Hi, > 3. If 1 or 2 can success, we can replace openssl 1.1 with one crypto lib. > If both 1 and 2 fail, we may use *dual-crypto module*. For example: mbedtls > for PEI and openssl3.0 for DXE. > The source code size will become larger, more time to download the tree.
Suggestions how to do that best, ideally without duplicating CryptoPkg for that? A while back I've tried to add openssl-3 in parallel to openssl-11, with the idea to allow projects picking the one or the other, and quicky ran into problems because apparently libraries can't add include directories. Only packages can do that (see Includes.Common.Private in CryptoPkg/CryptoPkg.dec which adds Library/OpensslLib/openssl/include). take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99796): https://edk2.groups.io/g/devel/message/99796 Mute This Topic: https://groups.io/mt/96741156/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
