implement of openssl to OpensslStub
>   CryptoPkg: use UEFI provider as default
>   CryptoPkg: adapt 3.0 change in SslNull.c
>   CryptoPkg: Add instrinsics to support building openssl3 on IA32
> windows
>   CryptoPkg: disable C4133 warning in openssl libraries
>   CryptoPkg: Align with 4096 when build with OpensslFullAccel
>   CryptoPkg: Enable memcpy sys call in RISCV64 build
>   CryptoPkg: add missing gcc instructions
>   CryptoPkg: add define of maximum unsigned size_t
>   CryptoPkg: add implemention of _ftol2_sse() to avoid build error
>   CryptoPkg: add more dummy implement of openssl for size optimization
>   CryptoPkg: run configure.py to update all generated files
>   CryptoPkg: remove strcmp to syscall
>   CryptoPkg: remove BN and EC accel for size optimization
> 
>  CryptoPkg/CryptoPkg.ci.yaml   |   54 +-
>  CryptoPkg/CryptoPkg.dec   |4 +
>  CryptoPkg/CryptoPkg.dsc   |   12 +-
>  .../Library/BaseCryptLib/Hash/CryptSm3.c  |   14 +-
>  .../Library/BaseCryptLib/InternalCryptLib.h   |2 +
>  .../Library/BaseCryptLib/SysCall/CrtWrapper.c |   36 +-
>  .../SysCall/UnitTestHostCrtWrapper.c  |   25 -
>  CryptoPkg/Library/Include/CrtLibSupport.h |1 +
>  .../Library/Include/openssl/opensslconf.h |  333 -
>  .../IntrinsicLib/Ia32/MathDivModU64x64.c  |   23 +
>  .../Library/IntrinsicLib/Ia32/MathDivS64x64.c |   22 +
>  .../Library/IntrinsicLib/Ia32/MathDivU64x64.c |   22 +
>  .../Library/IntrinsicLib/Ia32/MathFtol.c  |   12 +
>  .../Library/IntrinsicLib/Ia32/MathLldiv.asm   |  203 +
>  .../Library/IntrinsicLib/Ia32/MathModU64x64.c |   26 +
>  .../Library/IntrinsicLib/Ia32/MathUlldiv.asm  |  157 +  
> .../Library/IntrinsicLib/Ia32/MathUlldvrm.asm |  184 +  
> .../Library/IntrinsicLib/Ia32/MathUllrem.asm  |  163 +
>  .../Library/IntrinsicLib/IntrinsicLib.inf |   11 +-
>  .../Library/IntrinsicLib/MemoryIntrinsics.c   |9 -
>  .../IA32/crypto/modes/ghash-x86.nasm  |  700 --
>  .../OpensslLib/IA32/crypto/sha/sha1-586.nasm  | 1394 ---
>  .../IA32/crypto/sha/sha256-586.nasm   | 3364 ---
>  .../IA32/crypto/sha/sha512-586.nasm  

Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8

[Li, Yi]

Hi Ard,

Your feedback already integrated to latest patch series:  [PATCH V2 00/29] 
CryptoPkg: Update OpenSSL submodule to 3.0.9
Thanks for your review, let me know if you have any feedback.

Regards,
Yi

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Ard Biesheuvel
Sent: Friday, June 2, 2023 5:15 PM
To: Yao, Jiewen 
Cc: devel@edk2.groups.io; kra...@redhat.com; Li, Yi1 ; Wang, 
Jian J ; Pawel Polawski ; Lu, 
Xiaoyu1 ; Jiang, Guomin ; Oliver 
Steffen ; Justen, Jordan L 
Subject: Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to 
openssl-3.0.8

On Fri, 2 Jun 2023 at 04:53, Yao, Jiewen  wrote:
>
> Hi Ard
> Would you please take a look at 
> https://github.com/tianocore/edk2-staging/tree/OpenSSL30, which is our 
> current working version? If you have any idea, please propose patch.
>
> Also, could you please try that on ARM/AARCH64 platform to see if there is 
> anything broken?
>
> I think those are important to make sure we have a working version for next 
> stable tag.
>

Agreed.

With GCC5 and the tweak below [0], that branch builds OVMF/ArmVirtQemu fine for 
me on {X64,AARCH64,ARM} x {DEBUG,RELEASE,NOOPT}.

I also built DeveloperBox.dsc and DeveloperBoxMm.dsc from edk2-platforms 
without problems, with SECURE_BOOT_ENABLE and TPM2_ENABLE both set.

Clang seemed to work fine as well, but the branch still uses CLANG3x so we need 
to rebase this branch onto the latest stable tag first and retest.

I did only a quick boot test to check whether secure boot verification was 
working, but all seemed to work fine.

In any case, if we want to make the next stable tag, I think we should move 
quickly, so that we have enough time to fix any issues that may arise.



[0] first hunk is based on 7880536fe17c2b54 in openssl upstream

--- a/CryptoPkg/Library/OpensslLib/OpensslGen/openssl/x509v3.h
+++ b/CryptoPkg/Library/OpensslLib/OpensslGen/openssl/x509v3.h
@@ -177,7 +177,7 @@ typedef struct GENERAL_NAME_st {
 OTHERNAME *otherName;   /* otherName */
 ASN1_IA5STRING *rfc822Name;
 ASN1_IA5STRING *dNSName;
-ASN1_TYPE *x400Address;
+ASN1_STRING *x400Address;
 X509_NAME *directoryName;
 EDIPARTYNAME *ediPartyName;
 ASN1_IA5STRING *uniformResourceIdentifier; diff --git 
a/CryptoPkg/Library/OpensslLib/SslExtServNull.c
b/CryptoPkg/Library/OpensslLib/SslExtServNull.c
index c256f17667668866..a736dca8b73d27d5 100644
--- a/CryptoPkg/Library/OpensslLib/SslExtServNull.c
+++ b/CryptoPkg/Library/OpensslLib/SslExtServNull.c
@@ -177,12 +177,6 @@ int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, 
unsigned int context,
 return 0;
 }

-static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick,
- SSL_SESSION **sess)
-{
-return SSL_TICKET_NO_DECRYPT;
-}
-
 int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)  {







-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107511): https://edk2.groups.io/g/devel/message/107511
Mute This Topic: https://groups.io/mt/97576405/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 29/29] CryptoPkg: remove BN and EC accel for size optimization

[Li, Yi]

BN and EC have not been fully tested, and will greatly increase
the size of the Crypto driver(>150KB).

Signed-off-by: Yi Li 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 .../Library/OpensslLib/OpensslLibAccel.inf| 26 ++
 .../OpensslLib/OpensslLibFullAccel.inf| 34 ++-
 CryptoPkg/Library/OpensslLib/configure.py | 21 
 3 files changed, 27 insertions(+), 54 deletions(-)

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
index 1d4b6bb6c7..a37347fbbf 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
@@ -22,8 +22,8 @@
   DEFINE OPENSSL_PATH= openssl
   DEFINE OPENSSL_GEN_PATH= OpensslGen
   DEFINE OPENSSL_FLAGS   = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT 
-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DEDK2_OPENSSL_NOEC=1
-  DEFINE OPENSSL_FLAGS_IA32  = -DAES_ASM -DGHASH_ASM -DMD5_ASM 
-DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_PART_WORDS 
-DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM 
-DVPAES_ASM
-  DEFINE OPENSSL_FLAGS_X64   = -DAES_ASM -DBSAES_ASM -DGHASH_ASM 
-DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
+  DEFINE OPENSSL_FLAGS_IA32  = -DAES_ASM -DGHASH_ASM -DMD5_ASM 
-DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
+  DEFINE OPENSSL_FLAGS_X64   = -DAES_ASM -DBSAES_ASM -DGHASH_ASM 
-DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DVPAES_ASM
 
 #
 #  VALID_ARCHITECTURES   = IA32 X64
@@ -33,6 +33,7 @@
   OpensslLibConstructor.c
   $(OPENSSL_PATH)/e_os.h
   $(OPENSSL_PATH)/ms/uplink.h
+  $(OPENSSL_PATH)/crypto/bn/bn_asm.c
 # Autogenerated files list starts here
 # Autogenerated files list ends here
   buildinf.h
@@ -660,10 +661,6 @@
   $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/aes-586.nasm | MSFT
   $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/aesni-x86.nasm | MSFT
   $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/aes/vpaes-x86.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/bn-586.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/co-586.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/x86-gf2m.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/bn/x86-mont.nasm | MSFT
   $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/x86cpuid.nasm | MSFT
   $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/md5/md5-586.nasm | MSFT
   $(OPENSSL_GEN_PATH)/IA32-MSFT/crypto/modes/ghash-x86.nasm | MSFT
@@ -673,10 +670,6 @@
   $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/aes-586.S | GCC
   $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/aesni-x86.S | GCC
   $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/aes/vpaes-x86.S | GCC
-  $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/bn-586.S | GCC
-  $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/co-586.S | GCC
-  $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/x86-gf2m.S | GCC
-  $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/bn/x86-mont.S | GCC
   $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/x86cpuid.S | GCC
   $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/md5/md5-586.S | GCC
   $(OPENSSL_GEN_PATH)/IA32-GCC/crypto/modes/ghash-x86.S | GCC
@@ -790,7 +783,6 @@
   $(OPENSSL_PATH)/crypto/bio/bss_null.c
   $(OPENSSL_PATH)/crypto/bio/bss_sock.c
   $(OPENSSL_PATH)/crypto/bio/ossl_core_bio.c
-  $(OPENSSL_PATH)/crypto/bn/asm/x86_64-gcc.c
   $(OPENSSL_PATH)/crypto/bn/bn_add.c
   $(OPENSSL_PATH)/crypto/bn/bn_blind.c
   $(OPENSSL_PATH)/crypto/bn/bn_const.c
@@ -1305,12 +1297,6 @@
   $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/aesni-x86_64.nasm | MSFT
   $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/bsaes-x86_64.nasm | MSFT
   $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/aes/vpaes-x86_64.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-avx2.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-avx512.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/rsaz-x86_64.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-gf2m.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-mont.nasm | MSFT
-  $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/bn/x86_64-mont5.nasm | MSFT
   $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/x86_64cpuid.nasm | MSFT
   $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/md5/md5-x86_64.nasm | MSFT
   $(OPENSSL_GEN_PATH)/X64-MSFT/crypto/modes/aesni-gcm-x86_64.nasm | MSFT
@@ -1328,12 +1314,6 @@
   $(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/aesni-x86_64.s | GCC
   $(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/bsaes-x86_64.s | GCC
   $(OPENSSL_GEN_PATH)/X64-GCC/crypto/aes/vpaes-x86_64.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-avx2.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-avx512.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/rsaz-x86_64.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-gf2m.s | GCC
-  $(OPENSSL_GEN_PATH)/X64-GCC/crypto/bn/x86_64-mont.s | GCC
-  

[edk2-devel] [PATCH V2 28/29] CryptoPkg/openssl: update CI config for openssl 3.0

[Li, Yi]

From: Gerd Hoffmann 

Signed-off-by: Gerd Hoffmann 
Signed-off-by: Yi Li 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/CryptoPkg.ci.yaml | 54 +
 1 file changed, 43 insertions(+), 11 deletions(-)

diff --git a/CryptoPkg/CryptoPkg.ci.yaml b/CryptoPkg/CryptoPkg.ci.yaml
index 47f2975967..59ba56d41e 100644
--- a/CryptoPkg/CryptoPkg.ci.yaml
+++ b/CryptoPkg/CryptoPkg.ci.yaml
@@ -9,11 +9,7 @@
 "LicenseCheck": {
 "IgnoreFiles": [
 # These directories contain auto-generated OpenSSL content
-"Library/OpensslLib/IA32",
-"Library/OpensslLib/IA32Gcc",
-"Library/OpensslLib/X64",
-"Library/OpensslLib/X64Gcc",
-"Library/Include/openssl"
+"Library/OpensslLib/OpensslGen"
 ]
 },
 "EccCheck": {
@@ -30,14 +26,13 @@
 ## Both file path and directory path are accepted.
 "IgnoreFiles": [
 "Library/OpensslLib/openssl",
-"Library/Include/openssl",
-"Library/Include/crypto",
+"Library/OpensslLib/OpensslGen",
 # The unit testing folder is not to be checked
 "Test/UnitTest",
 # This has OpenSSL interfaces that aren't UEFI spec compliant
 "Library/BaseCryptLib/SysCall",
 # This has OpenSSL interfaces that aren't UEFI spec compliant
-"Library/OpensslLib/rand_pool.c",
+"Library/OpensslLib/OpensslStub",
 # This has OpenSSL interfaces that aren't UEFI spec compliant
 "Library/Include/CrtLibSupport.h",
 # This has OpenSSL interfaces that aren't UEFI spec compliant
@@ -96,9 +91,46 @@
 # options defined in .pytool/Plugin/UncrustifyCheck
 "UncrustifyCheck": {
 "IgnoreFiles": [
-"opensslconf.h",
-"dso_conf.h",
-"opensslconf_generated.h"
+"Library/OpensslLib/OpensslGen/include/crypto/bn_conf.h",
+"Library/OpensslLib/OpensslGen/include/crypto/dso_conf.h",
+"Library/OpensslLib/OpensslGen/include/openssl/asn1.h",
+"Library/OpensslLib/OpensslGen/include/openssl/asn1t.h",
+"Library/OpensslLib/OpensslGen/include/openssl/bio.h",
+"Library/OpensslLib/OpensslGen/include/openssl/cmp.h",
+"Library/OpensslLib/OpensslGen/include/openssl/cms.h",
+"Library/OpensslLib/OpensslGen/include/openssl/conf.h",
+"Library/OpensslLib/OpensslGen/include/openssl/configuration-ec.h",
+
"Library/OpensslLib/OpensslGen/include/openssl/configuration-noec.h",
+"Library/OpensslLib/OpensslGen/include/openssl/configuration.h",
+"Library/OpensslLib/OpensslGen/include/openssl/crmf.h",
+"Library/OpensslLib/OpensslGen/include/openssl/crypto.h",
+"Library/OpensslLib/OpensslGen/include/openssl/ct.h",
+"Library/OpensslLib/OpensslGen/include/openssl/err.h",
+"Library/OpensslLib/OpensslGen/include/openssl/ess.h",
+"Library/OpensslLib/OpensslGen/include/openssl/fipskey.h",
+"Library/OpensslLib/OpensslGen/include/openssl/lhash.h",
+"Library/OpensslLib/OpensslGen/include/openssl/ocsp.h",
+"Library/OpensslLib/OpensslGen/include/openssl/opensslv.h",
+"Library/OpensslLib/OpensslGen/include/openssl/pkcs12.h",
+"Library/OpensslLib/OpensslGen/include/openssl/pkcs7.h",
+"Library/OpensslLib/OpensslGen/include/openssl/safestack.h",
+"Library/OpensslLib/OpensslGen/include/openssl/srp.h",
+"Library/OpensslLib/OpensslGen/include/openssl/ssl.h",
+"Library/OpensslLib/OpensslGen/include/openssl/ui.h",
+"Library/OpensslLib/OpensslGen/include/openssl/x509.h",
+"Library/OpensslLib/OpensslGen/include/openssl/x509v3.h",
+"Library/OpensslLib/OpensslGen/include/openssl/x509_vfy.h",
+
"Library/OpensslLib/OpensslGen/providers/common/der/der_digests_gen.c",
+"Library/OpensslLib/OpensslGen/providers/common/der/der_ecx_gen.c",
+"Library/OpensslLib/OpensslGen/providers/common/der/der_ec_gen.c",
+"Library/OpensslLib/OpensslGen/providers/common/der/der_rsa_gen.c",
+
"Library/OpensslLib/OpensslGen/providers/common/der/der_wrap_gen.c",
+
"Library/OpensslLib/OpensslGen/providers/common/include/prov/der_digests.h",
+
"Library/OpensslLib/OpensslGen/providers/common/include/prov/der_ec.h",
+
"Library/OpensslLib/OpensslGen/providers/common/include/prov/der_ecx.h",
+
"Library/OpensslLib/OpensslGen/providers/common/include/prov/der_rsa.h",
+
"Library/OpensslLib/OpensslGen/providers/common/include/prov/der_wrap.h",
+"Library/OpensslLib/OpensslStub/uefiprov.c"
 ]
 }
 }
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages 

[edk2-devel] [PATCH V2 27/29] CryptoPkg: remove strcmp to syscall

[Li, Yi]

In rare cases the platform may not provide the full IntrinsicLib.
But openssl30 build always require strcmp, provide this function by
moving it into CrtWrapper.c.

Signed-off-by: Yi Li 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 9 +
 CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c   | 9 -
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c 
b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
index 6d7ac3efdc..37cdecc9bd 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
@@ -275,6 +275,15 @@ strcpy (
   return strDest;
 }
 
+int
+strcmp (
+  const char  *s1,
+  const char  *s2
+  )
+{
+  return (int)AsciiStrCmp (s1, s2);
+}
+
 //
 // -- Character Classification Routines --
 //
diff --git a/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c 
b/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
index 611e9fd773..9b091f1901 100644
--- a/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
+++ b/CryptoPkg/Library/IntrinsicLib/MemoryIntrinsics.c
@@ -63,12 +63,3 @@ memcmp (
 {
   return (int)CompareMem (buf1, buf2, count);
 }
-
-int
-strcmp (
-  const char  *s1,
-  const char  *s2
-  )
-{
-  return (int)AsciiStrCmp (s1, s2);
-}
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107508): https://edk2.groups.io/g/devel/message/107508
Mute This Topic: https://groups.io/mt/100520612/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 25/29] CryptoPkg: add more dummy implement of openssl for size optimization

[Li, Yi]

Add dummy implement of Encoder, Pkcs12 and sslserver.
OpenSSL libraries which don't need these features can include
these files to reduce the size of output.

Signed-off-by: Yi Li 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/Library/OpensslLib/OpensslLib.inf   |   4 +
 .../Library/OpensslLib/OpensslLibAccel.inf|   4 +
 .../Library/OpensslLib/OpensslLibCrypto.inf   |   2 +
 .../Library/OpensslLib/OpensslLibFull.inf |   4 +
 .../OpensslLib/OpensslLibFullAccel.inf|   4 +
 .../OpensslLib/OpensslStub/EncoderNull.c  | 364 
 .../OpensslLib/OpensslStub/Pkcs12Null.c   | 146 +
 .../OpensslLib/OpensslStub/SslExtServNull.c   | 517 ++
 .../OpensslLib/OpensslStub/SslStatServNull.c  | 306 +++
 9 files changed, 1351 insertions(+)
 create mode 100644 CryptoPkg/Library/OpensslLib/OpensslStub/EncoderNull.c
 create mode 100644 CryptoPkg/Library/OpensslLib/OpensslStub/Pkcs12Null.c
 create mode 100644 CryptoPkg/Library/OpensslLib/OpensslStub/SslExtServNull.c
 create mode 100644 CryptoPkg/Library/OpensslLib/OpensslStub/SslStatServNull.c

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 856cbdd859..3fbebde0e5 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -40,6 +40,10 @@
 #  OpensslStub/SslNull.c
   OpensslStub/EcSm2Null.c
   OpensslStub/uefiprov.c
+  OpensslStub/EncoderNull.c
+  OpensslStub/SslStatServNull.c
+  OpensslStub/SslExtServNull.c
+  OpensslStub/Pkcs12Null.c
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
index 5e8bface2e..1b1f021ca0 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
@@ -42,6 +42,10 @@
 #  OpensslStub/SslNull.c
   OpensslStub/EcSm2Null.c
   OpensslStub/uefiprov.c
+  OpensslStub/EncoderNull.c
+  OpensslStub/SslStatServNull.c
+  OpensslStub/SslExtServNull.c
+  OpensslStub/Pkcs12Null.c
 
 [Sources.IA32]
 # Autogenerated files list starts here
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index e17f813f22..1916c230bb 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -41,6 +41,8 @@
   OpensslStub/SslNull.c
   OpensslStub/EcSm2Null.c
   OpensslStub/uefiprov.c
+  OpensslStub/EncoderNull.c
+  OpensslStub/Pkcs12Null.c
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
index b049bd4067..0bb7a52f57 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
@@ -45,6 +45,10 @@
 #  OpensslStub/SslNull.c
 #  OpensslStub/EcSm2Null.c
   OpensslStub/uefiprov.c
+  OpensslStub/EncoderNull.c
+  OpensslStub/SslStatServNull.c
+  OpensslStub/SslExtServNull.c
+  OpensslStub/Pkcs12Null.c
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
index 56962afffc..de6766 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
@@ -47,6 +47,10 @@
 #  OpensslStub/SslNull.c
 #  OpensslStub/EcSm2Null.c
   OpensslStub/uefiprov.c
+  OpensslStub/EncoderNull.c
+  OpensslStub/SslStatServNull.c
+  OpensslStub/SslExtServNull.c
+  OpensslStub/Pkcs12Null.c
 
 [Sources.IA32]
 # Autogenerated files list starts here
diff --git a/CryptoPkg/Library/OpensslLib/OpensslStub/EncoderNull.c 
b/CryptoPkg/Library/OpensslLib/OpensslStub/EncoderNull.c
new file mode 100644
index 00..f3106cf8ab
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/OpensslStub/EncoderNull.c
@@ -0,0 +1,364 @@
+/** @file
+  Null implementation of ENCODER functions called by BaseCryptLib.
+
+  Copyright (c) 2022, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include 
+
+OSSL_ENCODER *
+OSSL_ENCODER_fetch (
+  OSSL_LIB_CTX  *libctx,
+  const char*name,
+  const char*properties
+  )
+{
+  return NULL;
+}
+
+int
+OSSL_ENCODER_up_ref (
+  OSSL_ENCODER  *encoder
+  )
+{
+  return 0;
+}
+
+void
+OSSL_ENCODER_free (
+  OSSL_ENCODER  *encoder
+  )
+{
+}
+
+const OSSL_PROVIDER *
+OSSL_ENCODER_get0_provider (
+  const OSSL_ENCODER  *encoder
+  )
+{
+  return NULL;
+}
+
+const char *
+OSSL_ENCODER_get0_properties (
+  const OSSL_ENCODER  *encoder
+  )
+{
+  return NULL;
+}
+
+const char *
+OSSL_ENCODER_get0_name (
+  const OSSL_ENCODER  *kdf
+  )
+{
+  return NULL;
+}
+
+const char *
+OSSL_ENCODER_get0_description (
+  const OSSL_ENCODER  *kdf
+  )
+{
+  return NULL;
+}
+
+int
+OSSL_ENCODER_is_a (
+  const OSSL_ENCODER  *encoder,
+  const char  *name
+  )
+{
+  return 0;
+}
+
+void

[edk2-devel] [PATCH V2 24/29] CryptoPkg: add implemention of _ftol2_sse() to avoid build error

[Li, Yi]

Signed-off-by: Yi Li 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c 
b/CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c
index 09000c6bec..adfe249b1d 100644
--- a/CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c
+++ b/CryptoPkg/Library/IntrinsicLib/Ia32/MathFtol.c
@@ -23,3 +23,15 @@ _ftol2 (
 ret
   }
 }
+
+__declspec(naked) void
+_ftol2_sse (
+  void
+  )
+{
+  _asm {
+fistp dword ptr [esp-4]
+mov   eax,[esp-4]
+ret
+  }
+}
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107505): https://edk2.groups.io/g/devel/message/107505
Mute This Topic: https://groups.io/mt/100520609/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 23/29] CryptoPkg: add define of maximum unsigned size_t

[Li, Yi]

Used by openssl30 source code.

Signed-off-by: Yi Li 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/Library/Include/CrtLibSupport.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h 
b/CryptoPkg/Library/Include/CrtLibSupport.h
index 94b0e6b601..f36fe08f0c 100644
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
@@ -87,6 +87,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define UINT_MAX  0x  /* Maximum unsigned int value */
 #define ULONG_MAX 0x  /* Maximum unsigned long value */
 #define CHAR_BIT  8   /* Number of bits in a char */
+#define SIZE_MAX  0x  /* Maximum unsigned size_t */
 
 //
 // Address families.
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107504): https://edk2.groups.io/g/devel/message/107504
Mute This Topic: https://groups.io/mt/100520607/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 22/29] CryptoPkg: add missing gcc instructions

[Li, Yi]

Used when build IA32 CryptoPkg by gcc, the definition of the
instructions can be found at:
https://gcc.gnu.org/onlinedocs/gccint/Integer-library-routines.html

Signed-off-by: Yi Li 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 .../IntrinsicLib/Ia32/MathDivModU64x64.c  | 23 
 .../Library/IntrinsicLib/Ia32/MathDivS64x64.c | 22 
 .../Library/IntrinsicLib/Ia32/MathDivU64x64.c | 22 
 .../Library/IntrinsicLib/Ia32/MathModU64x64.c | 26 +++
 .../Library/IntrinsicLib/IntrinsicLib.inf |  5 +++-
 5 files changed, 97 insertions(+), 1 deletion(-)
 create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathDivModU64x64.c
 create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathDivS64x64.c
 create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathDivU64x64.c
 create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathModU64x64.c

diff --git a/CryptoPkg/Library/IntrinsicLib/Ia32/MathDivModU64x64.c 
b/CryptoPkg/Library/IntrinsicLib/Ia32/MathDivModU64x64.c
new file mode 100644
index 00..6c75a1ff1d
--- /dev/null
+++ b/CryptoPkg/Library/IntrinsicLib/Ia32/MathDivModU64x64.c
@@ -0,0 +1,23 @@
+/** @file
+  64-bit Math Worker Function.
+  The 32-bit versions of C compiler generate calls to library routines
+  to handle 64-bit math. These functions use non-standard calling conventions.
+
+Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include 
+
+/* https://gcc.gnu.org/onlinedocs/gccint/Integer-library-routines.html */
+__attribute__ ((__used__))
+unsigned long long
+__udivmoddi4 (
+  unsigned long long  A,
+  unsigned long long  B,
+  unsigned long long  *C
+  )
+{
+  return DivU64x64Remainder ((UINT64)A, (UINT64)B, (UINT64 *)C);
+}
diff --git a/CryptoPkg/Library/IntrinsicLib/Ia32/MathDivS64x64.c 
b/CryptoPkg/Library/IntrinsicLib/Ia32/MathDivS64x64.c
new file mode 100644
index 00..54ff619b61
--- /dev/null
+++ b/CryptoPkg/Library/IntrinsicLib/Ia32/MathDivS64x64.c
@@ -0,0 +1,22 @@
+/** @file
+  64-bit Math Worker Function.
+  The 32-bit versions of C compiler generate calls to library routines
+  to handle 64-bit math. These functions use non-standard calling conventions.
+
+Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include 
+
+/* https://gcc.gnu.org/onlinedocs/gccint/Integer-library-routines.html */
+__attribute__ ((__used__))
+long long
+__divdi3 (
+  long long  A,
+  long long  B
+  )
+{
+  return DivS64x64Remainder ((INT64)A, (INT64)B, NULL);
+}
diff --git a/CryptoPkg/Library/IntrinsicLib/Ia32/MathDivU64x64.c 
b/CryptoPkg/Library/IntrinsicLib/Ia32/MathDivU64x64.c
new file mode 100644
index 00..dbb7b516fb
--- /dev/null
+++ b/CryptoPkg/Library/IntrinsicLib/Ia32/MathDivU64x64.c
@@ -0,0 +1,22 @@
+/** @file
+  64-bit Math Worker Function.
+  The 32-bit versions of C compiler generate calls to library routines
+  to handle 64-bit math. These functions use non-standard calling conventions.
+
+Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include 
+
+/* https://gcc.gnu.org/onlinedocs/gccint/Integer-library-routines.html */
+__attribute__ ((__used__))
+unsigned long long
+__udivdi3 (
+  unsigned long long  A,
+  unsigned long long  B
+  )
+{
+  return DivU64x64Remainder ((UINT64)A, (UINT64)B, NULL);
+}
diff --git a/CryptoPkg/Library/IntrinsicLib/Ia32/MathModU64x64.c 
b/CryptoPkg/Library/IntrinsicLib/Ia32/MathModU64x64.c
new file mode 100644
index 00..eedd96074e
--- /dev/null
+++ b/CryptoPkg/Library/IntrinsicLib/Ia32/MathModU64x64.c
@@ -0,0 +1,26 @@
+/** @file
+  64-bit Math Worker Function.
+  The 32-bit versions of C compiler generate calls to library routines
+  to handle 64-bit math. These functions use non-standard calling conventions.
+
+Copyright (c) 2023, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include 
+
+/* https://gcc.gnu.org/onlinedocs/gccint/Integer-library-routines.html */
+__attribute__ ((__used__))
+unsigned long long
+__umoddi3 (
+  unsigned long long  A,
+  unsigned long long  B
+  )
+{
+  unsigned long long  Reminder;
+
+  DivU64x64Remainder ((UINT64)A, (UINT64)B, (UINT64 *));
+
+  return Reminder;
+}
diff --git a/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf 
b/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
index 4d2440466d..ae238ccc0b 100644
--- a/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+++ b/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
@@ -43,7 +43,10 @@
 
   Ia32/MathLShiftS64.nasm   | GCC
   Ia32/MathRShiftU64.nasm   | GCC
-
+  Ia32/MathDivModU64x64.c   | GCC
+  Ia32/MathDivS64x64.c  | GCC
+  Ia32/MathDivU64x64.c  | GCC
+  Ia32/MathModU64x64.c  | GCC
 [Sources.X64]
   CopyMem.c
 [Sources.RISCV64]
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

[edk2-devel] [PATCH V2 21/29] CryptoPkg: Enable memcpy sys call in RISCV64 build

[Li, Yi]

When build Openssl30, compiler optimization may use memcpy()
for memory copy.
Need enable it in RISCV64 build also.

Signed-off-by: Yi Li 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf 
b/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
index 2ec987b260..4d2440466d 100644
--- a/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+++ b/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
@@ -46,6 +46,8 @@
 
 [Sources.X64]
   CopyMem.c
+[Sources.RISCV64]
+  CopyMem.c
 
 [Packages]
   MdePkg/MdePkg.dec
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107502): https://edk2.groups.io/g/devel/message/107502
Mute This Topic: https://groups.io/mt/100520605/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 20/29] CryptoPkg: Align with 4096 when build with OpensslFullAccel

[Li, Yi]

Should align to 4096 when build ecp_nistz256 related asm files.
ecp_nistz256-x86.S Line3:
.globl  ecp_nistz256_precomputed
.align  4096

Signed-off-by: Yi Li 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/CryptoPkg.dsc | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 4676193e89..a55dcb9668 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -456,8 +456,8 @@
 
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
 
-  MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64
-  MSFT:*_*_X64_DLINK_FLAGS  = /ALIGN:256
+  MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:4096
+  MSFT:*_*_X64_DLINK_FLAGS  = /ALIGN:4096
   }
 !endif
 
@@ -522,8 +522,8 @@
 
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
 
-  MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64
-  MSFT:*_*_X64_DLINK_FLAGS  = /ALIGN:256
+  MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:4096
+  MSFT:*_*_X64_DLINK_FLAGS  = /ALIGN:4096
   }
   #
   # CryptoSmm with OpensslLib instance with no SSL or EC services
@@ -575,8 +575,8 @@
 
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
 
-  MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64
-  MSFT:*_*_X64_DLINK_FLAGS  = /ALIGN:256
+  MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:4096
+  MSFT:*_*_X64_DLINK_FLAGS  = /ALIGN:4096
   }
 !endif
 
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107501): https://edk2.groups.io/g/devel/message/107501
Mute This Topic: https://groups.io/mt/100520604/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 19/29] CryptoPkg/TlsLib: use unsigned long for ErrorCode

[Li, Yi]

From: Gerd Hoffmann 

Signed-off-by: Gerd Hoffmann 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/Library/TlsLib/TlsConfig.c  | 3 ++-
 CryptoPkg/Library/TlsLib/TlsProcess.c | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c 
b/CryptoPkg/Library/TlsLib/TlsConfig.c
index 5adb1976e3..f9333165a9 100644
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -701,7 +701,6 @@ TlsSetCaCertificate (
   TLS_CONNECTION  *TlsConn;
   SSL_CTX *SslCtx;
   INTNRet;
-  UINTN   ErrorCode;
 
   BioCert   = NULL;
   Cert  = NULL;
@@ -753,6 +752,8 @@ TlsSetCaCertificate (
   //
   Ret = X509_STORE_add_cert (X509Store, Cert);
   if (Ret != 1) {
+unsigned long  ErrorCode;
+
 ErrorCode = ERR_peek_last_error ();
 //
 // Ignore "already in table" errors
diff --git a/CryptoPkg/Library/TlsLib/TlsProcess.c 
b/CryptoPkg/Library/TlsLib/TlsProcess.c
index ddd0317ee6..1b712cd452 100644
--- a/CryptoPkg/Library/TlsLib/TlsProcess.c
+++ b/CryptoPkg/Library/TlsLib/TlsProcess.c
@@ -81,7 +81,6 @@ TlsDoHandshake (
   TLS_CONNECTION  *TlsConn;
   UINTN   PendingBufferSize;
   INTNRet;
-  UINTN   ErrorCode;
 
   TlsConn   = (TLS_CONNECTION *)Tls;
   PendingBufferSize = 0;
@@ -133,6 +132,8 @@ TlsDoHandshake (
 ));
   DEBUG_CODE_BEGIN ();
   while (TRUE) {
+unsigned long  ErrorCode;
+
 ErrorCode = ERR_get_error ();
 if (ErrorCode == 0) {
   break;
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107500): https://edk2.groups.io/g/devel/message/107500
Mute This Topic: https://groups.io/mt/100520603/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 18/29] CryptoPkg: disable C4133 warning in openssl libraries

[Li, Yi]

Disable warning as error of C4133:
v3_genn.c(101): warning C4133: 'function': incompatible types
- from 'ASN1_TYPE *' to 'const ASN1_STRING *'.

Signed-off-by: Yi Li 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/Library/OpensslLib/OpensslLib.inf  | 5 +++--
 CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf | 5 +++--
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf| 5 +++--
 CryptoPkg/Library/OpensslLib/OpensslLibFull.inf  | 5 +++--
 CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf | 5 +++--
 5 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 270f96ee69..856cbdd859 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -70,9 +70,10 @@
   #   C4702: unreachable code
   #   C4706: assignment within conditional expression
   #   C4819: The file contains a character that cannot be represented in the 
current code page
+  #   C4133: incompatible types - from 'ASN1_TYPE *' to 'const ASN1_STRING *' 
(v3_genn.c(101))
   #
-  MSFT:*_*_IA32_CC_FLAGS   = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_NOASM) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 
/wd4389 /wd4700 /wd4702 /wd4706 /wd4819
-  MSFT:*_*_X64_CC_FLAGS= -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_NOASM) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 
/wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
+  MSFT:*_*_IA32_CC_FLAGS   = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_NOASM) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 
/wd4389 /wd4700 /wd4702 /wd4706 /wd4819 /wd4133
+  MSFT:*_*_X64_CC_FLAGS= -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_NOASM) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 
/wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819 /wd4133
 
   #
   # Disable following Visual Studio 2015 compiler warnings brought by openssl 
source,
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
index 3bd3dfd37a..5e8bface2e 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
@@ -78,9 +78,10 @@
   #   C4702: unreachable code
   #   C4706: assignment within conditional expression
   #   C4819: The file contains a character that cannot be represented in the 
current code page
+  #   C4133: incompatible types - from 'ASN1_TYPE *' to 'const ASN1_STRING *' 
(v3_genn.c(101))
   #
-  MSFT:*_*_IA32_CC_FLAGS   = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_IA32) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 
/wd4389 /wd4700 /wd4702 /wd4706 /wd4819
-  MSFT:*_*_X64_CC_FLAGS= -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_X64) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 
/wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
+  MSFT:*_*_IA32_CC_FLAGS   = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_IA32) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 
/wd4389 /wd4700 /wd4702 /wd4706 /wd4819 /wd4133
+  MSFT:*_*_X64_CC_FLAGS= -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_X64) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 
/wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819 /wd4133
 
   #
   # Disable following Visual Studio 2015 compiler warnings brought by openssl 
source,
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 581f556eb2..e17f813f22 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -71,9 +71,10 @@
   #   C4702: unreachable code
   #   C4706: assignment within conditional expression
   #   C4819: The file contains a character that cannot be represented in the 
current code page
+  #   C4133: incompatible types - from 'ASN1_TYPE *' to 'const ASN1_STRING *' 
(v3_genn.c(101))
   #
-  MSFT:*_*_IA32_CC_FLAGS   = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_NOASM) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 
/wd4389 /wd4700 /wd4702 /wd4706 /wd4819
-  MSFT:*_*_X64_CC_FLAGS= -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_NOASM) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 
/wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
+  MSFT:*_*_IA32_CC_FLAGS   = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_NOASM) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 
/wd4389 /wd4700 /wd4702 /wd4706 /wd4819 /wd4133
+  MSFT:*_*_X64_CC_FLAGS= -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_NOASM) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 
/wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819 /wd4133
 
   #
   # Disable following Visual Studio 2015 compiler warnings brought by openssl 

[edk2-devel] [PATCH V2 17/29] CryptoPkg: Add instrinsics to support building openssl3 on IA32 windows

[Li, Yi]

This dependency is needed to build openssl lib with openssl3
under IA32 Windows, so added implementation for _alldiv, _aulldiv,
_aullrem and _alldvrm instrinsics.

Signed-off-by: Yi Li 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 .../Library/IntrinsicLib/Ia32/MathLldiv.asm   | 203 ++
 .../Library/IntrinsicLib/Ia32/MathUlldiv.asm  | 157 ++
 .../Library/IntrinsicLib/Ia32/MathUlldvrm.asm | 184 
 .../Library/IntrinsicLib/Ia32/MathUllrem.asm  | 163 ++
 .../Library/IntrinsicLib/IntrinsicLib.inf |   4 +
 5 files changed, 711 insertions(+)
 create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathLldiv.asm
 create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathUlldiv.asm
 create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathUlldvrm.asm
 create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathUllrem.asm

diff --git a/CryptoPkg/Library/IntrinsicLib/Ia32/MathLldiv.asm 
b/CryptoPkg/Library/IntrinsicLib/Ia32/MathLldiv.asm
new file mode 100644
index 00..2fccfd6dc0
--- /dev/null
+++ b/CryptoPkg/Library/IntrinsicLib/Ia32/MathLldiv.asm
@@ -0,0 +1,203 @@
+;***
+;lldiv.asm - signed long divide routine
+;
+;   Copyright (c) Microsoft Corporation. All rights reserved.
+;   SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+;Purpose:
+;   defines the signed long divide routine
+;   __alldiv
+;
+;Original Implemenation: MSVC 14.29.30133
+;
+;***
+.686
+.model  flat,C
+.code
+
+
+
+;***
+;lldiv - signed long divide
+;
+;Purpose:
+;   Does a signed long divide of the arguments.  Arguments are
+;   not changed.
+;
+;Entry:
+;   Arguments are passed on the stack:
+;   1st pushed: divisor (QWORD)
+;   2nd pushed: dividend (QWORD)
+;
+;Exit:
+;   EDX:EAX contains the quotient (dividend/divisor)
+;   NOTE: this routine removes the parameters from the stack.
+;
+;Uses:
+;   ECX
+;
+;Exceptions:
+;
+;***
+_alldiv PROC NEAR
+
+HIWORD  EQU [4] ;
+LOWORD  EQU [0]
+
+pushedi
+pushesi
+pushebx
+
+; Set up the local stack and save the index registers.  When this is done
+; the stack frame will look as follows (assuming that the expression a/b will
+; generate a call to lldiv(a, b)):
+;
+;   -
+;   |   |
+;   |---|
+;   |   |
+;   |--divisor (b)--|
+;   |   |
+;   |---|
+;   |   |
+;   |--dividend (a)-|
+;   |   |
+;   |---|
+;   | return addr** |
+;   |---|
+;   |  EDI  |
+;   |---|
+;   |  ESI  |
+;   |---|
+;   ESP>|  EBX  |
+;   -
+;
+
+DVNDequ [esp + 16]  ; stack address of dividend (a)
+DVSRequ [esp + 24]  ; stack address of divisor (b)
+
+
+; Determine sign of the result (edi = 0 if result is positive, non-zero
+; otherwise) and make operands positive.
+
+xor edi,edi ; result sign assumed positive
+
+mov eax,HIWORD(DVND) ; hi word of a
+or  eax,eax ; test to see if signed
+jge short L1; skip rest if a is already positive
+inc edi ; complement result sign flag
+mov edx,LOWORD(DVND) ; lo word of a
+neg eax ; make a positive
+neg edx
+sbb eax,0
+mov HIWORD(DVND),eax ; save positive value
+mov LOWORD(DVND),edx
+L1:
+mov eax,HIWORD(DVSR) ; hi word of b
+or  eax,eax ; test to see if signed
+jge short L2; skip rest if b is already positive
+inc edi ; complement the result sign flag
+mov edx,LOWORD(DVSR) ; lo word of a
+neg eax ; make b positive
+neg edx
+sbb eax,0
+mov HIWORD(DVSR),eax ; save positive value
+mov LOWORD(DVSR),edx
+L2:
+
+;
+; Now do the divide.  First look to see if the divisor is less than 4194304K.
+; If so, then we can use a simple algorithm with word divides, otherwise
+; things get a little more complex.
+;
+; NOTE - eax currently contains the high order word of DVSR
+;
+
+or  eax,eax ; check to see if divisor < 4194304K
+jnz short L3; nope, gotta do this the hard way
+mov ecx,LOWORD(DVSR) ; load divisor
+mov eax,HIWORD(DVND) ; load high word of dividend
+xor edx,edx
+div ecx ; eax <- high 

[edk2-devel] [PATCH V2 09/29] CryptoPkg/TlsLib: ERR_GET_FUNC is gone

[Li, Yi]

From: Gerd Hoffmann 

Signed-off-by: Gerd Hoffmann 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/Library/TlsLib/TlsConfig.c  | 2 +-
 CryptoPkg/Library/TlsLib/TlsProcess.c | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c 
b/CryptoPkg/Library/TlsLib/TlsConfig.c
index fdda73690a..5adb1976e3 100644
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -757,7 +757,7 @@ TlsSetCaCertificate (
 //
 // Ignore "already in table" errors
 //
-if (!((ERR_GET_FUNC (ErrorCode) == X509_F_X509_STORE_ADD_CERT) &&
+if (!((ERR_GET_LIB (ErrorCode) == ERR_LIB_X509) &&
   (ERR_GET_REASON (ErrorCode) == X509_R_CERT_ALREADY_IN_HASH_TABLE)))
 {
   Status = EFI_ABORTED;
diff --git a/CryptoPkg/Library/TlsLib/TlsProcess.c 
b/CryptoPkg/Library/TlsLib/TlsProcess.c
index db296053fd..ddd0317ee6 100644
--- a/CryptoPkg/Library/TlsLib/TlsProcess.c
+++ b/CryptoPkg/Library/TlsLib/TlsProcess.c
@@ -140,11 +140,10 @@ TlsDoHandshake (
 
 DEBUG ((
   DEBUG_ERROR,
-  "%a ERROR 0x%x=L%x:F%x:R%x\n",
+  "%a ERROR 0x%x=L%x:R%x\n",
   __func__,
   ErrorCode,
   ERR_GET_LIB (ErrorCode),
-  ERR_GET_FUNC (ErrorCode),
   ERR_GET_REASON (ErrorCode)
   ));
   }
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107492): https://edk2.groups.io/g/devel/message/107492
Mute This Topic: https://groups.io/mt/100520594/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 12/29] CryptoPkg/openssl: store dummy update for openssl 3.0

[Li, Yi]

From: Gerd Hoffmann 

Signed-off-by: Gerd Hoffmann 
Signed-off-by: Yi Li 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/Library/OpensslLib/ossl_store.c | 156 ++
 1 file changed, 156 insertions(+)

diff --git a/CryptoPkg/Library/OpensslLib/ossl_store.c 
b/CryptoPkg/Library/OpensslLib/ossl_store.c
index b4297395d7..f1e1b8b60f 100644
--- a/CryptoPkg/Library/OpensslLib/ossl_store.c
+++ b/CryptoPkg/Library/OpensslLib/ossl_store.c
@@ -6,6 +6,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
 
+#include 
+#include 
+#include 
+
 /*
  * This function is cleanup ossl store.
  *
@@ -17,3 +21,155 @@ ossl_store_cleanup_int (
   )
 {
 }
+
+int
+ossl_store_loader_store_cache_flush (
+  OSSL_LIB_CTX  *libctx
+  )
+{
+  return 1;
+}
+
+int
+ossl_store_loader_store_remove_all_provided (
+  OSSL_PROVIDER  *prov
+  )
+{
+  return 1;
+}
+
+static void *
+file_open (
+  void*provctx,
+  const char  *uri
+  )
+{
+  return NULL;
+}
+
+const OSSL_DISPATCH  ossl_file_store_functions[] = {
+  { OSSL_FUNC_STORE_OPEN, (void (*)(void)) file_open },
+  { 0,NULL   },
+};
+
+OSSL_STORE_CTX *
+OSSL_STORE_open (
+  const char   *uri,
+  const UI_METHOD  *ui_method,
+  void *ui_data,
+  OSSL_STORE_post_process_info_fn  post_process,
+  void *post_process_data
+  )
+{
+  return NULL;
+}
+
+OSSL_STORE_CTX *
+OSSL_STORE_open_ex (
+  const char   *uri,
+  OSSL_LIB_CTX *libctx,
+  const char   *propq,
+  const UI_METHOD  *ui_method,
+  void *ui_data,
+  const OSSL_PARAM params[],
+  OSSL_STORE_post_process_info_fn  post_process,
+  void *post_process_data
+  )
+{
+  return NULL;
+}
+
+int
+OSSL_STORE_INFO_get_type (
+  const OSSL_STORE_INFO  *info
+  )
+{
+  return 0;
+}
+
+int
+OSSL_STORE_find (
+  OSSL_STORE_CTX   *ctx,
+  const OSSL_STORE_SEARCH  *search
+  )
+{
+  return 0;
+}
+
+OSSL_STORE_INFO *
+OSSL_STORE_load (
+  OSSL_STORE_CTX  *ctx
+  )
+{
+  return NULL;
+}
+
+const char *
+OSSL_STORE_INFO_get0_NAME (
+  const OSSL_STORE_INFO  *info
+  )
+{
+  return NULL;
+}
+
+X509 *
+OSSL_STORE_INFO_get0_CERT (
+  const OSSL_STORE_INFO  *info
+  )
+{
+  return NULL;
+}
+
+X509_CRL *
+OSSL_STORE_INFO_get0_CRL (
+  const OSSL_STORE_INFO  *info
+  )
+{
+  return NULL;
+}
+
+int
+OSSL_STORE_eof (
+  OSSL_STORE_CTX  *ctx
+  )
+{
+  return 0;
+}
+
+int
+OSSL_STORE_error (
+  OSSL_STORE_CTX  *ctx
+  )
+{
+  return 0;
+}
+
+int
+OSSL_STORE_close (
+  OSSL_STORE_CTX  *ctx
+  )
+{
+  return 0;
+}
+
+void
+OSSL_STORE_INFO_free (
+  OSSL_STORE_INFO  *info
+  )
+{
+}
+
+OSSL_STORE_SEARCH *
+OSSL_STORE_SEARCH_by_name (
+  X509_NAME  *name
+  )
+{
+  return NULL;
+}
+
+void
+OSSL_STORE_SEARCH_free (
+  OSSL_STORE_SEARCH  *search
+  )
+{
+}
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107493): https://edk2.groups.io/g/devel/message/107493
Mute This Topic: https://groups.io/mt/100520595/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 11/29] CryptoPkg/openssl: move compiler_flags to buildinf.c

[Li, Yi]

From: Gerd Hoffmann 

Seems with openssl 3.0 this is used by multiple source files,
so we get duplicate symbol errors when linking.  Fix that by
moving compiler_flags from header file to a source file.

Signed-off-by: Gerd Hoffmann 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/Library/OpensslLib/OpensslLib.inf  | 1 +
 CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf | 1 +
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf| 1 +
 CryptoPkg/Library/OpensslLib/OpensslLibFull.inf  | 1 +
 CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf | 1 +
 CryptoPkg/Library/OpensslLib/buildinf.c  | 4 
 CryptoPkg/Library/OpensslLib/buildinf.h  | 2 +-
 7 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 CryptoPkg/Library/OpensslLib/buildinf.c

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 9c922d0f49..d43806708a 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -34,6 +34,7 @@
 # Autogenerated files list starts here
 # Autogenerated files list ends here
   buildinf.h
+  buildinf.c
   ossl_store.c
   rand_pool.c
 #  SslNull.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
index e6f2b8e07b..54cf01279c 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
@@ -36,6 +36,7 @@
 # Autogenerated files list starts here
 # Autogenerated files list ends here
   buildinf.h
+  buildinf.c
   ossl_store.c
   rand_pool.c
 #  SslNull.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index c7e63ca16c..3037eba9d3 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -35,6 +35,7 @@
 # Autogenerated files list starts here
 # Autogenerated files list ends here
   buildinf.h
+  buildinf.c
   ossl_store.c
   rand_pool.c
   SslNull.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
index 8dffe936fc..f9c00605f2 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
@@ -39,6 +39,7 @@
 # Autogenerated files list starts here
 # Autogenerated files list ends here
   buildinf.h
+  buildinf.c
   ossl_store.c
   rand_pool.c
 #  SslNull.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
index e8ebf6afb7..7ba262cb01 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
@@ -41,6 +41,7 @@
 # Autogenerated files list starts here
 # Autogenerated files list ends here
   buildinf.h
+  buildinf.c
   ossl_store.c
   rand_pool.c
 #  SslNull.c
diff --git a/CryptoPkg/Library/OpensslLib/buildinf.c 
b/CryptoPkg/Library/OpensslLib/buildinf.c
new file mode 100644
index 00..cd7fe9322e
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/buildinf.c
@@ -0,0 +1,4 @@
+/* SPDX-License-Identifier: BSD-2-Clause-Patent */
+#include "buildinf.h"
+
+const char  *compiler_flags = "compiler: information not available from edk2";
diff --git a/CryptoPkg/Library/OpensslLib/buildinf.h 
b/CryptoPkg/Library/OpensslLib/buildinf.h
index 9042c7526f..7cf0eae008 100644
--- a/CryptoPkg/Library/OpensslLib/buildinf.h
+++ b/CryptoPkg/Library/OpensslLib/buildinf.h
@@ -1,4 +1,4 @@
 #define PLATFORM  "UEFI"
 #define DATE  "Fri Dec 22 01:23:45 PDT 2017"
 
-const char  *compiler_flags = "compiler: information not available from edk2";
+extern const char  *compiler_flags;
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107495): https://edk2.groups.io/g/devel/message/107495
Mute This Topic: https://groups.io/mt/100520597/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 13/29] CryptoPkg/openssl: adapt EcSm2Null.c for openssl 3.0

[Li, Yi]

From: Gerd Hoffmann 

Signed-off-by: Gerd Hoffmann 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/Library/OpensslLib/EcSm2Null.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/CryptoPkg/Library/OpensslLib/EcSm2Null.c 
b/CryptoPkg/Library/OpensslLib/EcSm2Null.c
index 6d5ab2d4cc..b72a749189 100644
--- a/CryptoPkg/Library/OpensslLib/EcSm2Null.c
+++ b/CryptoPkg/Library/OpensslLib/EcSm2Null.c
@@ -9,8 +9,9 @@
 #include 
 #include 
 
-#undef OPENSSL_NO_EC
+#undef EDK2_OPENSSL_NOEC
 
+#include 
 #include 
 #include 
 #include 
@@ -300,9 +301,9 @@ ECDH_compute_key (
   return 0;
 }
 
-struct ec_key_st *
+const struct ec_key_st *
 EVP_PKEY_get0_EC_KEY (
-  EVP_PKEY  *pkey
+  const EVP_PKEY  *pkey
   )
 {
   ASSERT (FALSE);
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107494): https://edk2.groups.io/g/devel/message/107494
Mute This Topic: https://groups.io/mt/100520596/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 16/29] CryptoPkg: adapt 3.0 change in SslNull.c

[Li, Yi]

Type of input params changed in openssl30.

Signed-off-by: Yi Li 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/Library/OpensslLib/OpensslStub/SslNull.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/CryptoPkg/Library/OpensslLib/OpensslStub/SslNull.c 
b/CryptoPkg/Library/OpensslLib/OpensslStub/SslNull.c
index 49f1405bc0..9f659728fe 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslStub/SslNull.c
+++ b/CryptoPkg/Library/OpensslLib/OpensslStub/SslNull.c
@@ -80,10 +80,10 @@ SSL_CTX_new (
   return NULL;
 }
 
-unsigned long
+uint64_t
 SSL_CTX_set_options (
-  SSL_CTX*ctx,
-  unsigned long  op
+  SSL_CTX   *ctx,
+  uint64_t  op
   )
 {
   ASSERT (FALSE);
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107497): https://edk2.groups.io/g/devel/message/107497
Mute This Topic: https://groups.io/mt/100520599/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 10/29] CryptoPkg/openssl: adapt rand_pool.c to openssl 3.0 changes

[Li, Yi]

From: Gerd Hoffmann 

Some functions have been renamed.

Signed-off-by: Gerd Hoffmann 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/Library/OpensslLib/rand_pool.c | 24 
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c 
b/CryptoPkg/Library/OpensslLib/rand_pool.c
index 13e860a853..03047b233e 100644
--- a/CryptoPkg/Library/OpensslLib/rand_pool.c
+++ b/CryptoPkg/Library/OpensslLib/rand_pool.c
@@ -74,7 +74,7 @@ RandGetBytes (
  * This is OpenSSL required interface.
  */
 size_t
-rand_pool_acquire_entropy (
+ossl_pool_acquire_entropy (
   RAND_POOL  *pool
   )
 {
@@ -82,21 +82,21 @@ rand_pool_acquire_entropy (
   size_t Bytes_needed;
   unsigned char  *Buffer;
 
-  Bytes_needed = rand_pool_bytes_needed (pool, 1 /*entropy_factor*/);
+  Bytes_needed = ossl_rand_pool_bytes_needed (pool, 1 /*entropy_factor*/);
   if (Bytes_needed > 0) {
-Buffer = rand_pool_add_begin (pool, Bytes_needed);
+Buffer = ossl_rand_pool_add_begin (pool, Bytes_needed);
 
 if (Buffer != NULL) {
   Ret = RandGetBytes (Bytes_needed, Buffer);
   if (FALSE == Ret) {
-rand_pool_add_end (pool, 0, 0);
+ossl_rand_pool_add_end (pool, 0, 0);
   } else {
-rand_pool_add_end (pool, Bytes_needed, 8 * Bytes_needed);
+ossl_rand_pool_add_end (pool, Bytes_needed, 8 * Bytes_needed);
   }
 }
   }
 
-  return rand_pool_entropy_available (pool);
+  return ossl_rand_pool_entropy_available (pool);
 }
 
 /*
@@ -105,7 +105,7 @@ rand_pool_acquire_entropy (
  * This is OpenSSL required interface.
  */
 int
-rand_pool_add_nonce_data (
+ossl_pool_add_nonce_data (
   RAND_POOL  *pool
   )
 {
@@ -113,7 +113,7 @@ rand_pool_add_nonce_data (
 
   RandGetBytes (sizeof (data), data);
 
-  return rand_pool_add (pool, (unsigned char *), sizeof (data), 0);
+  return ossl_rand_pool_add (pool, (unsigned char *), sizeof (data), 0);
 }
 
 /*
@@ -130,7 +130,7 @@ rand_pool_add_additional_data (
 
   RandGetBytes (sizeof (data), data);
 
-  return rand_pool_add (pool, (unsigned char *), sizeof (data), 0);
+  return ossl_rand_pool_add (pool, (unsigned char *), sizeof (data), 0);
 }
 
 /*
@@ -139,7 +139,7 @@ rand_pool_add_additional_data (
  * This is OpenSSL required interface.
  */
 int
-rand_pool_init (
+ossl_rand_pool_init (
   VOID
   )
 {
@@ -152,7 +152,7 @@ rand_pool_init (
  * This is OpenSSL required interface.
  */
 VOID
-rand_pool_cleanup (
+ossl_rand_pool_cleanup (
   VOID
   )
 {
@@ -164,7 +164,7 @@ rand_pool_cleanup (
  * This is OpenSSL required interface.
  */
 VOID
-rand_pool_keep_random_devices_open (
+ossl_rand_pool_keep_random_devices_open (
   int  keep
   )
 {
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107496): https://edk2.groups.io/g/devel/message/107496
Mute This Topic: https://groups.io/mt/100520598/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 14/29] CryptoPkg: Move all UEFI implement of openssl to OpensslStub

[Li, Yi]

Signed-off-by: Yi Li 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 8 
 CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf  | 8 
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 8 
 CryptoPkg/Library/OpensslLib/OpensslLibFull.inf   | 8 
 CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf  | 8 
 .../Library/OpensslLib/{ => OpensslStub}/EcSm2Null.c  | 0
 CryptoPkg/Library/OpensslLib/{ => OpensslStub}/SslNull.c  | 0
 .../Library/OpensslLib/{ => OpensslStub}/ossl_store.c | 0
 .../Library/OpensslLib/{ => OpensslStub}/rand_pool.c  | 0
 9 files changed, 20 insertions(+), 20 deletions(-)
 rename CryptoPkg/Library/OpensslLib/{ => OpensslStub}/EcSm2Null.c (100%)
 rename CryptoPkg/Library/OpensslLib/{ => OpensslStub}/SslNull.c (100%)
 rename CryptoPkg/Library/OpensslLib/{ => OpensslStub}/ossl_store.c (100%)
 rename CryptoPkg/Library/OpensslLib/{ => OpensslStub}/rand_pool.c (100%)

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index d43806708a..c6f72193e7 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -35,10 +35,10 @@
 # Autogenerated files list ends here
   buildinf.h
   buildinf.c
-  ossl_store.c
-  rand_pool.c
-#  SslNull.c
-  EcSm2Null.c
+  OpensslStub/ossl_store.c
+  OpensslStub/rand_pool.c
+#  OpensslStub/SslNull.c
+  OpensslStub/EcSm2Null.c
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
index 54cf01279c..98fcad47dc 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
@@ -37,10 +37,10 @@
 # Autogenerated files list ends here
   buildinf.h
   buildinf.c
-  ossl_store.c
-  rand_pool.c
-#  SslNull.c
-  EcSm2Null.c
+  OpensslStub/ossl_store.c
+  OpensslStub/rand_pool.c
+#  OpensslStub/SslNull.c
+  OpensslStub/EcSm2Null.c
 
 [Sources.IA32]
 # Autogenerated files list starts here
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 3037eba9d3..861f42c3d8 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -36,10 +36,10 @@
 # Autogenerated files list ends here
   buildinf.h
   buildinf.c
-  ossl_store.c
-  rand_pool.c
-  SslNull.c
-  EcSm2Null.c
+  OpensslStub/ossl_store.c
+  OpensslStub/rand_pool.c
+  OpensslStub/SslNull.c
+  OpensslStub/EcSm2Null.c
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
index f9c00605f2..7815b5fea1 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
@@ -40,10 +40,10 @@
 # Autogenerated files list ends here
   buildinf.h
   buildinf.c
-  ossl_store.c
-  rand_pool.c
-#  SslNull.c
-#  EcSm2Null.c
+  OpensslStub/ossl_store.c
+  OpensslStub/rand_pool.c
+#  OpensslStub/SslNull.c
+#  OpensslStub/EcSm2Null.c
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
index 7ba262cb01..0a13bd04bf 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
@@ -42,10 +42,10 @@
 # Autogenerated files list ends here
   buildinf.h
   buildinf.c
-  ossl_store.c
-  rand_pool.c
-#  SslNull.c
-#  EcSm2Null.c
+  OpensslStub/ossl_store.c
+  OpensslStub/rand_pool.c
+#  OpensslStub/SslNull.c
+#  OpensslStub/EcSm2Null.c
 
 [Sources.IA32]
 # Autogenerated files list starts here
diff --git a/CryptoPkg/Library/OpensslLib/EcSm2Null.c 
b/CryptoPkg/Library/OpensslLib/OpensslStub/EcSm2Null.c
similarity index 100%
rename from CryptoPkg/Library/OpensslLib/EcSm2Null.c
rename to CryptoPkg/Library/OpensslLib/OpensslStub/EcSm2Null.c
diff --git a/CryptoPkg/Library/OpensslLib/SslNull.c 
b/CryptoPkg/Library/OpensslLib/OpensslStub/SslNull.c
similarity index 100%
rename from CryptoPkg/Library/OpensslLib/SslNull.c
rename to CryptoPkg/Library/OpensslLib/OpensslStub/SslNull.c
diff --git a/CryptoPkg/Library/OpensslLib/ossl_store.c 
b/CryptoPkg/Library/OpensslLib/OpensslStub/ossl_store.c
similarity index 100%
rename from CryptoPkg/Library/OpensslLib/ossl_store.c
rename to CryptoPkg/Library/OpensslLib/OpensslStub/ossl_store.c
diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c 
b/CryptoPkg/Library/OpensslLib/OpensslStub/rand_pool.c
similarity index 100%
rename from CryptoPkg/Library/OpensslLib/rand_pool.c
rename to CryptoPkg/Library/OpensslLib/OpensslStub/rand_pool.c
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107490): https://edk2.groups.io/g/devel/message/107490

[edk2-devel] [PATCH V2 15/29] CryptoPkg: use UEFI provider as default

[Li, Yi]

Added UEFI provider which removed unused features to
optimize the size of openssl3.

Signed-off-by: Yi Li 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/Library/OpensslLib/OpensslLib.inf   |   1 +
 .../Library/OpensslLib/OpensslLibAccel.inf|   1 +
 .../Library/OpensslLib/OpensslLibCrypto.inf   |   1 +
 .../Library/OpensslLib/OpensslLibFull.inf |   1 +
 .../OpensslLib/OpensslLibFullAccel.inf|   1 +
 .../Library/OpensslLib/OpensslStub/uefiprov.c | 328 ++
 6 files changed, 333 insertions(+)
 create mode 100644 CryptoPkg/Library/OpensslLib/OpensslStub/uefiprov.c

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index c6f72193e7..270f96ee69 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -39,6 +39,7 @@
   OpensslStub/rand_pool.c
 #  OpensslStub/SslNull.c
   OpensslStub/EcSm2Null.c
+  OpensslStub/uefiprov.c
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
index 98fcad47dc..3bd3dfd37a 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
@@ -41,6 +41,7 @@
   OpensslStub/rand_pool.c
 #  OpensslStub/SslNull.c
   OpensslStub/EcSm2Null.c
+  OpensslStub/uefiprov.c
 
 [Sources.IA32]
 # Autogenerated files list starts here
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 861f42c3d8..581f556eb2 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -40,6 +40,7 @@
   OpensslStub/rand_pool.c
   OpensslStub/SslNull.c
   OpensslStub/EcSm2Null.c
+  OpensslStub/uefiprov.c
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
index 7815b5fea1..0011f157eb 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
@@ -44,6 +44,7 @@
   OpensslStub/rand_pool.c
 #  OpensslStub/SslNull.c
 #  OpensslStub/EcSm2Null.c
+  OpensslStub/uefiprov.c
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
index 0a13bd04bf..fa8aabdccf 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
@@ -46,6 +46,7 @@
   OpensslStub/rand_pool.c
 #  OpensslStub/SslNull.c
 #  OpensslStub/EcSm2Null.c
+  OpensslStub/uefiprov.c
 
 [Sources.IA32]
 # Autogenerated files list starts here
diff --git a/CryptoPkg/Library/OpensslLib/OpensslStub/uefiprov.c 
b/CryptoPkg/Library/OpensslLib/OpensslStub/uefiprov.c
new file mode 100644
index 00..40ab7e937c
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/OpensslStub/uefiprov.c
@@ -0,0 +1,328 @@
+/** @file
+  UEFI Openssl provider implementation.
+
+  Copyright (c) 2022, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "prov/bio.h"
+#include "prov/provider_ctx.h"
+#include "prov/providercommon.h"
+#include "prov/implementations.h"
+#include "prov/names.h"
+#include "prov/provider_util.h"
+#include "prov/seeding.h"
+#include "internal/nelem.h"
+#include "provider_local.h"
+
+OSSL_provider_init_fn ossl_uefi_provider_init;
+const OSSL_PROVIDER_INFO ossl_predefined_providers[] = {
+{ "default", NULL, ossl_uefi_provider_init, NULL, 1 },
+{ NULL, NULL, NULL, NULL, 0 }
+};
+
+/*
+ * Forward declarations to ensure that interface functions are correctly
+ * defined.
+ */
+static OSSL_FUNC_provider_gettable_params_fn deflt_gettable_params;
+static OSSL_FUNC_provider_get_params_fn deflt_get_params;
+static OSSL_FUNC_provider_query_operation_fn deflt_query;
+
+#define ALGC(NAMES, FUNC, CHECK) { { NAMES, "provider=default", FUNC }, CHECK }
+#define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
+
+/* Functions provided by the core */
+static OSSL_FUNC_core_gettable_params_fn *c_gettable_params = NULL;
+static OSSL_FUNC_core_get_params_fn *c_get_params = NULL;
+
+/* Parameters we provide to the core */
+static const OSSL_PARAM deflt_param_types[] = {
+OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
+OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
+OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
+OSSL_PARAM_DEFN(OSSL_PROV_PARAM_STATUS, OSSL_PARAM_INTEGER, NULL, 0),
+OSSL_PARAM_END
+};
+
+static const OSSL_PARAM *deflt_gettable_params(void *provctx)
+{
+return deflt_param_types;
+}
+
+static int deflt_get_params(void *provctx, OSSL_PARAM params[])
+{
+OSSL_PARAM *p;
+
+p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);

[edk2-devel] [PATCH V2 08/29] CryptoPkg/BaseCryptLib: drop BIO_* dummy functions

[Li, Yi]

From: Gerd Hoffmann 

openssl 3.0 requires a functional BIO_sprintf() implementation.

Signed-off-by: Gerd Hoffmann 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 .../Library/BaseCryptLib/SysCall/CrtWrapper.c | 27 ---
 .../SysCall/UnitTestHostCrtWrapper.c  | 25 -
 2 files changed, 52 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c 
b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
index b65d29485b..6d7ac3efdc 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
@@ -472,33 +472,6 @@ fwrite (
   return 0;
 }
 
-//
-//  -- Dummy OpenSSL Support Routines --
-//
-
-int
-BIO_printf (
-  void*bio,
-  const char  *format,
-  ...
-  )
-{
-  return 0;
-}
-
-int
-BIO_snprintf (
-  char*buf,
-  size_t  n,
-  const char  *format,
-  ...
-  )
-{
-  // Because the function does not actually print anything to buf, it returns 
-1 as error.
-  // Otherwise, the consumer may think that the buf is valid and parse the 
buffer.
-  return -1;
-}
-
 #ifdef __GNUC__
 
 typedef
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/UnitTestHostCrtWrapper.c 
b/CryptoPkg/Library/BaseCryptLib/SysCall/UnitTestHostCrtWrapper.c
index 066d53e4fa..244e57437e 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/UnitTestHostCrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/UnitTestHostCrtWrapper.c
@@ -72,31 +72,6 @@ sscanf (
   return 0;
 }
 
-//
-//  -- Dummy OpenSSL Support Routines --
-//
-
-int
-BIO_printf (
-  void*bio,
-  const char  *format,
-  ...
-  )
-{
-  return 0;
-}
-
-int
-BIO_snprintf (
-  char*buf,
-  size_t  n,
-  const char  *format,
-  ...
-  )
-{
-  return 0;
-}
-
 uid_t
 getuid (
   void
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107489): https://edk2.groups.io/g/devel/message/107489
Mute This Topic: https://groups.io/mt/100520583/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 07/29] CryptoPkg/BaseCryptLib: adapt CryptSm3.c to openssl 3.0 changes.

[Li, Yi]

From: Gerd Hoffmann 

Functions have been renamed.

Signed-off-by: Gerd Hoffmann 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c 
b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
index bbbc1e56f2..03b168b9e2 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 
 #include "InternalCryptLib.h"
-#include "crypto/sm3.h"
+#include "internal/sm3.h"
 
 /**
   Retrieves the size, in bytes, of the context buffer required for SM3 hash 
operations.
@@ -55,7 +55,7 @@ Sm3Init (
   //
   // Openssl SM3 Context Initialization
   //
-  sm3_init ((SM3_CTX *)Sm3Context);
+  ossl_sm3_init ((SM3_CTX *)Sm3Context);
   return TRUE;
 }
 
@@ -136,7 +136,7 @@ Sm3Update (
   //
   // Openssl SM3 Hash Update
   //
-  sm3_update ((SM3_CTX *)Sm3Context, Data, DataSize);
+  ossl_sm3_update ((SM3_CTX *)Sm3Context, Data, DataSize);
 
   return TRUE;
 }
@@ -178,7 +178,7 @@ Sm3Final (
   //
   // Openssl SM3 Hash Finalization
   //
-  sm3_final (HashValue, (SM3_CTX *)Sm3Context);
+  ossl_sm3_final (HashValue, (SM3_CTX *)Sm3Context);
 
   return TRUE;
 }
@@ -225,11 +225,11 @@ Sm3HashAll (
   //
   // SM3 Hash Computation.
   //
-  sm3_init ();
+  ossl_sm3_init ();
 
-  sm3_update (, Data, DataSize);
+  ossl_sm3_update (, Data, DataSize);
 
-  sm3_final (HashValue, );
+  ossl_sm3_final (HashValue, );
 
   return TRUE;
 }
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107488): https://edk2.groups.io/g/devel/message/107488
Mute This Topic: https://groups.io/mt/100520582/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 06/29] CryptoPkg/BaseCryptLib: no openssl deprecation warnings please

[Li, Yi]

From: Gerd Hoffmann 

Stop using deprecated interfaces is left as exercise for another day.
So please don't warn for now so -Werror builds can work.

Signed-off-by: Gerd Hoffmann 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h 
b/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
index 3412acc676..477e3ae5f1 100644
--- a/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
+++ b/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h
@@ -20,6 +20,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 
 #include "CrtLibSupport.h"
 
+#define OPENSSL_NO_DEPRECATED  0
+
 #include 
 
 #if OPENSSL_VERSION_NUMBER < 0x1010L
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107487): https://edk2.groups.io/g/devel/message/107487
Mute This Topic: https://groups.io/mt/100520581/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 03/29] CryptoPkg/openssl: update Openssl*.inf files for openssl 3.0

[Li, Yi]

From: Gerd Hoffmann 

The configure workflow as changed, see the commit adding the configure
script for details.  Adapt the *.inf files to the changes.  The
configuration define handling has changed a bit.  The new configure
script will build a single per-arch file list, which simplifies the
Accel configs.

Signed-off-by: Gerd Hoffmann 
Signed-off-by: Yi Li 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/CryptoPkg.dec   |  4 +++
 CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 21 ++--
 .../Library/OpensslLib/OpensslLibAccel.inf| 33 +--
 .../Library/OpensslLib/OpensslLibCrypto.inf   | 21 ++--
 .../Library/OpensslLib/OpensslLibFull.inf | 19 ++-
 .../OpensslLib/OpensslLibFullAccel.inf| 30 -
 6 files changed, 64 insertions(+), 64 deletions(-)

diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index e20a5e9c38..0c7d16109b 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -23,6 +23,10 @@
   Private
   Library/Include
   Library/OpensslLib/openssl/include
+  Library/OpensslLib/openssl/providers/common/include
+  Library/OpensslLib/openssl/providers/implementations/include
+  Library/OpensslLib/OpensslGen/include
+  Library/OpensslLib/OpensslGen/providers/common/include
 
 [LibraryClasses]
   ##  @libraryclass  Provides basic library functions for cryptographic 
primitives.
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 9cf4344b4b..9c922d0f49 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -19,8 +19,9 @@
   CONSTRUCTOR= OpensslLibConstructor
 
   DEFINE OPENSSL_PATH= openssl
-  DEFINE OPENSSL_FLAGS   = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT 
-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_EC 
-DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_TLS1_3 -DOPENSSL_NO_SM2 
-DOPENSSL_NO_ASM
-  DEFINE OPENSSL_FLAGS_CONFIG=
+  DEFINE OPENSSL_GEN_PATH= OpensslGen
+  DEFINE OPENSSL_FLAGS   = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT 
-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DEDK2_OPENSSL_NOEC=1 
-DOPENSSL_NO_ASM
+  DEFINE OPENSSL_FLAGS_NOASM =
 
 #
 #  VALID_ARCHITECTURES   = IA32 X64 ARM AARCH64
@@ -68,8 +69,8 @@
   #   C4706: assignment within conditional expression
   #   C4819: The file contains a character that cannot be represented in the 
current code page
   #
-  MSFT:*_*_IA32_CC_FLAGS   = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 
/wd4389 /wd4700 /wd4702 /wd4706 /wd4819
-  MSFT:*_*_X64_CC_FLAGS= -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 
/wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
+  MSFT:*_*_IA32_CC_FLAGS   = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_NOASM) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 
/wd4389 /wd4700 /wd4702 /wd4706 /wd4819
+  MSFT:*_*_X64_CC_FLAGS= -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_NOASM) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 
/wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
 
   #
   # Disable following Visual Studio 2015 compiler warnings brought by openssl 
source,
@@ -79,8 +80,8 @@
   MSFT:*_VS2015x86_IA32_CC_FLAGS = /wd4718
   MSFT:*_VS2015x86_X64_CC_FLAGS  = /wd4718
 
-  INTEL:*_*_IA32_CC_FLAGS  = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC 
$(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
-  INTEL:*_*_X64_CC_FLAGS   = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC 
$(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
+  INTEL:*_*_IA32_CC_FLAGS  = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC 
$(OPENSSL_FLAGS) $(OPENSSL_FLAGS_NOASM) /w
+  INTEL:*_*_X64_CC_FLAGS   = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC 
$(OPENSSL_FLAGS) $(OPENSSL_FLAGS_NOASM) /w
 
   #
   # Suppress the following build warnings in openssl so we don't break the 
build with -Werror
@@ -89,8 +90,8 @@
   #   types appropriate to the format string specified.
   #   -Werror=unused-but-set-variable: Warn whenever a local variable is 
assigned to, but otherwise unused (aside from its declaration).
   #
-  GCC:*_*_IA32_CC_FLAGS= -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized 
-Wno-error=unused-but-set-variable
-  GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format 
-Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
+  GCC:*_*_IA32_CC_FLAGS= -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_NOASM) -Wno-error=maybe-uninitialized 
-Wno-error=unused-but-set-variable
+  GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) 
$(OPENSSL_FLAGS_NOASM) -Wno-error=maybe-uninitialized 

[edk2-devel] [PATCH V2 04/29] CryptoPkg/openssl: add openssl3 configure scripts

[Li, Yi]

From: Gerd Hoffmann 

Rewrite the script to configure openssl 3.0 from scratch.  It's two
scripts now:

 * Tiny helper script, dumping the perl configdata as json.
 * Actual configure.py script, written in python, which copies over
   the generated files to openssl-gen and updates the OpensslLib*.inf
   file lists and build flags.

The configuration workflow has changed a bit:

 * All generated files are stored in the OpensslGen directory tree.
 * For ec/no-ec builds two different header files are used.  Default is
   the ec variant, and the new EDK2_OPENSSL_NOEC define is used to
   select the no-ec build.  A five line wrapper include is used to pick
   the one or the other.
 * For non-accel builds -DOPENSSL_NO_ASM on the command line is used
   (same as before).
 * For configration defines the OPENSSL_FLAGS_$(variant) variable is
   used, where variant is the architecture for the accelerated builds
   and 'NOASM' for the non-accelerated builds.

Signed-off-by: Gerd Hoffmann 
Signed-off-by: Yi Li 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 .../Library/OpensslLib/OpenSSL-HOWTO.txt  |   4 +-
 CryptoPkg/Library/OpensslLib/configure.py | 395 ++
 CryptoPkg/Library/OpensslLib/perl2json.pl |  19 +
 3 files changed, 416 insertions(+), 2 deletions(-)
 create mode 100755 CryptoPkg/Library/OpensslLib/configure.py
 create mode 100755 CryptoPkg/Library/OpensslLib/perl2json.pl

diff --git a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt 
b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
index e52ee27b49..fff47d9f6b 100644
--- a/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
+++ b/CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
@@ -28,9 +28,9 @@ on the cryptography.
 refer to edk2/Readme.md for how to clone the code.
 
 =
-  About process_files.pl
+  About configure.py
 =
-  "process_files.pl" is one Perl script which runs the OpenSSL Configure,
+  "configure.py" is one python script which runs the OpenSSL Configure,
 then processes the resulting file list into our local OpensslLib.inf and
 OpensslLibCrypto.inf.
   This only needs to be done once by the maintainer / developer when
diff --git a/CryptoPkg/Library/OpensslLib/configure.py 
b/CryptoPkg/Library/OpensslLib/configure.py
new file mode 100755
index 00..fc7f16ddb9
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/configure.py
@@ -0,0 +1,395 @@
+#!/usr/bin/python3
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+import os
+import sys
+import json
+import shutil
+import pprint
+import argparse
+import subprocess
+
+def openssl_configure(openssldir, target, ec = True):
+""" Run openssl Configure script. """
+cmdline = [
+'perl',
+'Configure',
+'--config=../UefiAsm.conf',
+'--api=1.1.1',
+'--with-rand-seed=none',
+target,
+'no-afalgeng',
+'no-aria',
+'no-async',
+'no-autoerrinit',
+'no-autoload-config',
+'no-bf',
+'no-blake2',
+'no-camellia',
+'no-capieng',
+'no-cast',
+'no-chacha',
+'no-cmac',
+'no-cmp',
+'no-cms',
+'no-ct',
+'no-deprecated',
+'no-des',
+'no-dgram',
+'no-dsa',
+'no-dso',
+'no-dtls',
+'no-dtls1-method',
+'no-dtls1_2-method',
+'no-dynamic-engine',
+'no-ec2m',
+'no-engine',
+'no-err',
+'no-filenames',
+'no-gost',
+'no-hw',
+'no-idea',
+'no-ktls',
+'no-makedepend',
+'no-module',
+'no-md4',
+'no-mdc2',
+'no-multiblock',
+'no-nextprotoneg',
+'no-pic',
+'no-psk',
+'no-ocb',
+'no-ocsp',
+'no-padlockeng',
+'no-poly1305',
+'no-posix-io',
+'no-rc2',
+'no-rc4',
+'no-rc5',
+'no-rfc3779',
+'no-rmd160',
+'no-scrypt',
+'no-seed',
+'no-shared',
+'no-siphash',
+'no-siv',
+'no-sm2',
+'no-sm4',
+'no-sock',
+'no-srp',
+'no-srtp',
+'no-ssl',
+'no-ssl3-method',
+'no-ssl-trace',
+'no-static-engine',
+'no-stdio',
+'no-threads',
+'no-tls1_3',
+'no-ts',
+'no-ui-console',
+'no-whirlpool',
+'disable-legacy',
+]
+if not ec:
+cmdline += [ 'no-ec', ]
+print('')
+print(f'# -*-  configure openssl for {target} (ec={ec})  -*-')
+rc = subprocess.run(cmdline, cwd = openssldir,
+stdout = subprocess.PIPE,
+stderr = subprocess.PIPE)
+if rc.returncode:
+print(rc.stdout)
+print(rc.stderr)
+sys.exit(rc.returncode)
+
+def 

[edk2-devel] [PATCH V2 05/29] CryptoPkg/openssl: UefiAsm.conf update for openssl 3.0

[Li, Yi]

From: Gerd Hoffmann 

New naming convention for the configs:  UEFI-${efiarch}-${compiler}.

Signed-off-by: Gerd Hoffmann 
Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
---
 CryptoPkg/Library/OpensslLib/UefiAsm.conf | 41 +++
 1 file changed, 12 insertions(+), 29 deletions(-)

diff --git a/CryptoPkg/Library/OpensslLib/UefiAsm.conf 
b/CryptoPkg/Library/OpensslLib/UefiAsm.conf
index c3940b5886..907582f93e 100644
--- a/CryptoPkg/Library/OpensslLib/UefiAsm.conf
+++ b/CryptoPkg/Library/OpensslLib/UefiAsm.conf
@@ -8,41 +8,24 @@
 ##
 
 my %targets = (
- UEFI
-"UEFI-x86" => {
-perlasm_scheme  => "win32n",
-# inherit_from=> [ "UEFI",  asm("x86_asm") ],
+"UEFI-IA32-MSFT" => {
 inherit_from=> [ "UEFI" ],
-cpuid_asm_src   => "x86cpuid.s",
-aes_asm_src => "aes_core.c aes_cbc.c vpaes-x86.s aesni-x86.s",
-sha1_asm_src=> "sha1-586.s sha256-586.s sha512-586.s",
-modes_asm_src   => "ghash-x86.s",
+perlasm_scheme  => "win32n",
+asm_arch=> "x86",
 },
-"UEFI-x86-GCC" => {
-perlasm_scheme  => "elf",
-# inherit_from=> [ "UEFI",  asm("x86_asm") ],
+"UEFI-IA32-GCC" => {
 inherit_from=> [ "UEFI" ],
-cpuid_asm_src   => "x86cpuid.s",
-aes_asm_src => "aes_core.c aes_cbc.c vpaes-x86.s aesni-x86.s",
-sha1_asm_src=> "sha1-586.s sha256-586.s sha512-586.s",
-modes_asm_src   => "ghash-x86.s",
+perlasm_scheme  => "elf",
+asm_arch=> "x86",
 },
-"UEFI-x86_64" => {
-perlasm_scheme  => "nasm",
-# inherit_from=> [ "UEFI",  asm("x86_64_asm") ],
+"UEFI-X64-MSFT" => {
 inherit_from=> [ "UEFI" ],
-cpuid_asm_src   => "x86_64cpuid.s",
-aes_asm_src => "aes_core.c aes_cbc.c vpaes-x86_64.s aesni-x86_64.s 
aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
-sha1_asm_src=> "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s 
sha1-mb-x86_64.s sha256-mb-x86_64.s",
-modes_asm_src   => "ghash-x86_64.s aesni-gcm-x86_64.s",
+perlasm_scheme  => "nasm",
+asm_arch=> "x86_64",
 },
-"UEFI-x86_64-GCC" => {
-perlasm_scheme  => "elf",
-# inherit_from=> [ "UEFI",  asm("x86_64_asm") ],
+"UEFI-X64-GCC" => {
 inherit_from=> [ "UEFI" ],
-cpuid_asm_src   => "x86_64cpuid.s",
-aes_asm_src => "aes_core.c aes_cbc.c vpaes-x86_64.s aesni-x86_64.s 
aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
-sha1_asm_src=> "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s 
sha1-mb-x86_64.s sha256-mb-x86_64.s",
-modes_asm_src   => "ghash-x86_64.s aesni-gcm-x86_64.s",
+perlasm_scheme  => "elf",
+asm_arch=> "x86_64",
 },
 );
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107486): https://edk2.groups.io/g/devel/message/107486
Mute This Topic: https://groups.io/mt/100520580/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 00/29] CryptoPkg: Update OpenSSL submodule to 3.0.9

[Li, Yi]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3466

According to https://www.OpenSSL.org/policies/releasestrat.html,
OpenSSL Version 1.1.1 will be supported until 2023-09-11 (LTS).
Need to upgrade OpenSsl to 3.0.9 before 1.1.1 support stopping.

PR: https://github.com/tianocore/edk2/pull/4692

V2 Change:
CryptoPkg: use UEFI provider as default:
Fix typo of kdf provider.

Cc: Jiewen Yao 
Cc: Xiaoyu Lu 
Cc: Guomin Jiang 
Cc: Gerd Hoffmann 

Gerd Hoffmann (15):
  CryptoPkg/openssl: update submodule to openssl-3.0.9
  CryptoPkg/openssl: cleanup all openssl1.1.1 generated files and code
  CryptoPkg/openssl: update Openssl*.inf files for openssl 3.0
  CryptoPkg/openssl: add openssl3 configure scripts
  CryptoPkg/openssl: UefiAsm.conf update for openssl 3.0
  CryptoPkg/BaseCryptLib: no openssl deprecation warnings please
  CryptoPkg/BaseCryptLib: adapt CryptSm3.c to openssl 3.0 changes.
  CryptoPkg/BaseCryptLib: drop BIO_* dummy functions
  CryptoPkg/TlsLib: ERR_GET_FUNC is gone
  CryptoPkg/openssl: adapt rand_pool.c to openssl 3.0 changes
  CryptoPkg/openssl: move compiler_flags to buildinf.c
  CryptoPkg/openssl: store dummy update for openssl 3.0
  CryptoPkg/openssl: adapt EcSm2Null.c for openssl 3.0
  CryptoPkg/TlsLib: use unsigned long for ErrorCode
  CryptoPkg/openssl: update CI config for openssl 3.0

Yi Li (14):
  CryptoPkg: Move all UEFI implement of openssl to OpensslStub
  CryptoPkg: use UEFI provider as default
  CryptoPkg: adapt 3.0 change in SslNull.c
  CryptoPkg: Add instrinsics to support building openssl3 on IA32
windows
  CryptoPkg: disable C4133 warning in openssl libraries
  CryptoPkg: Align with 4096 when build with OpensslFullAccel
  CryptoPkg: Enable memcpy sys call in RISCV64 build
  CryptoPkg: add missing gcc instructions
  CryptoPkg: add define of maximum unsigned size_t
  CryptoPkg: add implemention of _ftol2_sse() to avoid build error
  CryptoPkg: add more dummy implement of openssl for size optimization
  CryptoPkg: run configure.py to update all generated files
  CryptoPkg: remove strcmp to syscall
  CryptoPkg: remove BN and EC accel for size optimization

 CryptoPkg/CryptoPkg.ci.yaml   |   54 +-
 CryptoPkg/CryptoPkg.dec   |4 +
 CryptoPkg/CryptoPkg.dsc   |   12 +-
 .../Library/BaseCryptLib/Hash/CryptSm3.c  |   14 +-
 .../Library/BaseCryptLib/InternalCryptLib.h   |2 +
 .../Library/BaseCryptLib/SysCall/CrtWrapper.c |   36 +-
 .../SysCall/UnitTestHostCrtWrapper.c  |   25 -
 CryptoPkg/Library/Include/CrtLibSupport.h |1 +
 .../Library/Include/openssl/opensslconf.h |  333 -
 .../IntrinsicLib/Ia32/MathDivModU64x64.c  |   23 +
 .../Library/IntrinsicLib/Ia32/MathDivS64x64.c |   22 +
 .../Library/IntrinsicLib/Ia32/MathDivU64x64.c |   22 +
 .../Library/IntrinsicLib/Ia32/MathFtol.c  |   12 +
 .../Library/IntrinsicLib/Ia32/MathLldiv.asm   |  203 +
 .../Library/IntrinsicLib/Ia32/MathModU64x64.c |   26 +
 .../Library/IntrinsicLib/Ia32/MathUlldiv.asm  |  157 +
 .../Library/IntrinsicLib/Ia32/MathUlldvrm.asm |  184 +
 .../Library/IntrinsicLib/Ia32/MathUllrem.asm  |  163 +
 .../Library/IntrinsicLib/IntrinsicLib.inf |   11 +-
 .../Library/IntrinsicLib/MemoryIntrinsics.c   |9 -
 .../IA32/crypto/modes/ghash-x86.nasm  |  700 --
 .../OpensslLib/IA32/crypto/sha/sha1-586.nasm  | 1394 ---
 .../IA32/crypto/sha/sha256-586.nasm   | 3364 ---
 .../IA32/crypto/sha/sha512-586.nasm   |  579 --
 .../IA32Gcc/crypto/modes/ghash-x86.S  |  703 --
 .../OpensslLib/IA32Gcc/crypto/sha/sha1-586.S  | 1389 ---
 .../IA32Gcc/crypto/sha/sha256-586.S   | 3356 ---
 .../IA32Gcc/crypto/sha/sha512-586.S   |  574 --
 .../Library/OpensslLib/OpenSSL-HOWTO.txt  |4 +-
 .../OpensslGen/IA32-GCC/crypto/aes/aes-586.S  | 3320 +++
 .../IA32-GCC}/crypto/aes/aesni-x86.S  |  141 +-
 .../IA32-GCC}/crypto/aes/vpaes-x86.S  |   92 +-
 .../OpensslGen/IA32-GCC/crypto/bn/bn-586.S| 1572 
 .../OpensslGen/IA32-GCC/crypto/bn/co-586.S| 1290 +++
 .../OpensslGen/IA32-GCC/crypto/bn/x86-gf2m.S  |  374 +
 .../OpensslGen/IA32-GCC/crypto/bn/x86-mont.S  |  494 +
 .../IA32-GCC/crypto/ec/ecp_nistz256-x86.S | 5290 +++
 .../OpensslGen/IA32-GCC/crypto/md5/md5-586.S  |  700 ++
 .../IA32-GCC/crypto/modes/ghash-x86.S | 1316 +++
 .../OpensslGen/IA32-GCC/crypto/sha/sha1-586.S | 4006 
 .../IA32-GCC/crypto/sha/sha256-586.S  | 6804 ++
 .../IA32-GCC/crypto/sha/sha512-586.S  | 2850 ++
 .../IA32-GCC}/crypto/x86cpuid.S   |  252 +-
 .../IA32-MSFT/crypto/aes/aes-586.nasm | 3211 +++
 .../IA32-MSFT}/crypto/aes/aesni-x86.nasm  |   14 +-
 .../IA32-MSFT}/crypto/aes/vpaes-x86.nasm  |   10 -
 .../IA32-MSFT/crypto/bn/bn-586.nasm   | 1515 +++
 .../IA32-MSFT/crypto/bn/co-586.nasm   | 1252 +++
 .../IA32-MSFT/crypto/bn/x86-gf2m.nasm |  345 +
 .../IA32-MSFT/crypto/bn/x86-mont.nasm