From: "Gerd Hoffmann" <kraxel@redhat.com>
To: devel@edk2.groups.io, jiewen.yao@intel.com
Subject: Re: [edk2-devel] [RFC] [staging/CryptoLibrary] Openssl1.1 replacement proposal
Date: Fri, 10 Mar 2023 16:50:08 +0100 [thread overview]
Message-ID: <20230310155008.6vah5svjaavroe2y@sirius.home.kraxel.org> (raw)
In-Reply-To: <MW4PR11MB5872A4FFCE1F3F0C8270B13E8CBA9@MW4PR11MB5872.namprd11.prod.outlook.com>
On Fri, Mar 10, 2023 at 12:28:54PM +0000, Yao, Jiewen wrote:
> Hello
> We have created initial POC version CryptoPkg upgrade.
>
> OpenSSL 3.0 POC: https://github.com/tianocore/edk2-staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md
> The size is reduced a lots. But it still exceeds some platforms.
I've already mentioned the branch in the cover letter of the openssl
hash series (https://edk2.groups.io/g/devel/message/100123), but
apparently it went unnoticed, there are lots of commits from my old
branch in there ...
Anyway, my latest branch (just rebased to master) is here:
https://github.com/kraxel/edk2/commits/openssl3
Doesn't (yet) pass CI, most failures are on IA32 due to missing
compiler intrinsics.
I've put the configuration system upside-down, replaced the
process_files.pl script with python. All generated files are
placed in a new 'openssl-gen' subdirectory, no matter whenever
they are header files, C files or asm files.
Some code changes are needed for openssl 3.0, those are mostly
unchanged when comparing to my ~1y old branch. Exceptions are
some EC-related changes.
Acceleration support has been expanded to also cover AARCH64
with GCC5.
The old openssl-1.1 apparently tries to avoid adding support
for avx for asm acceleration, by taking care that nasm is not
in the path. That trick will surely will not work with
openssl-3.0 as openssl has learned to generate avx instructions
for other assemblers meanwhile.
Is there some specific reason for that?
Compatibility with toolchains without avx support?
Or is firmware not allowed to use avx instructions?
In case of the latter we probably have to add a 'no-avx' config option
to upstream openssl, similiar to the 'no-sse2' option which already
exists.
take care,
Gerd
next prev parent reply other threads:[~2023-03-10 15:50 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <MW4PR11MB58723F4FCC357DCDADBFEE238CD49@MW4PR11MB5872.namprd11.prod.outlook.com>
2023-02-04 9:25 ` [RFC] [staging/CryptoLibrary] Openssl1.1 replacement proposal Yao, Jiewen
2023-02-04 16:04 ` [edk2-devel] " Marvin Häuser
2023-02-08 11:45 ` Gerd Hoffmann
2023-02-09 3:21 ` Yao, Jiewen
[not found] ` <174209E894D5CF7F.15261@groups.io>
2023-02-11 2:20 ` Yao, Jiewen
[not found] ` <1742A3BAD41DE0F1.13814@groups.io>
2023-03-10 12:28 ` Yao, Jiewen
2023-03-10 15:50 ` Gerd Hoffmann [this message]
2023-03-10 16:06 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230310155008.6vah5svjaavroe2y@sirius.home.kraxel.org \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox