From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by mx.groups.io with SMTP id smtpd.web12.9320.1642753845554600315
 for <devel@edk2.groups.io>;
 Fri, 21 Jan 2022 00:30:46 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=D6a8TE5g;
 spf=pass (domain: redhat.com, ip: 170.10.129.124, mailfrom: kraxel@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1642753844;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=OVIdKhHauziQw+RZyHR37cdCNCD0QOw3nTEmvycL+wQ=;
	b=D6a8TE5gxV1jEaISCcjfVUDrtmYyLf9nL1jM9WlLrf5ErE10LGeWMDjqLKozKBVvqqBrTL
	usR0hl8zBcyYcY/oDwKqkBpTLdVDDT/K/067oxd98XNl1NoYH1ZP7wW3WiusT8ZXCVme6j
	YmPFW0/m7OY5xSh3T9fh5HE5KAKZ2qs=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-369-URqTJUkDMne7kPEPgae2cw-1; Fri, 21 Jan 2022 03:30:38 -0500
X-MC-Unique: URqTJUkDMne7kPEPgae2cw-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4471269748;
	Fri, 21 Jan 2022 08:30:37 +0000 (UTC)
Received: from sirius.home.kraxel.org (unknown [10.39.193.47])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 096624F87C;
	Fri, 21 Jan 2022 08:30:36 +0000 (UTC)
Received: by sirius.home.kraxel.org (Postfix, from userid 1000)
	id 4BDAB180009C; Fri, 21 Jan 2022 09:30:35 +0100 (CET)
Date: Fri, 21 Jan 2022 09:30:35 +0100
From: "Gerd Hoffmann" <kraxel@redhat.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>,
	"Wang, Jian J" <jian.j.wang@intel.com>,
	"Jiang, Guomin" <guomin.jiang@intel.com>,
	Pawel Polawski <ppolawsk@redhat.com>,
	"Lu, XiaoyuX" <xiaoyux.lu@intel.com>
Subject: Re: [edk2-devel] [PATCH 00/24] CryptoPkg/openssl: update openssl submodule to v3.0
Message-ID: <20220121083035.dsqzu3akshonliza@sirius.home.kraxel.org>
References: <20211203160748.866150-1-kraxel@redhat.com>
 <CO1PR11MB492971FF08656705C08844A8D26A9@CO1PR11MB4929.namprd11.prod.outlook.com>
 <MW4PR11MB5872F7FE1CD55B75691C9F348C6A9@MW4PR11MB5872.namprd11.prod.outlook.com>
 <20220117114627.ji5cyqxkca6bmiaf@sirius.home.kraxel.org>
 <MW4PR11MB58722CCBB2ADB8BAB39F93288C589@MW4PR11MB5872.namprd11.prod.outlook.com>
MIME-Version: 1.0
In-Reply-To: <MW4PR11MB58722CCBB2ADB8BAB39F93288C589@MW4PR11MB5872.namprd11.prod.outlook.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

> > No changes in SEC and PEI.
> [Jiewen] Do you mean the Crypto consumer in PEI has no size difference? Such as
> https://github.com/tianocore/edk2/tree/master/SecurityPkg/Tcg/Tcg2Pei ,
> https://github.com/tianocore/edk2/tree/master/SecurityPkg/FvReportPei ,
> https://github.com/tianocore/edk2/tree/master/SignedCapsulePkg/Universal/RecoveryModuleLoadPei linking https://github.com/tianocore/edk2/tree/master/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256.

PEI has this (OvmfIa32X64Pkg build):

    7062 TpmMmioSevDecryptPei
    7830 StatusCodeHandlerPei
    7902 ReportStatusCodeRouterPei
    8470 FaultTolerantWritePei
    9734 SmmAccessPei
   11206 Tcg2ConfigPei
   11842 PeiVariable
   14730 Tcg2PlatformPei
   17274 TcgPei
   18438 S3Resume2Pei
   18682 DxeIpl
   18938 PcdPeim
   38014 CpuMpPei
   39554 PlatformPei
   45050 PeiCore
   49274 Tcg2Pei

No size change for Tcg2Pei.

The other modules are not there.  Seems they are related to firmware
updates.  We don't have that on ovmf as we can simply update the
firmware image files on the host machine ...

Is there some target I could use to test-build those modules?

> > INFO - OpensslLibCrypto.lib(rsa_lib.obj) : error LNK2001: unresolved external
> > symbol __allmul
> > INFO - OpensslLibCrypto.lib(rsa_lib.obj) : error LNK2001: unresolved external
> > symbol __aulldiv
> > INFO - OpensslLibCrypto.lib(bio_print.obj) : error LNK2001: unresolved external
> > symbol __aulldvrm
> > INFO - OpensslLibCrypto.lib(bio_print.obj) : error LNK2001: unresolved external
> > symbol __ftol2_sse
> > 
> > Those symbols look like they reference helper functions to do 64bit math
> > on 32bit architecture.  Any hints how to fix that?
> [Jiewen] Please add them to https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/IntrinsicLib

Any hints where I could get them?  Given this happens on windows builds
it's probably somewhere in the microsoft standard C library?  Is that
available as open source somewhere?

> > (3) Some NOOPT builds are failing due to the size growing ...
> [Jiewen] Size becomes big challenge...
> Have you tried to use https://github.com/tianocore/edk2/tree/master/CryptoPkg/Driver solution?

Seems the idea is to have only one openssl copy in the dxe image by
calling a protocol instead of linking a lib.  Makes sense.

Is this documented somewhere?  Is there some easy way to use that as
drop-in replacement?  Or do we have to change all crypto users to call
the driver instead of linking the lib?

take care,
  Gerd