[edk2-devel] [PATCH 0/2] Add DECLARE_LENGTH opcode of dependency expression

Mantis: https://mantis.uefi.org/mantis/view.php?id=2025 To avoid messy parsing of the Depex section of a Capsule, it would be a lot easier for everyone involved if we preceded the Capsule Depex Section with a length declaration. It provides simple bounds checking to avoid having to parse the op-co

[edk2-devel] [PATCH 1/2] MdePkg: Add DECLARE_LENGTH opcode of dependency expression

Mantis: https://mantis.uefi.org/mantis/view.php?id=2025 To avoid messy parsing of the Depex section of a Capsule, it would be a lot easier for everyone involved if we preceded the Capsule Depex Section with a length declaration. It provides simple bounds checking to avoid having to parse the op-co

[edk2-devel] [PATCH 2/2] FmpDevicePkg: Add DECLARE_LENGTH opcode of dependency expression

Mantis: https://mantis.uefi.org/mantis/view.php?id=2025 To avoid messy parsing of the Depex section of a Capsule, it would be a lot easier for everyone involved if we preceded the Capsule Depex Section with a length declaration. It provides simple bounds checking to avoid having to parse the op-co

[edk2-devel] [PATCH V2 0/2] Add DECLARE_LENGTH opcode of dependency expression

To avoid messy parsing of the Depex section of a Capsule, it would be a lot easier for everyone involved if we preceded the Capsule Depex Section with a length declaration. It provides simple bounds checking to avoid having to parse the op-codes, but in the case of a malformed depex being parsed, a

[edk2-devel] [PATCH V2 1/2] MdePkg: Add DECLARE_LENGTH opcode of dependency expression

To avoid messy parsing of the Depex section of a Capsule, it would be a lot easier for everyone involved if we preceded the Capsule Depex Section with a length declaration. It provides simple bounds checking to avoid having to parse the op-codes, but in the case of a malformed depex being parsed, a

[edk2-devel] [PATCH V2 2/2] FmpDevicePkg: Add DECLARE_LENGTH opcode of dependency expression

To avoid messy parsing of the Depex section of a Capsule, it would be a lot easier for everyone involved if we preceded the Capsule Depex Section with a length declaration. It provides simple bounds checking to avoid having to parse the op-codes, but in the case of a malformed depex being parsed, a

[edk2-devel] [PATCH 0/2] Update keybaord map based on UEFI spec 2.10

REF: UEFI SPEC 2.10 34.8.10 EFI_KEY Add EfiKeyIntl0-9. Signed-off-by: Yi Li Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Rebecca Cran Cc: Liming Gao Cc: Bob Feng Cc: Yuwei Chen Yi Li (2): MdePkg: Update keybaord map based on UEFI spec 2.10 BaseTools: Update keybaord map

[edk2-devel] [PATCH 1/2] MdePkg: Update keybaord map based on UEFI spec 2.10

REF: UEFI SPEC 2.10 34.8.10 EFI_KEY Add EfiKeyIntl0-9. Signed-off-by: Yi Li Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu --- MdePkg/Include/Uefi/UefiInternalFormRepresentation.h | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/MdePkg/Include/Uefi/Uefi

[edk2-devel] [PATCH 2/2] BaseTools: Update keybaord map based on UEFI spec 2.10

REF: UEFI SPEC 2.10 34.8.10 EFI_KEY Add EfiKeyIntl0-9. Signed-off-by: Yi Li Cc: Rebecca Cran Cc: Liming Gao Cc: Bob Feng Cc: Yuwei Chen --- .../Include/Common/UefiInternalFormRepresentation.h | 12 +++- BaseTools/Source/C/Include/Protocol/HiiFramework.h | 12 +++- 2 file

[edk2-devel] [PATCH V2 0/2] Update keybaord map based on UEFI spec 2.10

REF: UEFI SPEC 2.10 34.8.10 EFI_KEY Add EfiKeyIntl0-9. Signed-off-by: Yi Li v2: Remove changes in HiiFramework.h because it should follow HII spec. Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Rebecca Cran Cc: Liming Gao Cc: Bob Feng Cc: Yuwei Chen Yi Li (2): MdePkg: Upda

[edk2-devel] [PATCH V2 1/2] MdePkg: Update keybaord map based on UEFI spec 2.10

REF: UEFI SPEC 2.10 34.8.10 EFI_KEY Add EfiKeyIntl0-9. Signed-off-by: Yi Li Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu --- MdePkg/Include/Uefi/UefiInternalFormRepresentation.h | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/MdePkg/Include/Uefi/Uefi

[edk2-devel] [PATCH V2 2/2] BaseTools: Update keybaord map based on UEFI spec 2.10

REF: UEFI SPEC 2.10 34.8.10 EFI_KEY Add EfiKeyIntl0-9. Signed-off-by: Yi Li Cc: Rebecca Cran Cc: Liming Gao Cc: Bob Feng Cc: Yuwei Chen --- .../Include/Common/UefiInternalFormRepresentation.h | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/BaseTools/Source

Re: [edk2-devel] [PATCH 2/2] BaseTools: Update keybaord map based on UEFI spec 2.10

Thanks for your review, patch updated. Regards, Yi -Original Message- From: gaoliming Sent: Saturday, December 23, 2023 10:16 AM To: Li, Yi1 ; devel@edk2.groups.io Cc: 'Rebecca Cran' ; Feng, Bob C ; Chen, Christine Subject: 回复: [PATCH 2/2] BaseTools: Update keybaord map based on UEFI

Re: [edk2-devel] [PATCH V2 0/2] Add DECLARE_LENGTH opcode of dependency expression

Hello, any comments about this patch series? -Original Message- From: devel@edk2.groups.io On Behalf Of Li, Yi Sent: Wednesday, December 20, 2023 9:55 AM To: devel@edk2.groups.io Cc: Li, Yi1 ; Kinney, Michael D ; Gao, Liming ; Liu, Zhiguang ; Xu, Wei6 Subject: [edk2-devel] [PATCH V2 0

Re: [edk2-devel] [PATCH V2 0/2] Update keybaord map based on UEFI spec 2.10

Hello, any comments about this patch series? -Original Message- From: devel@edk2.groups.io On Behalf Of Li, Yi Sent: Monday, December 25, 2023 10:23 AM To: devel@edk2.groups.io Cc: Li, Yi1 ; Kinney, Michael D ; Gao, Liming ; Liu, Zhiguang ; Rebecca Cran ; Feng, Bob C ; Chen, Christine

Re: [edk2-devel] [PATCH V2 0/2] Add DECLARE_LENGTH opcode of dependency expression

Hi Liming, I created a PR and CI passed, could you help merge it? https://github.com/tianocore/edk2/pull/5210 Thanks, Yi -Original Message- From: gaoliming Sent: Wednesday, January 3, 2024 8:52 AM To: Xu, Wei6 ; Li, Yi1 ; devel@edk2.groups.io Cc: Kinney, Michael D ; Liu, Zhiguang Su

Re: [edk2-devel] [PATCH 1/1] CryptoPkg: move define to CrtLibSupport

Looks good to me. Reviewed-by: Yi Li -Original Message- From: Hou, Wenxing Sent: Thursday, January 4, 2024 4:20 PM To: devel@edk2.groups.io Cc: Yao, Jiewen ; Li, Yi1 ; Jiang, Guomin Subject: [PATCH 1/1] CryptoPkg: move define to CrtLibSupport REF:https://bugzilla.tianocore.org/sh

Re: [edk2-devel] [PATCH 1/1] CryptoPkg: fix gcc build fail for CryptoPkgMbedtls

Hi, > disabling it can reduce code size in some embedded targets. Could you provide size change after/before this define enabled? Thanks, Yi -Original Message- From: Hou, Wenxing Sent: Thursday, January 4, 2024 4:34 PM To: devel@edk2.groups.io Cc: Yao, Jiewen ; Li, Yi1 ; Jiang, Guomin

Re: [edk2-devel] [PATCH 1/1] CryptoPkg: fix gcc build fail for CryptoPkgMbedtls

Sounds good, thank you. Reviewed-by: Yi Li -Original Message- From: Hou, Wenxing Sent: Monday, January 8, 2024 4:23 PM To: Li, Yi1 ; devel@edk2.groups.io Cc: Yao, Jiewen ; Jiang, Guomin Subject: RE: [PATCH 1/1] CryptoPkg: fix gcc build fail for CryptoPkgMbedtls Hi, For VS build, the

Re: [edk2-devel] [PATCH V2 0/2] Update keybaord map based on UEFI spec 2.10

Thanks! I created a PR: https://github.com/tianocore/edk2/pull/5187 Could you help push it? And there is another PR which reviewed by you and Wei: https://github.com/tianocore/edk2/pull/5210 -Original Message- From: gaoliming Sent: Monday, January 8, 2024 9:16 AM To: Li, Yi1 ; devel@ed

Re: [edk2-devel] [PATCH] CryptoPkg: change the define

Hi, this title is too simple. Please change it to CryptoPkg: Fix redefinition error of int defines -Original Message- From: Hou, Wenxing Sent: Wednesday, January 10, 2024 7:16 PM To: devel@edk2.groups.io Cc: Yao, Jiewen ; Li, Yi1 ; Jiang, Guomin Subject: [PATCH] CryptoPkg: change the d

Re: [edk2-devel] [PATCH v2] CryptoPkg: Fix redefinition error of int defines

Looks good to me. Reviewed-by: Yi Li -Original Message- From: Hou, Wenxing Sent: Wednesday, January 10, 2024 7:36 PM To: devel@edk2.groups.io Cc: Yao, Jiewen ; Li, Yi1 ; Jiang, Guomin Subject: [PATCH v2] CryptoPkg: Fix redefinition error of int defines REF:https://bugzilla.tianoc

Re: [edk2-devel] [PATCH V2 0/2] Update keybaord map based on UEFI spec 2.10

Hi Liming, Could you help merge below patches which got your reviewed-by? Thanks! https://github.com/tianocore/edk2/pull/5210 https://github.com/tianocore/edk2/pull/5187 Regards, Yi -Original Message- From: gaoliming Sent: Monday, January 8, 2024 9:16 AM To: Li, Yi1 ; devel@edk2.grou

Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

Hi Jiewen, All EDK2 PR CI builds of OvmfPkg are broken due to this issue. Maybe we didn't have enough time to wait feedback and should fix the CI issue first. Regards, Yi -Original Message- From: devel@edk2.groups.io On Behalf Of Yao, Jiewen Sent: Tuesday, January 16, 2024 10:38 PM To:

Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

Hi Jiewen, Sounds strange, but new PRs in today all broken due to this issue, e.g.: https://github.com/tianocore/edk2/pull/5210 https://github.com/tianocore/edk2/pull/5268 I checked build log, it matched the description from Gerd: https://dev.azure.com/tianocore/11ea4a10-ac9f-4e5f-8b13-7def1f19d

Re: [edk2-devel] [PATCH] CryptoPkg: Add dummy inttypes header to fix clang build

Looks good to me. Reviewed-by: Yi Li -Original Message- From: Hou, Wenxing Sent: Saturday, January 20, 2024 9:45 PM To: devel@edk2.groups.io Cc: Yao, Jiewen ; Li, Yi1 ; Jiang, Guomin Subject: [PATCH] CryptoPkg: Add dummy inttypes header to fix clang build REF:https://bugzilla.tia

Re: [edk2-devel] [PATCH v1 0/7] CryptoPkg: Enable Openssl native instruction support for AARCH64

Hi Pierre, Could you share what tests you did and the test results? Regards, Yi -Original Message- From: Pierre Gondois Sent: Thursday, November 2, 2023 9:54 PM To: devel@edk2.groups.io Cc: Yao, Jiewen ; Li, Yi1 ; Lu, Xiaoyu1 ; Jiang, Guomin ; Leif Lindholm ; Ard Biesheuvel ; Sami M

[edk2-devel] [edk2-platforms][PATCH] MinPlatformPkg: should build Performance driver only when perf enabled

Should build FirmwarePerformancePei only when perf enabled. Avoiding unconditional compilation of performance PEI drivers can save 2KB(LZMA compressed) in PostMem FV, small but important. Cc: Chasel Chiu Cc: Nate DeSimone Cc: Liming Gao Cc: Eric Dong Signed-off-by: Yi Li --- .../MinPlatformP

Re: [edk2-devel] The API in BaseCryptLib can't seed the pseudorandom number generator properly

Hi Eddie, > the API in CryptPkg "RandomSeed()"(X64, in CryptRandTsc.c) always returned > false Does your code run in a XIP environment? Such like PreMemory stage or other cases. The setup of Randlib in OpenSsl 3.0 relies on global variables, so there may be an error if the global variables are

Re: [edk2-devel] The API in BaseCryptLib can't seed the pseudorandom number generator properly

kage did not include "OpensslLibCrypto.inf." Could it be connected to our problem? [cid:image001.png@01DA6B44.21876340] BR, Eddie Wang Li, Yi mailto:yi1...@intel.com>> 於 2024年2月20日 週二 上午9:49寫道： Hi Eddie, > the API in CryptPkg "RandomSeed()"(X64, in CryptRandTsc.c) alwa

Re: [edk2-devel] [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions

Hi Chris, 1. Please create a feature request BugZilla to introduce the background of the new API, such as purpose and application scenarios. 2. I took a quick look, the new API will make Pkcs1v2De/Encrypt support RsaContext input and the rest is same as old API right? Regards, Yi -Original

Re: [edk2-devel] [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions

Hi Chris, 1. Add BZ link to commit message, 2. Add null implementation of new APIs to BaseCryptLibMbedTls to avoid build error. For other comments please check the PR: https://github.com/tianocore/edk2/pull/5473 Regards, Yi -Original Message- From: Chris Ruffin Sent: Tuesday, March 1

Re: [edk2-devel] [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() function return value is not checked properly in CryptX509.c.

Hi, Please follow the correct upstream process to avoid Github CI errors. https://github.com/tianocore/tianocore.github.io/wiki/Laszlo%27s-unkempt-git-guide-for-edk2-contributors-and-maintainers#contributor-workflow You are missing your Sign-off and Cc maintainers in this patch, And please add BZ

Re: [edk2-devel] [PATCH 0/3] CryptoPkg: Optimize APIs in BaseCryptLibMbedTls

For this patch set: Looks good to me. Reviewed-by: Yi Li -Original Message- From: Hou, Wenxing Sent: Friday, March 29, 2024 10:33 AM To: devel@edk2.groups.io Cc: Yao, Jiewen ; Li, Yi1 Subject: [PATCH 0/3] CryptoPkg: Optimize APIs in BaseCryptLibMbedTls REF:https://bugzilla.tianocore.

Re: [edk2-devel] [PATCH v2 0/3] CryptoPkg/BaseCryptLib: add additional RSAES-OAEP crypto functions

Appreciate your efforts in optimization of unit test, for this patch set: Looks good to me. Reviewed-by: Yi Li -Original Message- From: devel@edk2.groups.io On Behalf Of Chris Ruffin via groups.io Sent: Sunday, March 31, 2024 6:00 AM To: devel@edk2.groups.io Cc: Chris Ruffin Subject:

Re: [edk2-devel] [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() function return value is not checked properly in CryptX509.c.

Hi, Please remove 'Reviewed-by: @yi1...@intel.com' and send V2 patch to devel@edk2.groups.io by send-email. Generate V2 patch: Add '--subject-prefix="PATCH V2" ' when you format patch: git format-patch --subject-prefix="PATCH V2" ... The content of patch looks good to me, will give you my Revi

Re: [edk2-devel] [PATCH v2 0/3] CryptoPkg/BaseCryptLib: add additional RSAES-OAEP crypto functions

Pushed: https://github.com/tianocore/edk2/pull/5532 Thanks, Yi -Original Message- From: Li, Yi1 Sent: Monday, April 1, 2024 9:46 AM To: devel@edk2.groups.io; cruf...@millcore.com Cc: Chris Ruffin ; Yao, Jiewen ; Hou, Wenxing Subject: RE: [edk2-devel] [PATCH v2 0/3] CryptoPkg/BaseCryptL

Re: [edk2-devel] [PATCH] Add SHA3/SM3 functions with openssl for Mbedtls

Adding a copy of BaseCryptLib/Sm3/Sha3 seems like a workaround to me. I prefer to use files directly from BaseCryptLib, such like: DEFINE BASE_CRYPT_PATH= ../BaseCryptLib [Sources] $(BASE_CRYPT_PATH)/Hash/CryptDispatchApDxe.c ... Then I think DummyOpensslSupport.c should not be ne

Re: [edk2-devel] [PATCH 5/9] CryptoPkg: Add Pkcs7 related functions based on Mbedtls

The pools used to store cert chain are not released properly, which will lead to memory leak problems Please ensure MbedtlsPkcs7SignedData.Certificates are handled correctly when: 1. error occurred in Pkcs7GetSigner/SignedData 2. Pkcs7Verify finished. Regards, Yi -Original Message- F

Re: [edk2-devel] [PATCH 0/9] Add more crypt APIs based on Mbedtls

I found some magic number and format issues, please check comments in your PR. Regards, Yi -Original Message- From: Hou, Wenxing Sent: Tuesday, April 16, 2024 3:51 PM To: devel@edk2.groups.io Cc: Yao, Jiewen ; Li, Yi1 Subject: [PATCH 0/9] Add more crypt APIs based on Mbedtls REF: http

Re: [edk2-devel] [PATCH v2] Add SHA3/SM3 functions with openssl for Mbedtls

Looks good to me. Reviewed-by: Yi Li -Original Message- From: Hou, Wenxing Sent: Wednesday, April 24, 2024 4:25 PM To: devel@edk2.groups.io Cc: Yao, Jiewen ; Li, Yi1 Subject: [PATCH v2] Add SHA3/SM3 functions with openssl for Mbedtls REF: https://bugzilla.tianocore.org/show_bug.cgi?

Re: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

For this patch set: Looks good to me. Reviewed-by: Yi Li -Original Message- From: Hou, Wenxing Sent: Thursday, May 9, 2024 2:27 PM To: devel@edk2.groups.io Cc: Yao, Jiewen ; Li, Yi1 Subject: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls REF: https://bugzilla.tianocore.org/sh

Re: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

; devel@edk2.groups.io Cc: Yao, Jiewen ; gaoliming Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls Hi, Thanks for your feedback. The new PR is: https://github.com/tianocore/edk2/pull/5645 Could Li Yi help me merge the PR? Thanks, Wenxing -Original Message- From: Li, Yi1

Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix bug for correct return value checking when get X509Cert

Looks good to me. Reviewed-by: Yi Li We are in Hard Freeze phase, will push it after freeze. Thanks. -Original Message- From: devel@edk2.groups.io On Behalf Of Qingyu Sent: Wednesday, May 15, 2024 8:58 PM To: devel@edk2.groups.io Cc: Shang, Qingyu ; Yao, Jiewen ; Li, Yi1 Subject: [e

Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Remove deprecated code related to SHA-1

Hi Qingyu, 1. Commit message is not clear enough, we need to clarify 'why removing SHA-1 code does not affect the functionality of Rand'. Could you please add: The default drbg type of randlib has been switched to aes_256_ctr in openssl1.1.1, so sha1 is not really used in RandomSeed(). 2. Pleas

Re: [edk2-devel] [PATCH V2 1/1] CryptoPkg: Remove outdated code related to deprecated SHA-1

Hi, Qingyu I am still not see any codes related to CryptRand.c, are you missed 'git add' for new change? Regards, Yi -Original Message- From: Shang, Qingyu Sent: Thursday, May 16, 2024 10:28 AM To: devel@edk2.groups.io Cc: Yao, Jiewen ; Li, Yi1 Subject: [PATCH V2 1/1] CryptoPkg: Remo

Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Add support for aes128-sha256 and aes256-sha256 cipher

Looks good to me. Reviewed-by: Yi Li We are in Hard Freeze phase, will push it after freeze. Thanks. -Original Message- From: Shang, Qingyu Sent: Thursday, May 16, 2024 9:54 AM To: devel@edk2.groups.io Cc: Yao, Jiewen ; Li, Yi1 Subject: [PATCH 1/1] CryptoPkg: Add support for aes128-

Re: [edk2-devel] [PATCH V3 1/1] CryptoPkg: Remove deprecated code related to SHA-1

Looks good to me. Reviewed-by: Yi Li We are in Hard Freeze phase, will push it after freeze. Thanks. -Original Message- From: devel@edk2.groups.io On Behalf Of Qingyu Sent: Thursday, May 16, 2024 3:35 PM To: devel@edk2.groups.io Cc: Yao, Jiewen ; Li, Yi1 Subject: [edk2-devel] [PATCH V3

Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix bug for correct return value checking when get X509Cert

Hi @sounthar...@ami.com, I already asked Qingyu to help raise patch. Will merge it after hard freeze. Thanks, Yi -Original Message- From: devel@edk2.groups.io On Behalf Of Li, Yi Sent: Wednesday, May 15, 2024 11:32 PM To: devel@edk2.groups.io; Shang, Qingyu Cc: Yao, Jiewen Subject

Re: [edk2-devel] CryptoPkg OpensslLib TLSv1.3 support

No, Tls1.3 is not supported yet: https://github.com/tianocore/edk2/blob/7142e648416ff5d3eac6c6d607874805f5de0ca8/CryptoPkg/Library/OpensslLib/OpensslGen/include/openssl/configuration-ec.h#L271-L273 We have a BZ to track it but afaik no dedicated folk working on it. https://bugzilla.tianocore.org/

Re: [edk2-devel] [PATCH] CryptoPkg: Fix BaseCryptLib CrtWrapper strcpy

Thanks for your patch, this is a known issue: https://bugzilla.tianocore.org/show_bug.cgi?id=2817 Could you also update other wrappers in CrtWrapper.h and add BZ link to commit message? Edk2 has switched to github pr code review process, you can raise PR in https://github.com/tianocore/edk2/pu

[edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND

All crypto host tests which consumed randlib broken due to: https://github.com/tianocore/edk2/pull/5714 Not sure why this issue not reported by CI when merge this PR. The reason is that the ```BaseRngLibConstructor``` of rnglib is not called in host test, so ```mRdRandSupported``` is not enabled

Re: [edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND

Yes, we can create a host test specific lib if no better ways. Regards, Yi From: Yao, Jiewen Sent: Friday, June 14, 2024 3:20 PM To: Li, Yi1 ; devel@edk2.groups.io Cc: Hou, Wenxing ; Kinney, Michael D ; Pedro Falcato ; Ard Biesheuvel Subject: RE: CryptoPkg host test broken due to smoketest fo

Re: [edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND

host test broken due to smoketest for RDRAND On Fri, Jun 14, 2024 at 07:07:41AM GMT, Li, Yi wrote: > All crypto host tests which consumed randlib broken due to: > https://github.com/tianocore/edk2/pull/5714 > Not sure why this issue not reported by CI when merge this PR. > > The

Re: [edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND

Yes we did use PRNG(DRBG), the entropy pool is polled from HW RngLib. Seed is generated by TSC. Regards, Yi From: Ard Biesheuvel Sent: Friday, June 14, 2024 3:52 PM To: Li, Yi1 Cc: Yao, Jiewen ; devel@edk2.groups.io; Hou, Wenxing ; Kinney, Michael D ; Pedro Falcato Subject: Re: CryptoPkg ho

Re: [edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND

> I think we need follow 24 hour rule. > Any patch requires at least 24 hours before merge, to give people chance to > review and feedback. Sure I will follow this rule future. There is a critical Mbedtls bug based on this patch (blocked build) so I merged this patch quickly to unblock CI. https

Re: [edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND

Hi Jiewen, Currently Host lib using a dummy AsmCpuid implementation: BaseLib\X86UnitTestHost.c AsmCpuid -> UnitTestHostBaseLibAsmCpuid -> Return all zero (BIT30 of ECX hardcode to 1 after change of Gerd) Did you mean prefer to use real AsmCpuid func in Host? Or only use cpuid to check RdRand bit

Re: [edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND

Sounds good, I will try it. Thanks, Yi -Original Message- From: Kinney, Michael D Sent: Saturday, June 15, 2024 12:58 PM To: Li, Yi1 ; Ard Biesheuvel ; Yao, Jiewen Cc: Gerd Hoffmann ; devel@edk2.groups.io; Hou, Wenxing ; Pedro Falcato ; Kinney, Michael D Subject: RE: [edk2-devel] C

[edk2-devel] [PATCH 1/3] MdePkg: Add Tls configuration related define

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3892 Consumed by TlsSetEcCurve and TlsSetSignatureAlgoList. Cc: Jiewen Yao Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Yi Li --- MdePkg/Include/IndustryStandard/Tls1.h | 110 + 1 file changed, 74 insertions(+),

[edk2-devel] [PATCH 0/3] CryptoPkg: Extend Tls library

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892 Review PR: https://github.com/tianocore/edk2/pull/3400 This patch sequence is used to extend Tls library, which are wrapped over OpenSSL. The implementation provides library functions for EFI DXE dirver and Protocol. All APIs passed unit te

[edk2-devel] [PATCH 3/3] CryptoPkg: Add new Tls APIs to DXE and protocol

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892 The implementation provides new Tls library functions for Crypto EFI Driver and Protocol. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Yi Li --- CryptoPkg/Driver/Crypto.c | 155 +

[edk2-devel] [PATCH 2/3] CryptoPkg: Extend Tls function library

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892 1. TlsSetSignatureAlgoList(): Configure the list of TLS signature algorithms that should be used as part of the TLS session establishment. This is needed for some WLAN Supplicant connection establishment flows that allow only specific TLS si

Re: [edk2-devel] [PATCH 0/3] CryptoPkg: Extend Tls library

Hi All, Any comment about this patch set? Thanks very much. -Original Message- From: devel@edk2.groups.io On Behalf Of Li, Yi Sent: Monday, September 26, 2022 2:27 PM To: devel@edk2.groups.io Cc: Li, Yi1 ; Yao, Jiewen ; Wang, Jian J ; Lu, Xiaoyu1 ; Jiang, Guomin Subject: [edk2-devel

Re: [edk2-devel] [PATCH 3/3] CryptoPkg: Add new Tls APIs to DXE and protocol

: Add new Tls APIs to DXE and protocol I see one issue with adding new bits to the crypto services structured PCD. Comment below. Mike > -Original Message- > From: devel@edk2.groups.io On Behalf Of Li, Yi > Sent: Sunday, September 25, 2022 11:27 PM > To: devel@edk2.groups

[edk2-devel] [PATCH V2 0/3] CryptoPkg: Extend Tls library

: Xiaoyu Lu Cc: Guomin Jiang Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Yi Li Yi Li (3): MdePkg: Add Tls configuration related define CryptoPkg: Extend Tls function library CryptoPkg: Add new Tls APIs to DXE and protocol CryptoPkg/Driver/Crypto.c | 155

[edk2-devel] [PATCH V2 1/3] MdePkg: Add Tls configuration related define

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3892 Consumed by TlsSetEcCurve and TlsSetSignatureAlgoList. Cc: Jiewen Yao Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Yi Li --- MdePkg/Include/IndustryStandard/Tls1.h | 110 + 1 file changed, 74 insertions(+),

[edk2-devel] [PATCH V2 2/3] CryptoPkg: Extend Tls function library

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892 1. TlsSetSignatureAlgoList(): Configure the list of TLS signature algorithms that should be used as part of the TLS session establishment. This is needed for some WLAN Supplicant connection establishment flows that allow only specific TLS si

[edk2-devel] [PATCH V2 3/3] CryptoPkg: Add new Tls APIs to DXE and protocol

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892 The implementation provides new Tls library functions for Crypto EFI Driver and Protocol. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Yi Li --- CryptoPkg/Driver/Crypto.c | 155 +

[edk2-devel] [PATCH V3 0/3] CryptoPkg: Extend Tls library

cipher suite names. Tested-by: Yi Li Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Yi Li Yi Li (3): MdePkg: Add Tls configuration related define CryptoPkg: Extend Tls function library CryptoPkg: Add new Tls APIs to

[edk2-devel] [PATCH V3 1/3] MdePkg: Add Tls configuration related define

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3892 Consumed by TlsSetEcCurve and TlsSetSignatureAlgoList. Cc: Jiewen Yao Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Yi Li --- MdePkg/Include/IndustryStandard/Tls1.h | 112 + 1 file changed, 75 insertions(+),

[edk2-devel] [PATCH V3 2/3] CryptoPkg: Extend Tls function library

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892 1. TlsSetSignatureAlgoList(): Configure the list of TLS signature algorithms that should be used as part of the TLS session establishment. This is needed for some WLAN Supplicant connection establishment flows that allow only specific TLS si

[edk2-devel] [PATCH V3 3/3] CryptoPkg: Add new Tls APIs to DXE and protocol

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3892 The implementation provides new Tls library functions for Crypto EFI Driver and Protocol. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Yi Li --- CryptoPkg/Driver/Crypto.c | 155 +

Re: [edk2-devel] [PATCH V2 1/3] MdePkg: Add Tls configuration related define

Hi Jiewen and Heng, Thanks for review, I have corrected the comments and cipher suites name. Thanks, Yi -Original Message- From: Luo, Heng Sent: Monday, October 10, 2022 9:37 AM To: devel@edk2.groups.io; Yao, Jiewen ; Li, Yi1 Cc: Kinney, Michael D ; Gao, Liming Subject: RE: [edk2-d

Re: [edk2-devel] [PATCH V3 0/3] CryptoPkg: Extend Tls library

change: > > Move the newly added APIs to the end of struct PCD. > > V3 change: > > Corrected tls specification reference and tls cipher suite names. > > > > Tested-by: Yi Li > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Xiaoyu Lu > > Cc: Guomin Jia

[edk2-devel] [edk2-staging/crypto-new-api][PATCH] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1u

From: Sheng Wei (cherry-pick from: master b2de9ec5a759aa4a7ac029cda9079dce077bf856) Cc: Zhichao Gao Cc: Heng Luo Signed-off-by: Yi Li --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 - CryptoPkg/Library/OpensslLib/OpensslLibFull.inf | 1 - CryptoPkg/Library/OpensslLib/openssl

