From: "Gerd Hoffmann" <kraxel@redhat.com>
To: devel@edk2.groups.io, jiewen.yao@intel.com
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>,
"Wang, Jian J" <jian.j.wang@intel.com>,
"Jiang, Guomin" <guomin.jiang@intel.com>,
Pawel Polawski <ppolawsk@redhat.com>,
"Lu, XiaoyuX" <xiaoyux.lu@intel.com>
Subject: Re: [edk2-devel] [PATCH 00/24] CryptoPkg/openssl: update openssl submodule to v3.0
Date: Mon, 17 Jan 2022 12:46:27 +0100 [thread overview]
Message-ID: <20220117114627.ji5cyqxkca6bmiaf@sirius.home.kraxel.org> (raw)
In-Reply-To: <MW4PR11MB5872F7FE1CD55B75691C9F348C6A9@MW4PR11MB5872.namprd11.prod.outlook.com>
Hi,
I've continued working on this over the last weeks. Time for a status
update. All applies to the latest tree, sneak preview is here:
https://github.com/kraxel/edk2/commits/openssl3
> Also, assuming you have done enough test, would you please provide:
> 1) size difference, Including PEI, SMM, DXE.
No changes in SEC and PEI. DXE:
openssl 1.1
- 399582 SecureBootConfigDxe
- 472182 SecurityStubDxe
- 532626 VariableSmm
- 656382 TlsDxe
openssl 3.0
+ 809886 SecureBootConfigDxe
+ 912310 SecurityStubDxe
+ 970898 VariableSmm
+ 1125758 TlsDxe
Most of that seems to come from some openssl core changes (the new
'provider' concept) and I don't see an easy way to cut that down.
That is with the same feature set we have right now (i.e. no elliptic
curves and thus no TLS 1.3 support).
> 2) performance difference, Including PEI, SMM, DXE.
Suggestions how to measure that?
> 3) what unit test you have done (such as each crypto API)
CryptoPkg/UnitTest passes.
> 4) what system test you have done (such as secure boot, trusted boot)
Secure boot works.
TlsDxe (boot from https server) works.
TPM not tested yet.
I still have a bunch of failures in CI, for some of them I'm not sure
how to handle them best:
(1) 32-bit builds on windows fail:
INFO - OpensslLibCrypto.lib(rsa_lib.obj) : error LNK2001: unresolved external symbol __allmul
INFO - OpensslLibCrypto.lib(rsa_lib.obj) : error LNK2001: unresolved external symbol __aulldiv
INFO - OpensslLibCrypto.lib(bio_print.obj) : error LNK2001: unresolved external symbol __aulldvrm
INFO - OpensslLibCrypto.lib(bio_print.obj) : error LNK2001: unresolved external symbol __ftol2_sse
Those symbols look like they reference helper functions to do 64bit math
on 32bit architecture. Any hints how to fix that?
(2) va_arg is not working with floats due to SEE being disabled:
INFO - /home/vsts/work/1/s/CryptoPkg/Library/OpensslLib/openssl/crypto/bio/bio_print.c:265:28: error: SSE register argument with SSE disabled
INFO - fvalue = va_arg(args, LDOUBLE);
I can't see a way to fix that given that va_arg typically refers to a
compiler builtin so I don't think there is a way to declare that a
EFIAPI function to change the calling convention. Not all builds fail
though, possibly because the compiler inlines with optimization turned
on.
Suggestions anyone?
(3) Some NOOPT builds are failing due to the size growing ...
take care,
Gerd
next prev parent reply other threads:[~2022-01-17 11:47 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-03 16:07 [PATCH 00/24] CryptoPkg/openssl: update openssl submodule to v3.0 Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 01/24] CryptoPkg/openssl: update submodule to 3.0 Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 02/24] CryptoPkg/openssl: process_files.pl: drop UefiAsm.conf Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 03/24] CryptoPkg/openssl: process_files.pl: expand *.a Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 04/24] CryptoPkg/openssl: process_files.pl: set api to 1.1.1 Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 05/24] CryptoPkg/openssl: process_files.pl: change config header handling Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 06/24] CryptoPkg/openssl: process_files.pl: provider headers Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 07/24] CryptoPkg/openssl: process_files.pl: skip unused files Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 08/24] CryptoPkg/openssl: process_files.pl: clean up when done Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 09/24] CryptoPkg/openssl: process_files.pl: filter out crypto/buildinf.h Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 10/24] CryptoPkg/openssl: update generated files Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 11/24] CryptoPkg/BaseCryptLib: no openssl deprecation warnings please Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 12/24] CryptoPkg/BaseCryptLib; adapt CryptSm3.c to openssl 3.0 changes Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 13/24] CryptoPkg/BaseCryptLib: add more bio print dummies Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 14/24] CryptoPkg/openssl: adapt rand_pool.c to openssl 3.0 changes Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 15/24] CryptoPkg/openssl: add dummy file store Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 16/24] CryptoPkg/openssl: move compiler_flags to buildinf.c Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 17/24] CryptoPkg/CrtLibSupport: add fcntl.h Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 18/24] CryptoPkg/CrtLibSupport: add strstr() Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 19/24] CryptoPkg/CrtLibSupport: add INT_MIN Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 20/24] CryptoPkg/CrtLibSupport: add UINT_MAX Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 21/24] CryptoPkg/CrtLibSupport: add MODULESDIR Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 22/24] CryptoPkg/openssl: process_files.pl: copy generated der/*.c source files Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 23/24] CryptoPkg/openssl: add generated files der " Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 24/24] [hack] turn off -Werror Gerd Hoffmann
2021-12-03 16:27 ` [edk2-devel] " Michael D Kinney
2021-12-03 17:57 ` Pedro Falcato
2021-12-03 18:38 ` Michael D Kinney
2021-12-06 7:38 ` Gerd Hoffmann
2021-12-06 7:23 ` Gerd Hoffmann
2021-12-08 8:06 ` Gerd Hoffmann
2021-12-03 16:32 ` [edk2-devel] [PATCH 00/24] CryptoPkg/openssl: update openssl submodule to v3.0 Michael D Kinney
2021-12-03 16:42 ` Yao, Jiewen
2022-01-17 11:46 ` Gerd Hoffmann [this message]
2022-01-18 11:12 ` Yao, Jiewen
2022-01-18 16:12 ` Michael D Kinney
2022-01-21 8:33 ` Gerd Hoffmann
2022-01-21 16:34 ` Michael D Kinney
2022-01-21 8:30 ` Gerd Hoffmann
2022-01-21 16:38 ` Michael D Kinney
2022-01-24 16:24 ` Kilian Kegel
2022-01-24 17:28 ` Michael D Kinney
2022-01-24 19:58 ` Pedro Falcato
2022-01-26 11:02 ` Gerd Hoffmann
2022-01-27 22:26 ` Kilian Kegel
2022-01-28 0:55 ` Andrew Fish
2022-01-28 9:06 ` Pedro Falcato
2022-01-28 10:14 ` Gerd Hoffmann
2022-01-28 11:23 ` Pedro Falcato
2022-01-28 9:51 ` Gerd Hoffmann
2022-01-30 20:17 ` Kilian Kegel
2022-02-01 9:55 ` Gerd Hoffmann
2022-02-02 12:07 ` Kilian Kegel
2022-01-25 20:05 ` Kilian Kegel
2022-01-23 8:41 ` Yao, Jiewen
2021-12-06 8:05 ` Gerd Hoffmann
-- strict thread matches above, loose matches on Subject: below --
2022-01-28 14:07 Gerd Hoffmann
2022-01-28 14:14 ` Gerd Hoffmann
2022-01-28 15:54 ` Pedro Falcato
2022-02-01 9:39 ` Gerd Hoffmann
2022-01-28 16:00 ` Pedro Falcato
2022-01-28 16:12 ` Kilian Kegel
2022-02-01 9:50 ` Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220117114627.ji5cyqxkca6bmiaf@sirius.home.kraxel.org \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox