Hi all,
Do you have any feedback?
The current Patch Set status is:
This patch set was submitted before soft feature freeze.
Some reviewd-by was added before soft feature freeze starts.
Some reviewd-by was added after soft feature freeze starts.
And the Patch set is: Acked-by: Jiewen Yao <jiewen....@intel.com>
Reviewed-by: Yi Li <yi1...@intel.com>
Mike is on vacation, maybe he will not have feedback.
Dear Tianocore Stewards, If you don't have any feedback.
We will merge it today.
Thanks!
Wenxing
-----Original Message-----
From: gaoliming <gaolim...@byosoft.com.cn>
Sent: Thursday, May 9, 2024 8:35 PM
To: Hou, Wenxing <wenxing....@intel.com>; devel@edk2.groups.io; Li, Yi1
<yi1...@intel.com>
Cc: Yao, Jiewen <jiewen....@intel.com>; 'Leif Lindholm'
<quic_llind...@quicinc.com>; 'Andrew Fish' <af...@apple.com>; Kinney, Michael D
<michael.d.kin...@intel.com>
Subject: 回复: [edk2-devel][edk2-stable202405] [PATCH v3 00/11] Add more crypt
APIs based on Mbedtls
Include more people for feedback.
> -----邮件原件-----
> 发件人: Hou, Wenxing <wenxing....@intel.com>
> 发送时间: 2024年5月9日 17:35
> 收件人: devel@edk2.groups.io; gaolim...@byosoft.com.cn; Li, Yi1
> <yi1...@intel.com>
> 抄送: Yao, Jiewen <jiewen....@intel.com>
> 主题: RE: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on
> Mbedtls
>
> Hi Liming,
> Thanks for your suggestion.
>
>
> Hi all,
> The current Patch Set status is:
> This patch set was submitted before soft feature freeze.
> It passed code review after soft feature freeze starts.
> And the Patch set is: Acked-by: Jiewen Yao <jiewen....@intel.com>
> Reviewed-by: Yi Li <yi1...@intel.com>
>
> We want to catch this 202405 stable tag.
> If anyone have feedback, please let me know.
>
> Thanks,
> Wenxing
>
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> gaoliming via groups.io
> Sent: Thursday, May 9, 2024 4:59 PM
> To: devel@edk2.groups.io; Li, Yi1 <yi1...@intel.com>; Hou, Wenxing
> <wenxing....@intel.com>
> Cc: Yao, Jiewen <jiewen....@intel.com>
> Subject: 回复: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based
> on Mbedtls
>
> Seemly, this change is new feature to add more crypt APIs based on Mbedtls.
>
> This patch set was submitted before soft feature freeze. But, it
> passed code review after soft feature freeze starts.
>
> Based on current rule, this patch set is not allowed to be merged for
> this stable tag 202405.
>
> If you want to catch this stable tag, please raise this requirement to
> the mail list and collect the feedback.
>
> Thanks
> Liming
> > -----邮件原件-----
> > 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Li, Yi
> > 发送时间: 2024年5月9日 16:33
> > 收件人: Hou, Wenxing <wenxing....@intel.com>; gaoliming
> > <gaolim...@byosoft.com.cn>; devel@edk2.groups.io
> > 抄送: Yao, Jiewen <jiewen....@intel.com>
> > 主题: Re: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on
> Mbedtls
> >
> > This patch set was submitted before soft freeze and will not affect
> > other
> existed
> > codes, I am OK to merge it.
> >
> > Hi Liming,
> >
> > Do you have any comments? I will merge it if no objections.
> >
> > Thanks,
> > Yi
> >
> > -----Original Message-----
> > From: Hou, Wenxing <wenxing....@intel.com>
> > Sent: Thursday, May 9, 2024 4:29 PM
> > To: Li, Yi1 <yi1...@intel.com>; devel@edk2.groups.io
> > Cc: Yao, Jiewen <jiewen....@intel.com>; gaoliming
> > <gaolim...@byosoft.com.cn>
> > Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> >
> > Hi,
> >
> > Thanks for your feedback.
> > The new PR is: https://github.com/tianocore/edk2/pull/5645
> >
> > Could Li Yi help me merge the PR?
> >
> > Thanks,
> > Wenxing
> >
> > -----Original Message-----
> > From: Li, Yi1 <yi1...@intel.com>
> > Sent: Thursday, May 9, 2024 2:54 PM
> > To: Hou, Wenxing <wenxing....@intel.com>; devel@edk2.groups.io
> > Cc: Yao, Jiewen <jiewen....@intel.com>
> > Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> >
> > For this patch set:
> >
> > Looks good to me.
