Skip to content

CryptoPkg: Increase ScratchMemory buffer for openssl 3.0.15#6394

Merged
mergify[bot] merged 1 commit intotianocore:masterfrom
ldts:efitools-oom
Nov 4, 2024
Merged

CryptoPkg: Increase ScratchMemory buffer for openssl 3.0.15#6394
mergify[bot] merged 1 commit intotianocore:masterfrom
ldts:efitools-oom

Conversation

@ldts
Copy link
Copy Markdown
Contributor

@ldts ldts commented Oct 31, 2024

Description

Openssl 3.0.15 has a larger memory footprint.

Updating from EDK 2022.2 (openssl 1.1.j) to 2024.2 (openssl 3.0.15) causes our EFI provisioning application[1] to fail due to an out of memory condition.

On inspection, at the time of that fault, 2022.2 had an additional 900 pages. This is why this patch proposes the increase of the ScratchMemory buffer by that same ammount.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git

  • Impacts security?
    • Security Since this addresses OpenSSL errors that would be caused due to running out of memory, it has security implications.

How This Was Tested

https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git
0) Build efitools and generate LockDown.efi

  1. Using OVMF
    Execute LockDown.efi from a systemd-boot menu
    Without the fix, authenticating the proposed PK before attempting to set it will fail with a Security Violation error (-26)

Integration Instructions

N/A

@github-actions github-actions Bot added the impact:security This change has a direct security impact such as changing a crypto algorithm. label Oct 31, 2024
liyi77
liyi77 approved these changes Nov 1, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@liyi77 liyi77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jyao1 jyao1 added push Auto push patch series in PR if all checks pass and removed push Auto push patch series in PR if all checks pass labels Nov 1, 2024
@jyao1
Copy link
Copy Markdown
Contributor

jyao1 commented Nov 1, 2024

LGTM. wait for 24 hours to see if there is other concern.

@jyao1 jyao1 added the push Auto push patch series in PR if all checks pass label Nov 4, 2024
@ldts @mdkinney
CryptoPkg: Increase ScratchMemory buffer for openssl 3.0.15
feea74b 
Openssl 3.0.15 has a larger memory footprint.

Updating from EDK 2022.2 (openssl 1.1.j) to 2024.2 (openssl 3.0.15)
causes our EFI provisioning application[1] to fail due to an out of
memory condition.

On inspection, at the time of that fault, 2022.2 had an additional 900
pages. This is why this patch proposes the increase of the ScratchMemory
buffer by that same ammount.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git

Signed-off-by: Jorge Ramirez-Ortiz <[email protected]>
@mergify mergify Bot merged commit ccbe6f5 into tianocore:master Nov 4, 2024
@ldts ldts mentioned this pull request Feb 5, 2025
Merged
@DorLevi95 DorLevi95 mentioned this pull request Mar 11, 2025
Merged
5 tasks
@ldts ldts mentioned this pull request Mar 14, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@liyi77 liyi77 liyi77 approved these changes

@jyao1 jyao1 jyao1 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

impact:security This change has a direct security impact such as changing a crypto algorithm. push Auto push patch series in PR if all checks pass

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ldts @jyao1 @liyi77