Hi Gerd Currently, the *blocking issue* for openssl 3.0 adoption in EDKII is *size*. The big size increase will break exist platforms easily. As such, we are not able to switch to openssl 3.0 directly.
I have written the proposal at https://github.com/tianocore/edk2-staging/blob/OpenSSL11_EOL/ReadMe.md "It is possible that we may need add MACRO to OpenSSL 3.0 to reduce the size. We can do POC and submit to OpenSSL community." My suggested plan is: 1) We do our best to reduce size, as much as possible. 2) We revisit openssl 3.0 change, to see if that is reasonable. 3) if we can figure out a better way to avoid the change, we redesign and avoid the change. 4) if we cannot figure out a better way, we submit the change to openssl 3.0 community. You are welcome to review the change and send feedback. Thank you Yao, Jiewen > -----Original Message----- > From: Gerd Hoffmann <kra...@redhat.com> > Sent: Friday, March 17, 2023 6:03 PM > To: Li, Yi1 <yi1...@intel.com> > Cc: devel@edk2.groups.io; Yao, Jiewen <jiewen....@intel.com>; Hou, > Wenxing <wenxing....@intel.com> > Subject: Re: [edk2-staging/OpenSSL11_EOL 0/7] Openssl 3.0 POC update Mar > 17 > > On Fri, Mar 17, 2023 at 12:28:12PM +0800, Yi Li wrote: > > Please check the patch series if interested. > > PR: https://github.com/tianocore/edk2-staging/pull/359 > > So it seems you are doing a number of larger changes to the openssl > code base. What is the plan for those? > > I'd prefer to not be in a situation where every openssl update needs > alot of work in our edk2-specific adaptions, especially as openssl > updates can be timing-sensitive when it comes to fixing security issues. > > For changes where we only need dummy stub functions which don't do > anything is isn't a big problem. But when changing the provider logic > to suit our needs it is probably much better to work with upstream > openssl to get the changes we need merged. > > I did that in the past, worked fine. See for example openssl commit > a28dbfe7c84b6a43746d0e2ef4153e2a13067c4a (change printf to not > support > floating point for --target=UEFI). > > take care, > Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101327): https://edk2.groups.io/g/devel/message/101327 Mute This Topic: https://groups.io/mt/97666986/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
