Thanks for your information,
1.See also https://edk2.groups.io/g/devel/message/87130 & followups.
git branch here: https://github.com/kraxel/edk2/commits/intrinsics
It's good to me, make code more clear.
2. Jiewen (Cc'ed) suggested to look into using CryptoPkg/Driver instead of
linking openssl as Library, so we have only one copy of the code. Not
investigated yet.
Does it means OvmfPkg will use CryptDxe instead of BaseCryptoLib and OpensslLib
directly? Sounds will be a big change.
Or a separate ECC Driver such CryptEcDxe and still use BaseCryptoLib and
OpensslLib?
I would like to point out that once we close macro OPENSSL_NO_EC, The size of
Openssllib will inevitably increase due to some enabled feature and exceed
limit of Ovmf,
Such in x509_vry.c:
static int check_curve(X509 *cert)
{
#ifndef OPENSSL_NO_EC
EVP_PKEY *pkey = X509_get0_pubkey(cert);
/* Unsupported or malformed key */
if (pkey == NULL)
return -1;
if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
int ret;
ret = EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY(pkey));
return ret < 0 ? ret : !ret;
}
#endif
3. Also: what do you need ecc support for?
WPA3 needs ECC's support, and I think Vineel's work will be the foundation.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3828
Thanks!
Yi Li
-----Original Message-----
From: Gerd Hoffmann <[email protected]>
Sent: Tuesday, March 1, 2022 10:05 PM
To: [email protected]; Li, Yi1 <[email protected]>
Cc: Kovvuri, Vineel <[email protected]>; Yao, Jiewen <[email protected]>
Subject: Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic
curve chipher algorithms
> CryptoPkg: Add instrinsics to support building ECC on IA32 windows
See also https://edk2.groups.io/g/devel/message/87130 & followups.
git branch here: https://github.com/kraxel/edk2/commits/intrinsics
> OvmfPkg: Increase DXEFV size to accommodate ECC ciphers related
> changes
Changing flash size breaks backward compatibility, so this is a problem.
openssl3 porting runs into this too, not solved yet.
Jiewen (Cc'ed) suggested to look into using CryptoPkg/Driver instead of linking
openssl as Library, so we have only one copy of the code. Not investigated yet.
Also: what do you need ecc support for?
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#87188): https://edk2.groups.io/g/devel/message/87188
Mute This Topic: https://groups.io/mt/86257810/21656
Group Owner: [email protected]
Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