> > Reviewed-by: Yi Li <yi1...@intel.com>
> >
> >
> > -----Original Message-----
> > From: Hou, Wenxing <wenxing....@intel.com>
> > Sent: Thursday, May 9, 2024 2:27 PM
> > To: devel@edk2.groups.io
> > Cc: Yao, Jiewen <jiewen....@intel.com>; Li, Yi1 <yi1...@intel.com>
> > Subject: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
> >
> > Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More
> > RSA/PKCS5/pKCS7/Authenticode/Timestamp
> > implementation based on Mbedtls.
> >
> > The patch has passed the EDKII CI check:
> > https://github.com/tianocore/edk2/pull/5552
> >
> > And the patch has passed unit_test in EDKII and integration test for
> platform.
> > And the patch hass passed the fuzz test:
> > https://github.com/tianocore/edk2-staging/commit/4f19398053c92e4f779
> > 1d
> > 4
> > 68a184530b6ab89128
> >
> > v2 changes:
> > - Fix format variable name/hardcode number issue;
> > - Fix Pkcs7 memory leak;
> >
> > v3 changes:
> > - Fix some issues form reviewer;
> > - Add SHA3/SM3 implementation;
> > - Update *.inf files;
> >
> > Cc: Jiewen Yao <jiewen....@intel.com>
> > Cc: Yi Li <yi1...@intel.com>
> > Signed-off-by: Wenxing Hou <wenxing....@intel.com>
> >
> > Wenxing Hou (11):
> > CryptoPkg: Add AeadAesGcm based on Mbedtls
> > CryptoPkg: Add rand function for BaseCryptLibMbedTls
> > CryptoPkg: Add Pem APIs based on Mbedtls
> > CryptoPkg: Add X509 functions based on Mbedtls
> > CryptoPkg: Add Pkcs7 related functions based on Mbedtls
> > CryptoPkg: Add Pkcs5 functions based on Mbedtls
> > CryptoPkg: Add more RSA related functions based on Mbedtls
> > CryptoPkg: Add AuthenticodeVerify based on Mbedtls
> > CryptoPkg: Add ImageTimestampVerify based on Mbedtls
> > CryptoPkg: Update *.inf in BaseCryptLibMbedTls
> > Add SHA3/SM3 functions with openssl for Mbedtls
> >
> > CryptoPkg/Include/Library/BaseCryptLib.h | 4 +
> > .../BaseCryptLibMbedTls/BaseCryptLib.inf | 47 +-
> > .../Cipher/CryptAeadAesGcm.c | 227 ++
> > .../BaseCryptLibMbedTls/InternalCryptLib.h | 49 +
> > .../BaseCryptLibMbedTls/PeiCryptLib.inf | 27 +-
> > .../BaseCryptLibMbedTls/Pem/CryptPem.c | 138 ++
> > .../Pk/CryptAuthenticode.c | 214 ++
> > .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c | 278 +++
> > .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c | 100 +
> > .../Pk/CryptPkcs7Internal.h | 29 +-
> > .../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c | 635 ++++++
> > .../Pk/CryptPkcs7VerifyBase.c | 113 +
> > .../Pk/CryptPkcs7VerifyCommon.c | 1354 ++++++++++++
> > .../Pk/CryptPkcs7VerifyEku.c | 689 ++++++
> > .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c | 352 +++
> > .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c | 140
> > ++ .../Library/BaseCryptLibMbedTls/Pk/CryptTs.c | 381 ++++
> > .../BaseCryptLibMbedTls/Pk/CryptX509.c | 1940
> > +++++++++++++++++
> > .../BaseCryptLibMbedTls/Rand/CryptRand.c | 114 +
> > .../BaseCryptLibMbedTls/Rand/CryptRandTsc.c | 114 +
> > .../BaseCryptLibMbedTls/RuntimeCryptLib.inf | 26 +-
> > .../BaseCryptLibMbedTls/SmmCryptLib.inf | 36 +-
> > .../BaseCryptLibMbedTls/TestBaseCryptLib.inf | 39 +-
> > CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf | 6 +
> > .../Library/MbedTlsLib/MbedTlsLibFull.inf | 6 +
> > 25 files changed, 6973 insertions(+), 85 deletions(-) create mode
> > 100644
> > CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c
> > create mode 100644
> > CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
> > create mode 100644
> > CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c
> > create mode 100644
> > CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c
> > create mode 100644
> > CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c
> > create mode 100644
> > CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c
> > create mode 100644
> > CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c
> > create mode 100644
> > CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
> > create mode 100644
> > CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEku.c
> > create mode 100644
> > CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
> > create mode 100644
> > CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
> > create mode 100644
> > CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c
> > create mode 100644
> > CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c
> > create mode 100644
> > CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c
> > create mode 100644
> > CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c
> >
> > --
> > 2.26.2.windows.1
> >
> >
> >
> >
> >
>
>
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118772): https://edk2.groups.io/g/devel/message/118772
Mute This Topic: https://groups.io/mt/106010730/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
--- Begin Message ---
Looks good to me.
