From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 by mx.groups.io with SMTP id smtpd.web10.23303.1678464411958619231
 for <devel@edk2.groups.io>;
 Fri, 10 Mar 2023 08:06:52 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=aHD5UXaV;
 spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: jiewen.yao@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1678464411; x=1710000411;
  h=from:to:subject:date:message-id:references:in-reply-to:
   content-transfer-encoding:mime-version;
  bh=eRKzXu/aw2UQMQimiyN0FZgYftnsy30XOw5Aa1bCYRU=;
  b=aHD5UXaVsYn3m5Of8SRAW4zRmxI0g5f7zhXkHxOVd6JCrEWuUBOwMm1X
   MtatozRYwt8d/SlkMbkQRqHwDlvznQUzP+HsnqqUPoUNtq7mLEDgZ5RpF
   GBQgHPAwwPT/4evwaF7GLgDgCuGJUgbpUI24eR/IkzeShnZ6RHcEYUxoZ
   wb+5TY3+Ihrw5uHdEZt00JCWkbCwzeerQRIgJ4QvwFBgbxpGW0bGNLdf9
   dlLq/3mhkgYpXQE2VpRCWBhOS9I2doa0U5bCaXWTO44emlcG3I62Fzbqn
   SYTBQOl/2F+lV46XoIWlRkQ0Myx2Wi9FmBlLA3djZUQ1Xu8PC0N1ftyjU
   A==;
X-IronPort-AV: E=McAfee;i="6500,9779,10645"; a="364414806"
X-IronPort-AV: E=Sophos;i="5.98,250,1673942400"; 
   d="scan'208";a="364414806"
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Mar 2023 08:06:28 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6500,9779,10645"; a="680250288"
X-IronPort-AV: E=Sophos;i="5.98,250,1673942400"; 
   d="scan'208";a="680250288"
Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14])
  by fmsmga007.fm.intel.com with ESMTP; 10 Mar 2023 08:06:28 -0800
Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by
 ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.21; Fri, 10 Mar 2023 08:06:28 -0800
Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by
 orsmsx612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.21 via Frontend Transport; Fri, 10 Mar 2023 08:06:28 -0800
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.48) by
 edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.21; Fri, 10 Mar 2023 08:06:28 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=goGD8TKsKihTSGbAD02XDeHerzho3JNyrk+NbsrxdmgXc2jXdt9aJW8YfM5pRVjLC7cJq0nZq9g1G41UpnO4T4HVp587XriXl0RvgKyTjB/8T+7BsOrVHa7ImUSmPKV5UYXGbAT8lyAXmSjrqzyLra/+XM+l6LY0CVpYRldruXuIPtJuP/N2oX4iFVu+y5JElib2rR2P6DbQBSO1UPYrTGNzgtNNoVzhYpWEFYwjaxiE3KwLl+OQ/K/G+2iJUBk0rqp5fjibjqKovXc0rTQsQTmtlG0aQF0UG8XsAhz35r/JRnzSL69etcvT1q11PnqAcstKC82dNEF/s6GBTOoKvw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=VWCihm7ZWLKY6cO827M746zCjeJrxRFj8h1/Txrj2iI=;
 b=jDgD5ZmSJtqTldTo8puLXmBDoosLGbllQl5vWoght/SJj2yihWYxFcJT6yPCAs5ibt5q8skBrhwvXmYgkiHFFkxmbUu0nd/5U18UscUPcC4Uw8rHMx3DB6ZU08wIGnVxLsgVL7Vv2G8ILN6vpnNojZlOxnMScWcY7/CkIvvRpjbfru+DA2O+S6XG1j81ushJRraffZtQGyJmDMimA+jb5wj8+u7vrKpAB7y86V6bSwcSW0l5szYIWPLMxFtizLvEmxlMVBkj18Feql4Xns52mKiecG3G1/KzSrGt5JNwUjaE8AukH00Zfq3DyG41AW1O7gXkLTFZCK0hV4v0MjGM7A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14)
 by SA1PR11MB7016.namprd11.prod.outlook.com (2603:10b6:806:2b6::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.19; Fri, 10 Mar
 2023 16:06:26 +0000
Received: from MW4PR11MB5872.namprd11.prod.outlook.com
 ([fe80::96f4:ad8:3fb9:b60d]) by MW4PR11MB5872.namprd11.prod.outlook.com
 ([fe80::96f4:ad8:3fb9:b60d%9]) with mapi id 15.20.6156.028; Fri, 10 Mar 2023
 16:06:26 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "kraxel@redhat.com" <kraxel@redhat.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
Subject: Re: [edk2-devel] [RFC] [staging/CryptoLibrary] Openssl1.1 replacement proposal
Thread-Topic: [edk2-devel] [RFC] [staging/CryptoLibrary] Openssl1.1
 replacement proposal
Thread-Index: Adk4csuO07OjcS6ETc6HFXunhAS8NwAB5MAQAM4azwAAIGT4AABigKWABWMt8TAABzlQAAAAEs5w
Date: Fri, 10 Mar 2023 16:06:26 +0000
Message-ID: <MW4PR11MB58722C98D98CBCC4624C8B7E8CBA9@MW4PR11MB5872.namprd11.prod.outlook.com>
References: <MW4PR11MB58723F4FCC357DCDADBFEE238CD49@MW4PR11MB5872.namprd11.prod.outlook.com>
 <MW4PR11MB58721619F00F0D9E3D47F7698CD49@MW4PR11MB5872.namprd11.prod.outlook.com>
 <20230208114506.otktqepwuapbxgf6@sirius.home.kraxel.org>
 <174209E894D5CF7F.15261@groups.io> <1742A3BAD41DE0F1.13814@groups.io>
 <MW4PR11MB5872A4FFCE1F3F0C8270B13E8CBA9@MW4PR11MB5872.namprd11.prod.outlook.com>
 <20230310155008.6vah5svjaavroe2y@sirius.home.kraxel.org>
In-Reply-To: <20230310155008.6vah5svjaavroe2y@sirius.home.kraxel.org>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|SA1PR11MB7016:EE_
x-ms-office365-filtering-correlation-id: c11edc51-b436-474a-b27e-08db218166f7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: bNX5DhBuozwiXZYSKSIm1Kdb/fwLpKzifVzn8bIfI34jWxZX7BBeX5p199l0AdaQJhEqL8fdEcK1AX+l50e1B0qFRtMsOpJsZZoD69riQViNnGtfqIIs8yJgNQflFB1vo5QMnwHqU3moOsxOyVBjZtMLL2l7iIUlon7jbH8FrWNOo3RG2ZQGKVy3ognS6NSTxGSGqWuH55tOs7Kk73LYefvGgb6MwVQ/IsyXfwDkdramBtPbB53OJY4wcxN7I7IZP6towTQ3kDv5hdr+UeDblxf49wU/Y6G6E4V1i9CPRz89BMZVumLovjxRa786Pa217+kkRQIch5yO+VHyvo7Ly4rTJrva+cE9U/UN7AMb0IVH1IRsJI8y8erD+vONVf28INbqU+kJsZp5oobc0wHm9nRQ/8gNG8ALqAVob6gmq1zyEwtsfUQSA3soCmpOjk9Zf1imlh7B8s9OD8JeQO31NaaG3y8n/ajTc8S/0tLBVK2rKgxZl5OgN4VOwQiaAph9bM5szJ3JhhG1o1ztV4bfHEJ1saVDVf/tKRnJyF6Z7hgbXTjJpKTolWlRyr6QyTvm6PXjDaJb4XAr0VxNUde0oqo4XAU2NO+j+/OL4GiUZ3sViD7Z5AnpKm1mRmMwLhOvAsAQ6RtHKw9KmSAcbQswJvvJQKTcraDbS9+8NOLdDNpzpq5zcUa42+kNSG+tTK0I0fxiyb3bhxxVVAgGcNn32i2J01twO3iNcgeWUHeSfwk=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(376002)(39860400002)(366004)(396003)(346002)(136003)(451199018)(26005)(966005)(6506007)(9686003)(53546011)(83380400001)(186003)(71200400001)(316002)(66446008)(66946007)(64756008)(8676002)(66476007)(66556008)(110136005)(76116006)(122000001)(82960400001)(41300700001)(5660300002)(8936002)(2906002)(7696005)(52536014)(38100700002)(38070700005)(86362001)(478600001)(55016003)(33656002);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?SIOQtHOXCuKQaLgT01SHda6h4YA4/BlbKIjHetNR8wvKKeIkgUX3bUVmexXY?=
 =?us-ascii?Q?DIBpwLR4Okf7DsS8UAV345VkyDWbIw7JBp8weFVYoJ2EoDD9sTGbNug7LxVR?=
 =?us-ascii?Q?ydGEOuBAp4lzqDEw/cU1hLw39uoAuSMvqv9hWi5rRcWvPskBiHWhrhjjntED?=
 =?us-ascii?Q?Znsk8pxcqf+vGXn6csNSBHoGx5Uil6mmxjISszrTcSAZRpvIlU/opmK9Psy/?=
 =?us-ascii?Q?wLSS6YPX7/S/22btIUKriG12004lo0Jmo7FXvUDbKtyEve9bJ+qiRaeIOV9o?=
 =?us-ascii?Q?v70N+NnKYrBupXUfPyCeeI4XDG2llSd/a9fD+SRlFRas22q4NMxG9yJJG3Cu?=
 =?us-ascii?Q?yjB0fUbx4oaQPaw6SvpSwEcR0EA3guLMiXuV8JgCjAPXOMzL2v9L7MkUXlpx?=
 =?us-ascii?Q?2I3SKavH0BhFGmedRQIVllLqFRZyRIPLRELztMM3KAL7hWKznnN0VrBGegxj?=
 =?us-ascii?Q?MBapvrwvLZH6R9/E128tGUEMslYaxbmbao4CGeasNQ9OSjMarapEn3TbINzY?=
 =?us-ascii?Q?MmCo8v4fqjRReUskrV/HcqAiEeHjJppAuV4CazgDEsgbgsqq+vP0Z2Hr2+E8?=
 =?us-ascii?Q?lJRQn7Fsv7autLMBMgnrTJx49239zQc73zReUr0AoU62cvEwmrEkiP6i4DL/?=
 =?us-ascii?Q?4JCDrOXq7kFJI9UV9o8//1CHnFWeCGMJxGyvFbqd0lpx28mgYGK/QvCUocCf?=
 =?us-ascii?Q?enynKjdAF11jN+3llLC8ojhRYEzWSz/8BaMRGKgN8Zu0avEXJdyK7ogyf88Q?=
 =?us-ascii?Q?C+5lDf8s2lbKXM38CzhMXZCYDb2vAXiqdMoLfKl0RfY7lhg27kmwFl5gmoIt?=
 =?us-ascii?Q?SbZY+zMmPg204XEA5knM40aywhPU+atwL8JM1UgZzsBo4fk6WblTbeJgLzgy?=
 =?us-ascii?Q?PXHxF80fw4qZFIjAXkStN+n3P8o/ksqFsrpoZ7Q7P2O0Q0GJQR9ICLFM3cep?=
 =?us-ascii?Q?pP/kohBRPcu3w+OsM9xOS2kFzCLcGg79UaHjrGk4lrqFyBXh3wd9Qv2s1a1R?=
 =?us-ascii?Q?LndqhQ53i5MTXOn1a/R3RUOhVHc28I0r/Q0DzFQ2picxzq9epRQi9QesO27k?=
 =?us-ascii?Q?UQ6cVVmT7yyShW4vBBA1SfWP+7eLd92ZEn8Q6+9vyTsdxHxArzIgsNDC01FQ?=
 =?us-ascii?Q?MeJY4ERavAu/Olbtyz99JcDBUF2qFzAt47yqwXYnKJopau1PkEaaTJTfGDxP?=
 =?us-ascii?Q?7CHQ3XuW3UzRf7zRMIHr7qeldvnZCKC3WbCa3fUsmsVcmYLfBp/8fkxwSvlW?=
 =?us-ascii?Q?mq7sQwKcDUPqvTjpfV1C+WCfU58RvWyHCDVJu1A2ac3sfLNqz1BXlAXqnp+i?=
 =?us-ascii?Q?oIBDDxyY6Jd4rUXKzBlLm/HHmP00Fr+4zsJUKiaEEfKq3a2JEl+9gOQaJRp1?=
 =?us-ascii?Q?Lwv8yMkJgS45dCuO8LKgnusDMAhQ27fCDSPBvSxFiHddppm/Hzib9FAiPN5Y?=
 =?us-ascii?Q?QIXZYq3g/bOlLBibDycrUdFg17XrtgjGN4ttBwuYwD0IYE0qIAwiFvBazU/N?=
 =?us-ascii?Q?DcmVP4p3tr+YD4AyEidYfOgPdfFrlHRAuIRrAz5Ab9fBfiJOfSWKSSo4W9nG?=
 =?us-ascii?Q?bBk7KtVxvdGnh9XkiYAFlc0hj0iwxxD98Pa/3LvJ?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c11edc51-b436-474a-b27e-08db218166f7
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Mar 2023 16:06:26.4751
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: HpcnZ7zFd8qrBny0pWfSJPh7iBa4iioDdPMnG37lV8IlOz9+q/0PgRmchIgc/WjPInPYtuJXBsVHOyAfQ/BniQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR11MB7016
Return-Path: jiewen.yao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi Gerd
I have asked in my previous email in Feb 11, 20 - https://edk2.groups.io/g/=
devel/message/100040
> Hi Gerd
> If you don't mind, please submit your latest openssl-3.0 patch to the sta=
ging for broader evaluation and improvement.
Unfortunately, I do not see any response or action.

The staging tree is for POC purpose, there is no requirement to pass CI. Pl=
ease don't worry about that at this moment.

With that clarification, please allow me to ask again, would you please to =
submit your latest work to staging, if you see something is missing?

All in all, I do hope we can work on the same tree to keep improving.

Thank you
Yao, Jiewen


> -----Original Message-----
> From: kraxel@redhat.com <kraxel@redhat.com>
> Sent: Friday, March 10, 2023 11:50 PM
> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>
> Subject: Re: [edk2-devel] [RFC] [staging/CryptoLibrary] Openssl1.1
> replacement proposal
>=20
> On Fri, Mar 10, 2023 at 12:28:54PM +0000, Yao, Jiewen wrote:
> > Hello
> > We have created initial POC version CryptoPkg upgrade.
> >
> > OpenSSL 3.0 POC: https://github.com/tianocore/edk2-
> staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md
> > The size is reduced a lots. But it still exceeds some platforms.
>=20
> I've already mentioned the branch in the cover letter of the openssl
> hash series (https://edk2.groups.io/g/devel/message/100123), but
> apparently it went unnoticed, there are lots of commits from my old
> branch in there ...
>=20
> Anyway, my latest branch (just rebased to master) is here:
>=20
> https://github.com/kraxel/edk2/commits/openssl3
>=20
> Doesn't (yet) pass CI, most failures are on IA32 due to missing
> compiler intrinsics.
>=20
> I've put the configuration system upside-down, replaced the
> process_files.pl script with python.  All generated files are
> placed in a new 'openssl-gen' subdirectory, no matter whenever
> they are header files, C files or asm files.
>=20
> Some code changes are needed for openssl 3.0, those are mostly
> unchanged when comparing to my ~1y old branch.  Exceptions are
> some EC-related changes.
>=20
> Acceleration support has been expanded to also cover AARCH64
> with GCC5.
>=20
> The old openssl-1.1 apparently tries to avoid adding support
> for avx for asm acceleration, by taking care that nasm is not
> in the path.  That trick will surely will not work with
> openssl-3.0 as openssl has learned to generate avx instructions
> for other assemblers meanwhile.
>=20
> Is there some specific reason for that?
> Compatibility with toolchains without avx support?
> Or is firmware not allowed to use avx instructions?
>=20
> In case of the latter we probably have to add a 'no-avx' config option
> to upstream openssl, similiar to the 'no-sse2' option which already
> exists.
>=20
> take care,
>   Gerd