[edk2-devel] [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
Yao, Jiewen
jiewen.yao at intel.com
Tue Sep 15 01:21:49 UTC 2020
Hi Zurcher:
Thanks for your work.
1) Please share with us what unit test you have done for all new APIs.
2) Please add comment on what is the valid DigestName in EvpMdInit(). Otherwise, people will have no idea on that.
3) I assume the size will be unchanged if a module does not use the new EVPMD API, such as UEFI secure boot, TCG trusted boot. Please double confirm if that is right understanding.
Hi all:
I would like collect feedback on below:
-- "I replaced the MD5 and SHAx functions with EVP functions in Hash2DxeCrypto, and it grew from ~26k to ~253k."
If there is negative size impact for the platform BIOS that is using Hash2DxeCrypto, please share with the community.
Thank you
Yao Jiewen
> -----Original Message-----
> From: Christopher J Zurcher <christopher.j.zurcher at intel.com>
> Sent: Tuesday, September 15, 2020 8:58 AM
> To: devel at edk2.groups.io
> Cc: Laszlo Ersek <lersek at redhat.com>; Yao, Jiewen <jiewen.yao at intel.com>;
> Wang, Jian J <jian.j.wang at intel.com>; Lu, XiaoyuX <xiaoyux.lu at intel.com>
> Subject: [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest
> interface
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545
>
> V2 changes:
> Added NullLib implementation
> Added Crypto Service implementation
> Rebased Hash2DxeCrypto to use EVP interface instead of low-level functions
> Removed unnecessary casts
> Added "HashAll" utility function
> Merged "New" and "Init" functions as well as "Final" and "Free" functions
> Retained "Init/Update/Final" naming instead of "New/Update/Free" as this
> conforms with common usage
>
> Low-level interfaces to message digest (hash) functions have been deprecated
> in OpenSSL 3. In order to upgrade to OpenSSL 3, all direct calls to
> low-level functions (such as SHA256_Init() in CryptSha256.c) will need to
> be replaced by EVP inteface calls.
>
> References:
> https://www.openssl.org/docs/manmaster/man7/evp.html
> https://www.openssl.org/docs/manmaster/man3/SHA256_Init.html
>
> Cc: Laszlo Ersek <lersek at redhat.com>
> Cc: Jiewen Yao <jiewen.yao at intel.com>
> Cc: Jian J Wang <jian.j.wang at intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu at intel.com>
>
> Christopher J Zurcher (3):
> CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
> CryptoPkg: Add EVP to Crypto Service driver interface
> SecurityPkg/Hash2DxeCrypto: Rebase Hash2DxeCrypto onto the EVP
> interface
>
> CryptoPkg/CryptoPkg.dsc | 3 +
> CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 +
> CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 +
> CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 +
> CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 +
> CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | 1 +
> CryptoPkg/Include/Library/BaseCryptLib.h | 125 +++++++
> CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h | 10 +
> CryptoPkg/Private/Protocol/Crypto.h | 127 +++++++
> SecurityPkg/Hash2DxeCrypto/Driver.h | 1 -
> CryptoPkg/Driver/Crypto.c | 148 ++++++++-
> CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c | 253 ++++++++++++++
> CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c | 124 +++++++
> CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 140 ++++++++
> SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 345 ++------------------
> 15 files changed, 965 insertions(+), 316 deletions(-)
> create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c
> create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c
>
> --
> 2.28.0.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#65239): https://edk2.groups.io/g/devel/message/65239
Mute This Topic: https://groups.io/mt/76856051/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list