Hi,
I've continued working on this over the last weeks. Time for a status
update. All applies to the latest tree, sneak preview is here:
https://github.com/kraxel/edk2/commits/openssl3
> Also, assuming you have done enough test, would you please provide:
> 1) size difference, Including PEI, SMM, DXE.
No changes in SEC and PEI. DXE:
openssl 1.1
- 399582 SecureBootConfigDxe
- 472182 SecurityStubDxe
- 532626 VariableSmm
- 656382 TlsDxe
openssl 3.0
+ 809886 SecureBootConfigDxe
+ 912310 SecurityStubDxe
+ 970898 VariableSmm
+ 1125758 TlsDxe
Most of that seems to come from some openssl core changes (the new
'provider' concept) and I don't see an easy way to cut that down.
That is with the same feature set we have right now (i.e. no elliptic
curves and thus no TLS 1.3 support).
> 2) performance difference, Including PEI, SMM, DXE.
Suggestions how to measure that?
> 3) what unit test you have done (such as each crypto API)
CryptoPkg/UnitTest passes.
> 4) what system test you have done (such as secure boot, trusted boot)
Secure boot works.
TlsDxe (boot from https server) works.
TPM not tested yet.
I still have a bunch of failures in CI, for some of them I'm not sure
how to handle them best:
(1) 32-bit builds on windows fail:
INFO - OpensslLibCrypto.lib(rsa_lib.obj) : error LNK2001: unresolved external
symbol __allmul
INFO - OpensslLibCrypto.lib(rsa_lib.obj) : error LNK2001: unresolved external
symbol __aulldiv
INFO - OpensslLibCrypto.lib(bio_print.obj) : error LNK2001: unresolved external
symbol __aulldvrm
INFO - OpensslLibCrypto.lib(bio_print.obj) : error LNK2001: unresolved external
symbol __ftol2_sse
Those symbols look like they reference helper functions to do 64bit math
on 32bit architecture. Any hints how to fix that?
(2) va_arg is not working with floats due to SEE being disabled:
INFO -
/home/vsts/work/1/s/CryptoPkg/Library/OpensslLib/openssl/crypto/bio/bio_print.c:265:28:
error: SSE register argument with SSE disabled
INFO - fvalue = va_arg(args, LDOUBLE);
I can't see a way to fix that given that va_arg typically refers to a
compiler builtin so I don't think there is a way to declare that a
EFIAPI function to change the calling convention. Not all builds fail
though, possibly because the compiler inlines with optimization turned
on.
Suggestions anyone?
(3) Some NOOPT builds are failing due to the size growing ...
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#85754): https://edk2.groups.io/g/devel/message/85754
Mute This Topic: https://groups.io/mt/87479913/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
