Re: [PATCH 00/24] CryptoPkg/openssl: update openssl submodule to v3.0


Gerd Hoffmann
 

No changes in SEC and PEI.
[Jiewen] Do you mean the Crypto consumer in PEI has no size difference? Such as
https://github.com/tianocore/edk2/tree/master/SecurityPkg/Tcg/Tcg2Pei ,
https://github.com/tianocore/edk2/tree/master/SecurityPkg/FvReportPei ,
https://github.com/tianocore/edk2/tree/master/SignedCapsulePkg/Universal/RecoveryModuleLoadPei linking https://github.com/tianocore/edk2/tree/master/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256.
PEI has this (OvmfIa32X64Pkg build):

7062 TpmMmioSevDecryptPei
7830 StatusCodeHandlerPei
7902 ReportStatusCodeRouterPei
8470 FaultTolerantWritePei
9734 SmmAccessPei
11206 Tcg2ConfigPei
11842 PeiVariable
14730 Tcg2PlatformPei
17274 TcgPei
18438 S3Resume2Pei
18682 DxeIpl
18938 PcdPeim
38014 CpuMpPei
39554 PlatformPei
45050 PeiCore
49274 Tcg2Pei

No size change for Tcg2Pei.

The other modules are not there. Seems they are related to firmware
updates. We don't have that on ovmf as we can simply update the
firmware image files on the host machine ...

Is there some target I could use to test-build those modules?

INFO - OpensslLibCrypto.lib(rsa_lib.obj) : error LNK2001: unresolved external
symbol __allmul
INFO - OpensslLibCrypto.lib(rsa_lib.obj) : error LNK2001: unresolved external
symbol __aulldiv
INFO - OpensslLibCrypto.lib(bio_print.obj) : error LNK2001: unresolved external
symbol __aulldvrm
INFO - OpensslLibCrypto.lib(bio_print.obj) : error LNK2001: unresolved external
symbol __ftol2_sse

Those symbols look like they reference helper functions to do 64bit math
on 32bit architecture. Any hints how to fix that?
[Jiewen] Please add them to https://github.com/tianocore/edk2/tree/master/CryptoPkg/Library/IntrinsicLib
Any hints where I could get them? Given this happens on windows builds
it's probably somewhere in the microsoft standard C library? Is that
available as open source somewhere?

(3) Some NOOPT builds are failing due to the size growing ...
[Jiewen] Size becomes big challenge...
Have you tried to use https://github.com/tianocore/edk2/tree/master/CryptoPkg/Driver solution?
Seems the idea is to have only one openssl copy in the dxe image by
calling a protocol instead of linking a lib. Makes sense.

Is this documented somewhere? Is there some easy way to use that as
drop-in replacement? Or do we have to change all crypto users to call
the driver instead of linking the lib?

take care,
Gerd

Join devel@edk2.groups.io to automatically receive all group messages.