Reviewed-by: Yi Li <yi1...@intel.com>
-----Original Message-----
From: Hou, Wenxing <wenxing....@intel.com>
Sent: Wednesday, April 24, 2024 4:25 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen <jiewen....@intel.com>; Li, Yi1 <yi1...@intel.com>
Subject: [PATCH v2] Add SHA3/SM3 functions with openssl for Mbedtls
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Because the Mbedlts 3.3.0 doesn't have SHA3 and Sm3, the SHA3 and Sm3
implementaion based on Openssl.
And the implementaion has passed build check.
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Yi Li <yi1...@intel.com>
Signed-off-by: Wenxing Hou <wenxing....@intel.com>
---
CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf | 9 +++++++--
CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf | 9 +++++++--
.../Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf | 3 ++-
CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf | 9 +++++++--
.../Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf | 4 +++-
CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf | 6 ++++++
CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf | 6 ++++++
7 files changed, 38 insertions(+), 8 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
index 16def792c5..999054500f 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
@@ -18,6 +18,7 @@
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = BaseCryptLib|DXE_DRIVER DXE_CORE
UEFI_APPLICATION UEFI_DRIVER
+ DEFINE BASE_CRYPT_PATH = ../BaseCryptLib
#
# The following information is for reference only and not required by the
build tools.
@@ -31,10 +32,14 @@
Cipher/CryptAes.c
Hash/CryptSha256.c
Hash/CryptSha512.c
- Hash/CryptParallelHashNull.c
- Hash/CryptSm3Null.c
Hash/CryptMd5.c
Hash/CryptSha1.c
+ $(BASE_CRYPT_PATH)/Hash/CryptCShake256.c
+ $(BASE_CRYPT_PATH)/Hash/CryptDispatchApDxe.c
+ $(BASE_CRYPT_PATH)/Hash/CryptParallelHash.c
+ $(BASE_CRYPT_PATH)/Hash/CryptSha3.c
+ $(BASE_CRYPT_PATH)/Hash/CryptSm3.c
+ $(BASE_CRYPT_PATH)/Hash/CryptXkcp.c
Hmac/CryptHmac.c
Kdf/CryptHkdf.c
Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
index 72b22a24e8..a153c0c8e4 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
@@ -26,6 +26,7 @@
MODULE_TYPE = PEIM
VERSION_STRING = 1.0
LIBRARY_CLASS = BaseCryptLib|PEIM PEI_CORE
+ DEFINE BASE_CRYPT_PATH = ../BaseCryptLib
#
# The following information is for reference only and not required by the
build tools.
@@ -38,9 +39,13 @@
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c
- Hash/CryptSm3Null.c
Hash/CryptSha512.c
- Hash/CryptParallelHashNull.c
+ $(BASE_CRYPT_PATH)/Hash/CryptCShake256.c
+ $(BASE_CRYPT_PATH)/Hash/CryptDispatchApPei.c
+ $(BASE_CRYPT_PATH)/Hash/CryptParallelHash.c
+ $(BASE_CRYPT_PATH)/Hash/CryptSha3.c
+ $(BASE_CRYPT_PATH)/Hash/CryptSm3.c
+ $(BASE_CRYPT_PATH)/Hash/CryptXkcp.c
Hmac/CryptHmac.c
Kdf/CryptHkdf.c
Cipher/CryptAes.c
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
index 9f17ef00bf..1b33dbdaad 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
@@ -25,6 +25,7 @@
VERSION_STRING = 1.0
LIBRARY_CLASS = BaseCryptLib|DXE_RUNTIME_DRIVER
CONSTRUCTOR = RuntimeCryptLibConstructor
+ DEFINE BASE_CRYPT_PATH = ../BaseCryptLib
#
# The following information is for reference only and not required by the
build tools.
@@ -37,9 +38,9 @@
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c
- Hash/CryptSm3Null.c
Hash/CryptSha512.c
Hash/CryptParallelHashNull.c
+ $(BASE_CRYPT_PATH)/Hash/CryptSm3.c
Hmac/CryptHmac.c
Kdf/CryptHkdf.c
Cipher/CryptAes.c
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
index 40c56d1b7d..d9a9cb8d10 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
@@ -24,6 +24,7 @@
VERSION_STRING = 1.0
PI_SPECIFICATION_VERSION = 0x0001000A
LIBRARY_CLASS = BaseCryptLib|DXE_SMM_DRIVER SMM_CORE
MM_STANDALONE
+ DEFINE BASE_CRYPT_PATH = ../BaseCryptLib
#
# The following information is for reference only and not required by the
build tools.
@@ -36,9 +37,13 @@
Hash/CryptMd5.c
Hash/CryptSha1.c
Hash/CryptSha256.c
- Hash/CryptSm3Null.c
Hash/CryptSha512.c
- Hash/CryptParallelHashNull.c
+ $(BASE_CRYPT_PATH)/Hash/CryptCShake256.c
+ $(BASE_CRYPT_PATH)/Hash/CryptDispatchApMm.c
+ $(BASE_CRYPT_PATH)/Hash/CryptParallelHash.c
+ $(BASE_CRYPT_PATH)/Hash/CryptSha3.c
+ $(BASE_CRYPT_PATH)/Hash/CryptSm3.c
+ $(BASE_CRYPT_PATH)/Hash/CryptXkcp.c
Hmac/CryptHmac.c
Kdf/CryptHkdf.c
Cipher/CryptAes.c
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf
b/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf
index def990b996..6a7f4bdbf6 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf
@@ -18,6 +18,7 @@
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = BaseCryptLib|DXE_DRIVER DXE_CORE
UEFI_APPLICATION UEFI_DRIVER
+ DEFINE BASE_CRYPT_PATH = ../BaseCryptLib
#
# The following information is for reference only and not required by the
build tools.
@@ -31,9 +32,10 @@
Cipher/CryptAes.c
Hash/CryptSha256.c
Hash/CryptSha512.c
- Hash/CryptSm3Null.c
Hash/CryptMd5.c
Hash/CryptSha1.c
+ $(BASE_CRYPT_PATH)/Hash/CryptSm3.c
+ Hash/CryptParallelHashNull.c
Hmac/CryptHmac.c
Kdf/CryptHkdf.c
Pk/CryptRsaBasic.c
diff --git a/CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf
b/CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf
index adcf770902..93f8e69383 100644
--- a/CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf
+++ b/CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf
@@ -13,6 +13,7 @@
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = MbedTlsLib
+ DEFINE OPENSSL_PATH = ../OpensslLib/openssl
#
# The following information is for reference only and not required by the
build tools.
@@ -21,6 +22,11 @@
#
[Sources]
+# Openssl files list starts here
+ $(OPENSSL_PATH)/crypto/mem_clr.c
+ $(OPENSSL_PATH)/crypto/sha/keccak1600.c
+ $(OPENSSL_PATH)/crypto/sm3/sm3.c
+# Openssl files list ends here
Include/mbedtls/mbedtls_config.h
mbedtls/library/aes.c
mbedtls/library/asn1parse.c
diff --git a/CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf
b/CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf
index 7715392a9d..98695312cf 100644
--- a/CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf
+++ b/CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf
@@ -13,6 +13,7 @@
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = MbedTlsLib
+ DEFINE OPENSSL_PATH = ../OpensslLib/openssl
#
# The following information is for reference only and not required by the
build tools.
@@ -21,6 +22,11 @@
#
[Sources]
+# Openssl files list starts here
+ $(OPENSSL_PATH)/crypto/mem_clr.c
+ $(OPENSSL_PATH)/crypto/sha/keccak1600.c
+ $(OPENSSL_PATH)/crypto/sm3/sm3.c
+# Openssl files list ends here
Include/mbedtls/mbedtls_config.h
mbedtls/library/aes.c
mbedtls/library/asn1parse.c
--
2.26.2.windows.1
--- End Message ---
