From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "kraxel@redhat.com" <kraxel@redhat.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>,
"Wang, Jian J" <jian.j.wang@intel.com>,
"Jiang, Guomin" <guomin.jiang@intel.com>,
"Pawel Polawski" <ppolawsk@redhat.com>,
"Lu, XiaoyuX" <xiaoyux.lu@intel.com>
Subject: Re: [edk2-devel] [PATCH 00/24] CryptoPkg/openssl: update openssl submodule to v3.0
Date: Tue, 18 Jan 2022 11:12:00 +0000 [thread overview]
Message-ID: <MW4PR11MB58722CCBB2ADB8BAB39F93288C589@MW4PR11MB5872.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20220117114627.ji5cyqxkca6bmiaf@sirius.home.kraxel.org>
Thank you!
Good result. Comment below:
> -----Original Message-----
> From: kraxel@redhat.com <kraxel@redhat.com>
> Sent: Monday, January 17, 2022 7:46 PM
> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J
> <jian.j.wang@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; Pawel
> Polawski <ppolawsk@redhat.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>
> Subject: Re: [edk2-devel] [PATCH 00/24] CryptoPkg/openssl: update openssl
> submodule to v3.0
>
> Hi,
>
> I've continued working on this over the last weeks. Time for a status
> update. All applies to the latest tree, sneak preview is here:
> https://github.com/kraxel/edk2/commits/openssl3
>
> > Also, assuming you have done enough test, would you please provide:
> > 1) size difference, Including PEI, SMM, DXE.
>
> No changes in SEC and PEI.
[Jiewen] Do you mean the Crypto consumer in PEI has no size difference? Such as
https://github.com/tianocore/edk2/tree/master/SecurityPkg/Tcg/Tcg2Pei ,
https://github.com/tianocore/edk2/tree/master/SecurityPkg/FvReportPei ,
https://github.com/tianocore/edk2/tree/master/SignedCapsulePkg/Universal/RecoveryModuleLoadPei linking https://github.com/tianocore/edk2/tree/master/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256.
DXE:
>
> openssl 1.1
> - 399582 SecureBootConfigDxe
> - 472182 SecurityStubDxe
> - 532626 VariableSmm
> - 656382 TlsDxe
>
> openssl 3.0
> + 809886 SecureBootConfigDxe
> + 912310 SecurityStubDxe
> + 970898 VariableSmm
> + 1125758 TlsDxe
>
> Most of that seems to come from some openssl core changes (the new
> 'provider' concept) and I don't see an easy way to cut that down.
>
> That is with the same feature set we have right now (i.e. no elliptic
> curves and thus no TLS 1.3 support).
[Jiewen] It almost doubles the size, which will becomes a big challenge for openssl3.0 adoption.
>
> > 2) performance difference, Including PEI, SMM, DXE.
>
> Suggestions how to measure that?
[Jiewen] Please just write an app to call the crypto API, multiple times.
https://github.com/tianocore/edk2/tree/master/CryptoPkg/Test/UnitTest/Library/BaseCryptLib
I think we can focus on SHA256/RSA2048 + AES, which is used in secure boot, and HTTPS boot.
>
> > 3) what unit test you have done (such as each crypto API)
>
> CryptoPkg/UnitTest passes.
[Jiewen] Good enough.
>
> > 4) what system test you have done (such as secure boot, trusted boot)
>
> Secure boot works.
> TlsDxe (boot from https server) works.
> TPM not tested yet.
[Jiewen] Good enough. TPM only includes HASH. I am not too worry about that.
>
>
> I still have a bunch of failures in CI, for some of them I'm not sure
> how to handle them best:
>
> (1) 32-bit builds on windows fail:
>
> INFO - OpensslLibCrypto.lib(rsa_lib.obj) : error LNK2001: unresolved external
> symbol __allmul
> INFO - OpensslLibCrypto.lib(rsa_lib.obj) : error LNK2001: unresolved external
> symbol __aulldiv
> INFO - OpensslLibCrypto.lib(bio_print.obj) : error LNK2001: unresolved external
> symbol __aulldvrm
> INFO - OpensslLibCrypto.lib(bio_print.obj) : error LNK2001: unresolved external
> symbol __ftol2_sse
>
> Those symbols look like they reference helper functions to do 64bit math
> on 32bit architecture. Any hints how to fix that?
[Jiewen] Please add them to https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/IntrinsicLib
>
>
> (2) va_arg is not working with floats due to SEE being disabled:
>
> INFO -
> /home/vsts/work/1/s/CryptoPkg/Library/OpensslLib/openssl/crypto/bio/bio_pri
> nt.c:265:28: error: SSE register argument with SSE disabled
> INFO - fvalue = va_arg(args, LDOUBLE);
>
> I can't see a way to fix that given that va_arg typically refers to a
> compiler builtin so I don't think there is a way to declare that a
> EFIAPI function to change the calling convention. Not all builds fail
> though, possibly because the compiler inlines with optimization turned
> on.