Re: [edk2-devel] [edk2/add_mbedtls PATCH 0/9] *** Add HMAC/HKDF/RSA/HASH features based on Mbedtls ***

Hi Sean, > I propose we remove openssl from the edk2 CryptoPkg and into the > OpenSslCryptoPkg in another new tianocore repository dedicated to OpenSsl. > MbedTls could then be checked into the MbedTlsCryptoPkg and added to another > new repository. It may be a better choice to put openssl a

Re: [edk2-devel] [edk2/add_mbedtls PATCH 0/9] *** Add HMAC/HKDF/RSA/HASH features based on Mbedtls ***

Hi Sean, I would like to clarify that the purpose of this patch sequence is to supplement the defects of openssl3.0 rather than seek a substitute for openssl. Crypto implementations other than HASH and AES in Openssl3.0 cannot be used in the PREMEM stage, and all implementations will be like thi

Re: [edk2-devel] [PATCH v2 05/10] CryptoPkg: Add RSA functions based on Mbedtls

TestPublicExponent[] is same as default value so this test is nonsense. Please use a different value to generate key and use RsaGetKey to confirm PE is same as expect. -Original Message- From: Hou, Wenxing Sent: Saturday, September 2, 2023 10:16 PM To: devel@edk2.groups.io Cc: Yao, Jie

Re: [edk2-devel] [PATCH v2 09/10] CryptoPkg: Add Mbedtls submodule in CI

Skip those files in DscCompleteCheck is workaround IMO, I think we can add all mbedtls libraries and components to CryptoPkg.dsc with new CRYPTO_SERVICES. -Original Message- From: Hou, Wenxing Sent: Saturday, September 2, 2023 10:16 PM To: devel@edk2.groups.io Cc: Yao, Jiewen ; Li, Yi1

Re: [edk2-devel] [PATCH] NetworkPkg: Increase HTTP buffer size and enable TCP window scaling

Hi Saloni and Zachary, can you help to merge this patch? It got reviewed-by but not check-in, Thanks! -Original Message- From: Kasbekar, Saloni Sent: Tuesday, July 25, 2023 12:18 PM To: Li, Yi1 ; devel@edk2.groups.io Cc: Otcheretianski, Andrei ; Clark-williams, Zachary Subject: RE: [

Re: [edk2-devel] [PATCH] Maintainers.txt: update maintainer for CryptoPkg

Hi Mike, I signed up to work as Maintainer for CryptoPkg, need help to add reviewer and maintainer permissions. Thanks! Regards, Yi -Original Message- From: devel@edk2.groups.io On Behalf Of Li, Yi Sent: Friday, June 16, 2023 12:21 PM To: Wang, Jian J ; devel@edk2.groups.io Cc: Yao

Re: [edk2-devel] setting TLS ciphers is broken (openssl 3?)

Hi Gerd, We have validated HTTPs boot and WIFI with EAP-TLS, where the code consumed openssl3.0 TLS lib API. So we cannot reproduce this issue. Could you provide detail test steps to me, I will look into it. Thanks, Yi -Original Message- From: devel@edk2.groups.io On Behalf Of Yao,

Re: [edk2-devel] [PATCH v1 07/24] CryptoPkg: CI: Add PrEval entry

Joey: I already give feedback for CryptoPkg part. Seems there are two Crypto patch 07/24 and 13/24, but actually 13 is StandaloneMmPkg changes. Please check. [PATCH v1 13/24] CryptoPkg: CI: Add PrEval entry -Original Message- From: devel@edk2.groups.io On Behalf Of Li, Yi Sent

Re: [edk2-devel] [PATCH v3 00/11] Add HMAC/HKDF/RSA/HASH/AES features based on Mbedtls

Looks good to me. Reviewed-by: Yi Li -Original Message- From: Hou, Wenxing Sent: Thursday, September 28, 2023 11:34 PM To: devel@edk2.groups.io Cc: Yao, Jiewen ; Li, Yi1 ; Lu, Xiaoyu1 ; Jiang, Guomin Subject: [PATCH v3 00/11] Add HMAC/HKDF/RSA/HASH/AES features based on Mbedtls Pur

Re: [edk2-devel] [PATCH v2 1/1] CryptoPkg/TlsLib: fix tls cipher configuration

Sorry for delayed response due to PRC holiday. This is a pretty good solution, I also ran some basic HTTPSBOOT and EAP-TLS test cases, and all passed. Reviewed-by: Yi Li -Original Message- From: Gerd Hoffmann Sent: Wednesday, October 4, 2023 5:20 PM To: devel@edk2.groups.io Cc: Li, Yi

Re: [edk2-devel] [PATCH v3 09/11] CryptoPkg: Add Mbedtls submodule in CI

Hello .pytools maintainers and reviewers, any comments for this patch series? Background: https://github.com/tianocore/edk2-staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md#openssl30-mbedtls-dual-mode This patch series is needed to resolve the limitation from OpenSSL 3.0 that provider ba

Re: [edk2-devel] [PATCH v3 00/11] Add HMAC/HKDF/RSA/HASH/AES features based on Mbedtls

Patch merged via: https://github.com/tianocore/edk2/pull/4897 Thanks for your contribution. Regards, Yi -Original Message- From: devel@edk2.groups.io On Behalf Of Li, Yi Sent: Saturday, October 7, 2023 8:38 PM To: Hou, Wenxing ; devel@edk2.groups.io Cc: Yao, Jiewen ; Lu, Xiaoyu1

[edk2-devel] [PATCH] CryptoPkg: Add b_print.c which removed floating-point to OpensslLib

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4110 Openssl will use BIO_snprintf() to print time string when converting time_t to ASN1_time. Currently edk2 code just give it a NULL implement in CrtWrapper.c, so getting current time in X509 time check will be fail. This patch add a copy of O

Re: [edk2-devel] [PATCH] CryptoPkg: Add b_print.c which removed floating-point to OpensslLib

Hi all, This patch is the pre-work for enabling the X509 certificate time check. I know it looks weird to add a new b_print.c, so I wanted to explain the background of this patch. 1. Why not directly use the b_print.c file in openssl? The original file uses code related to floating-point and ull

Re: [edk2-devel] [PATCH] CryptoPkg: Add b_print.c which removed floating-point to OpensslLib

Hi Jiewen, Oh, I didn't realize we had this macro, maybe we could use it to eliminate floating point actions and upstream to openssl. If it can be upstreamed, then we don't need these workarounds, I will try to do these things, thank you. -Original Message- From: Yao, Jiewen Sent: Su

Re: [edk2-devel] [PATCH] CryptoPkg: Add b_print.c which removed floating-point to OpensslLib

Hi Gerd, Cool! I noticed your patch in openssl3.0 branch. Because the Tls cert time check needs to be solved as soon as possible, I will cherry-pick your patch to 1.1.1 branch instead of updating edk2 openssl to 3.0. The latter seems to take a long time. By the way, I remember you are already wo

[edk2-devel] [PATCH 1/1] CryptoPkg: Make Protocol Service API backward compatible

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4197 Using older Crypto protocol will be allowed. Each function wrapper will be annotated to require a minimum required version of the crypto protocol and assert if called when the version is not compatible. Ths minimum version difined as the ver

Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Make Protocol Service API backward compatible

Hi, any comments about this BZ and patch? Code link: https://github.com/tianocore/edk2/pull/3787 -Original Message- From: devel@edk2.groups.io On Behalf Of Li, Yi Sent: Monday, December 19, 2022 2:24 PM To: devel@edk2.groups.io Cc: Li, Yi1 ; Yao, Jiewen ; Wang, Jian J ; Lu, Xiaoyu1

Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Make Protocol Service API backward compatible

PATCH 1/1] CryptoPkg: Make Protocol Service API > backward compatible > > Hi, any comments about this BZ and patch? > Code link: https://github.com/tianocore/edk2/pull/3787 > > -Original Message- > From: devel@edk2.groups.io On Behalf Of Li, Yi > Sent: Monday, D

Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8

Hi Gerd, I also have some work on Openssl3, mainly to research how to reduce the binary size increase after the upgrade: https://github.com/tianocore/edk2-staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md I really appreciate your work in this patch series, especially the clear py scr

Re: [edk2-devel] [PATCH 19/22] CryptoPkg/openssl: update *.inf, add generated files

>+ DEFINE OPENSSL_FLAGS_NOASM = -DSTATIC_LEGACY Why we need this macro, EDK2 does not seem to use the algorithm in the legacy provider. -Original Message- From: devel@edk2.groups.io devel@edk2.groups.io On Behalf Of Ge

Re: [edk2-devel] [PATCH 16/22] [hash] CryptoPkg/openssl: add OpensslLibHash.inf

A bit confused here, why we need this inf, just to make it clear? As you mentioned, it doesn't help with binary file size. Regards, Yi -Original Message- From: devel@edk2.groups.io On Behalf Of Gerd Hoffmann Sent: Monday, March 13, 2023 4:30 PM To: devel@edk2.groups.io Cc: Wang, Jian J

[edk2-devel] [edk2-staging/OpenSSL11_EOL 1/7] OpensslLib: remove bio prov

Signed-off-by: Yi Li --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 +- CryptoPkg/Library/OpensslLib/OpensslStub/uefiprov.c | 8 ++-- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/Openssl

[edk2-devel] [edk2-staging/OpenSSL11_EOL 3/7] CryptoPkg/OpensslLib: enable no autoalginit

Signed-off-by: Yi Li --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index 47a045ef66..8641cd2521 100644 --- a/CryptoPkg/Library/OpensslLi

[edk2-devel] [edk2-staging/OpenSSL11_EOL 0/7] Openssl 3.0 POC update Mar 17

xing Hou Cc: Gerd Hoffmann Signed-off-by: Yi Li Yi Li (7): OpensslLib: remove bio prov CryptoPkg/Test: Remove Pem and Pkcs7Sign func in test CryptoPkg/OpensslLib: enable no autoalginit Readme: 0315 update bugfix: The order of NIDs should remain the same as before CryptoPkg/OpensslLibFull:

  1   2   >