>
> Suggestions anyone?
[Jiewen] This seems infrastructure issue.
Any suggestion, Mike ?
>
>
> (3) Some NOOPT builds are failing due to the size growing ...
[Jiewen] Size becomes big challenge...
Have you tried to use https://github.com/tianocore/edk2/tree/master/CryptoPkg/Driver solution?
>
>
> take care,
> Gerd
next prev parent reply other threads:[~2022-01-18 11:12 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-03 16:07 [PATCH 00/24] CryptoPkg/openssl: update openssl submodule to v3.0 Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 01/24] CryptoPkg/openssl: update submodule to 3.0 Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 02/24] CryptoPkg/openssl: process_files.pl: drop UefiAsm.conf Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 03/24] CryptoPkg/openssl: process_files.pl: expand *.a Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 04/24] CryptoPkg/openssl: process_files.pl: set api to 1.1.1 Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 05/24] CryptoPkg/openssl: process_files.pl: change config header handling Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 06/24] CryptoPkg/openssl: process_files.pl: provider headers Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 07/24] CryptoPkg/openssl: process_files.pl: skip unused files Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 08/24] CryptoPkg/openssl: process_files.pl: clean up when done Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 09/24] CryptoPkg/openssl: process_files.pl: filter out crypto/buildinf.h Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 10/24] CryptoPkg/openssl: update generated files Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 11/24] CryptoPkg/BaseCryptLib: no openssl deprecation warnings please Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 12/24] CryptoPkg/BaseCryptLib; adapt CryptSm3.c to openssl 3.0 changes Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 13/24] CryptoPkg/BaseCryptLib: add more bio print dummies Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 14/24] CryptoPkg/openssl: adapt rand_pool.c to openssl 3.0 changes Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 15/24] CryptoPkg/openssl: add dummy file store Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 16/24] CryptoPkg/openssl: move compiler_flags to buildinf.c Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 17/24] CryptoPkg/CrtLibSupport: add fcntl.h Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 18/24] CryptoPkg/CrtLibSupport: add strstr() Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 19/24] CryptoPkg/CrtLibSupport: add INT_MIN Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 20/24] CryptoPkg/CrtLibSupport: add UINT_MAX Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 21/24] CryptoPkg/CrtLibSupport: add MODULESDIR Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 22/24] CryptoPkg/openssl: process_files.pl: copy generated der/*.c source files Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 23/24] CryptoPkg/openssl: add generated files der " Gerd Hoffmann
2021-12-03 16:07 ` [PATCH 24/24] [hack] turn off -Werror Gerd Hoffmann
2021-12-03 16:27 ` [edk2-devel] " Michael D Kinney
2021-12-03 17:57 ` Pedro Falcato
2021-12-03 18:38 ` Michael D Kinney
2021-12-06 7:38 ` Gerd Hoffmann
2021-12-06 7:23 ` Gerd Hoffmann
2021-12-08 8:06 ` Gerd Hoffmann
2021-12-03 16:32 ` [edk2-devel] [PATCH 00/24] CryptoPkg/openssl: update openssl submodule to v3.0 Michael D Kinney
2021-12-03 16:42 ` Yao, Jiewen
2022-01-17 11:46 ` Gerd Hoffmann
2022-01-18 11:12 ` Yao, Jiewen [this message]
2022-01-18 16:12 ` Michael D Kinney
2022-01-21 8:33 ` Gerd Hoffmann
2022-01-21 16:34 ` Michael D Kinney
2022-01-21 8:30 ` Gerd Hoffmann
2022-01-21 16:38 ` Michael D Kinney
2022-01-24 16:24 ` Kilian Kegel
2022-01-24 17:28 ` Michael D Kinney
2022-01-24 19:58 ` Pedro Falcato
2022-01-26 11:02 ` Gerd Hoffmann
2022-01-27 22:26 ` Kilian Kegel
2022-01-28 0:55 ` Andrew Fish
2022-01-28 9:06 ` Pedro Falcato
2022-01-28 10:14 ` Gerd Hoffmann
2022-01-28 11:23 ` Pedro Falcato
2022-01-28 9:51 ` Gerd Hoffmann
2022-01-30 20:17 ` Kilian Kegel
2022-02-01 9:55 ` Gerd Hoffmann
2022-02-02 12:07 ` Kilian Kegel
2022-01-25 20:05 ` Kilian Kegel
2022-01-23 8:41 ` Yao, Jiewen
2021-12-06 8:05 ` Gerd Hoffmann
-- strict thread matches above, loose matches on Subject: below --
2022-01-28 14:07 Gerd Hoffmann
2022-01-28 14:14 ` Gerd Hoffmann
2022-01-28 15:54 ` Pedro Falcato
2022-02-01 9:39 ` Gerd Hoffmann
2022-01-28 16:00 ` Pedro Falcato
2022-01-28 16:12 ` Kilian Kegel
2022-02-01 9:50 ` Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MW4PR11MB58722CCBB2ADB8BAB39F93288C589@MW4PR11MB5872.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox