[edk2-devel] [PATCH 0/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64

Zurcher, Christopher J posted 1 patch 4 years ago
Failed in applying to current master (apply log)
CryptoPkg/Library/OpensslLib/OpensslLib.inf                          |    2 +-
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf                    |    2 +-
CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf                      |  680 ++
CryptoPkg/Library/OpensslLib/OpensslLibX64.inf                       |  691 ++
CryptoPkg/Library/Include/openssl/opensslconf.h                      |    3 -
CryptoPkg/Library/OpensslLib/ApiHooks.c                              |   18 +
CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c                 |   34 +
CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/aesni-x86.nasm          | 3209 ++++++++
CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/vpaes-x86.nasm          |  648 ++
CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/bn-586.nasm              | 1522 ++++
CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/co-586.nasm              | 1259 +++
CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-gf2m.nasm            |  352 +
CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-mont.nasm            |  486 ++
CryptoPkg/Library/OpensslLib/Ia32/crypto/des/crypt586.nasm           |  887 +++
CryptoPkg/Library/OpensslLib/Ia32/crypto/des/des-586.nasm            | 1835 +++++
CryptoPkg/Library/OpensslLib/Ia32/crypto/md5/md5-586.nasm            |  690 ++
CryptoPkg/Library/OpensslLib/Ia32/crypto/modes/ghash-x86.nasm        | 1264 +++
CryptoPkg/Library/OpensslLib/Ia32/crypto/rc4/rc4-586.nasm            |  381 +
CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha1-586.nasm           | 3977 ++++++++++
CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha256-586.nasm         | 6796 ++++++++++++++++
CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha512-586.nasm         | 2842 +++++++
CryptoPkg/Library/OpensslLib/Ia32/crypto/x86cpuid.nasm               |  513 ++
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm     | 1772 +++++
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm   | 3271 ++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm | 4709 +++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm        | 5084 ++++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm        | 1170 +++
CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-avx2.nasm            | 1989 +++++
CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-x86_64.nasm          | 2242 ++++++
CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-gf2m.nasm          |  432 +
CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont.nasm          | 1479 ++++
CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont5.nasm         | 4033 ++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/md5/md5-x86_64.nasm          |  794 ++
CryptoPkg/Library/OpensslLib/X64/crypto/modes/aesni-gcm-x86_64.nasm  |  984 +++
CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm      | 2077 +++++
CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-md5-x86_64.nasm      | 1395 ++++
CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-x86_64.nasm          |  784 ++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/keccak1600-x86_64.nasm   |  532 ++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm      | 7581 ++++++++++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm         | 5773 ++++++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm    | 8262 ++++++++++++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm       | 5712 ++++++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm       | 5668 ++++++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm             |  472 ++
CryptoPkg/Library/OpensslLib/process_files.pl                        |  208 +-
CryptoPkg/Library/OpensslLib/uefi-asm.conf                           |   14 +
46 files changed, 94478 insertions(+), 50 deletions(-)
create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf
create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
create mode 100644 CryptoPkg/Library/OpensslLib/ApiHooks.c
create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/aesni-x86.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/vpaes-x86.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/bn-586.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/co-586.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-gf2m.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-mont.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/des/crypt586.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/des/des-586.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/md5/md5-586.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/modes/ghash-x86.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/rc4/rc4-586.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha1-586.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha256-586.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha512-586.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/x86cpuid.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-avx2.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-x86_64.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-gf2m.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont5.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/md5/md5-x86_64.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/modes/aesni-gcm-x86_64.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-md5-x86_64.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-x86_64.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/keccak1600-x86_64.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm
create mode 100644 CryptoPkg/Library/OpensslLib/uefi-asm.conf
[edk2-devel] [PATCH 0/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64
Posted by Zurcher, Christopher J 4 years ago
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507

This patch adds support for building the native instruction algorithms for
IA32 and X64 versions of OpensslLib. The process_files.pl script was modified
to parse the .asm file targets from the OpenSSL build config data struct, and
generate the necessary assembly files for the EDK2 build environment.

For the X64 variant, OpenSSL includes calls to a Windows error handling API,
and that function has been stubbed out in ApiHooks.c.

For all variants, a constructor was added to call the required CPUID function
within OpenSSL to facilitate processor capability checks in the native
algorithms.

Additional native architecture variants should be simple to add by following
the changes made for these two architectures.

The OpenSSL assembly files are traditionally generated at build time using a
perl script. To avoid that burden on EDK2 users, these end-result assembly
files are generated during the configuration steps performed by the package
maintainer (through process_files.pl). The perl generator scripts inside
OpenSSL do not parse file comments as they are only meant to create
intermediate build files, so process_files.pl contains additional hooks to
preserve the copyright headers as well as clean up tabs and line endings to
comply with EDK2 coding standards. The resulting file headers align with
the generated .h files which are already included in the EDK2 repository.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Eugene Cohen <eugene@hp.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Christopher J Zurcher (1):
  CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64

 CryptoPkg/Library/OpensslLib/OpensslLib.inf                          |    2 +-
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf                    |    2 +-
 CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf                      |  680 ++
 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf                       |  691 ++
 CryptoPkg/Library/Include/openssl/opensslconf.h                      |    3 -
 CryptoPkg/Library/OpensslLib/ApiHooks.c                              |   18 +
 CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c                 |   34 +
 CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/aesni-x86.nasm          | 3209 ++++++++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/vpaes-x86.nasm          |  648 ++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/bn-586.nasm              | 1522 ++++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/co-586.nasm              | 1259 +++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-gf2m.nasm            |  352 +
 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-mont.nasm            |  486 ++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/des/crypt586.nasm           |  887 +++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/des/des-586.nasm            | 1835 +++++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/md5/md5-586.nasm            |  690 ++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/modes/ghash-x86.nasm        | 1264 +++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/rc4/rc4-586.nasm            |  381 +
 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha1-586.nasm           | 3977 ++++++++++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha256-586.nasm         | 6796 ++++++++++++++++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha512-586.nasm         | 2842 +++++++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/x86cpuid.nasm               |  513 ++
 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm     | 1772 +++++
 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm   | 3271 ++++++++
 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm | 4709 +++++++++++
 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm        | 5084 ++++++++++++
 CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm        | 1170 +++
 CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-avx2.nasm            | 1989 +++++
 CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-x86_64.nasm          | 2242 ++++++
 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-gf2m.nasm          |  432 +
 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont.nasm          | 1479 ++++
 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont5.nasm         | 4033 ++++++++++
 CryptoPkg/Library/OpensslLib/X64/crypto/md5/md5-x86_64.nasm          |  794 ++
 CryptoPkg/Library/OpensslLib/X64/crypto/modes/aesni-gcm-x86_64.nasm  |  984 +++
 CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm      | 2077 +++++
 CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-md5-x86_64.nasm      | 1395 ++++
 CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-x86_64.nasm          |  784 ++
 CryptoPkg/Library/OpensslLib/X64/crypto/sha/keccak1600-x86_64.nasm   |  532 ++
 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm      | 7581 ++++++++++++++++++
 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm         | 5773 ++++++++++++++
 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm    | 8262 ++++++++++++++++++++
 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm       | 5712 ++++++++++++++
 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm       | 5668 ++++++++++++++
 CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm             |  472 ++
 CryptoPkg/Library/OpensslLib/process_files.pl                        |  208 +-
 CryptoPkg/Library/OpensslLib/uefi-asm.conf                           |   14 +
 46 files changed, 94478 insertions(+), 50 deletions(-)
 create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf
 create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
 create mode 100644 CryptoPkg/Library/OpensslLib/ApiHooks.c
 create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
 create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/aesni-x86.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/vpaes-x86.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/bn-586.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/co-586.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-gf2m.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-mont.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/des/crypt586.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/des/des-586.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/md5/md5-586.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/modes/ghash-x86.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/rc4/rc4-586.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha1-586.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha256-586.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha512-586.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/x86cpuid.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-avx2.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-gf2m.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont5.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/md5/md5-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/modes/aesni-gcm-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-md5-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/keccak1600-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/uefi-asm.conf

-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#55929): https://edk2.groups.io/g/devel/message/55929
Mute This Topic: https://groups.io/mt/72021058/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 0/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64
Posted by Ard Biesheuvel 4 years ago
On Tue, 17 Mar 2020 at 11:26, Christopher J Zurcher
<christopher.j.zurcher@intel.com> wrote:
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507
>
> This patch adds support for building the native instruction algorithms for
> IA32 and X64 versions of OpensslLib. The process_files.pl script was modified
> to parse the .asm file targets from the OpenSSL build config data struct, and
> generate the necessary assembly files for the EDK2 build environment.
>
> For the X64 variant, OpenSSL includes calls to a Windows error handling API,
> and that function has been stubbed out in ApiHooks.c.
>
> For all variants, a constructor was added to call the required CPUID function
> within OpenSSL to facilitate processor capability checks in the native
> algorithms.
>
> Additional native architecture variants should be simple to add by following
> the changes made for these two architectures.
>
> The OpenSSL assembly files are traditionally generated at build time using a
> perl script. To avoid that burden on EDK2 users, these end-result assembly
> files are generated during the configuration steps performed by the package
> maintainer (through process_files.pl). The perl generator scripts inside
> OpenSSL do not parse file comments as they are only meant to create
> intermediate build files, so process_files.pl contains additional hooks to
> preserve the copyright headers as well as clean up tabs and line endings to
> comply with EDK2 coding standards. The resulting file headers align with
> the generated .h files which are already included in the EDK2 repository.
>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Eugene Cohen <eugene@hp.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>
> Christopher J Zurcher (1):
>   CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64
>

Hello Christopher,

It would be helpful to understand the purpose of all this. Also, I
think we could be more picky about which algorithms we enable - DES
and MD5 don't seem highly useful, and even if they were, what do we
gain by using a faster (or smaller?) implementation?




>  CryptoPkg/Library/OpensslLib/OpensslLib.inf                          |    2 +-
>  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf                    |    2 +-
>  CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf                      |  680 ++
>  CryptoPkg/Library/OpensslLib/OpensslLibX64.inf                       |  691 ++
>  CryptoPkg/Library/Include/openssl/opensslconf.h                      |    3 -
>  CryptoPkg/Library/OpensslLib/ApiHooks.c                              |   18 +
>  CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c                 |   34 +
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/aesni-x86.nasm          | 3209 ++++++++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/vpaes-x86.nasm          |  648 ++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/bn-586.nasm              | 1522 ++++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/co-586.nasm              | 1259 +++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-gf2m.nasm            |  352 +
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-mont.nasm            |  486 ++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/des/crypt586.nasm           |  887 +++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/des/des-586.nasm            | 1835 +++++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/md5/md5-586.nasm            |  690 ++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/modes/ghash-x86.nasm        | 1264 +++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/rc4/rc4-586.nasm            |  381 +
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha1-586.nasm           | 3977 ++++++++++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha256-586.nasm         | 6796 ++++++++++++++++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha512-586.nasm         | 2842 +++++++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/x86cpuid.nasm               |  513 ++
>  CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm     | 1772 +++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm   | 3271 ++++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm | 4709 +++++++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm        | 5084 ++++++++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm        | 1170 +++
>  CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-avx2.nasm            | 1989 +++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-x86_64.nasm          | 2242 ++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-gf2m.nasm          |  432 +
>  CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont.nasm          | 1479 ++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont5.nasm         | 4033 ++++++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/md5/md5-x86_64.nasm          |  794 ++
>  CryptoPkg/Library/OpensslLib/X64/crypto/modes/aesni-gcm-x86_64.nasm  |  984 +++
>  CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm      | 2077 +++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-md5-x86_64.nasm      | 1395 ++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-x86_64.nasm          |  784 ++
>  CryptoPkg/Library/OpensslLib/X64/crypto/sha/keccak1600-x86_64.nasm   |  532 ++
>  CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm      | 7581 ++++++++++++++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm         | 5773 ++++++++++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm    | 8262 ++++++++++++++++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm       | 5712 ++++++++++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm       | 5668 ++++++++++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm             |  472 ++
>  CryptoPkg/Library/OpensslLib/process_files.pl                        |  208 +-
>  CryptoPkg/Library/OpensslLib/uefi-asm.conf                           |   14 +
>  46 files changed, 94478 insertions(+), 50 deletions(-)
>  create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf
>  create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
>  create mode 100644 CryptoPkg/Library/OpensslLib/ApiHooks.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/aesni-x86.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/vpaes-x86.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/bn-586.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/co-586.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-gf2m.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-mont.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/des/crypt586.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/des/des-586.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/md5/md5-586.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/modes/ghash-x86.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/rc4/rc4-586.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha1-586.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha256-586.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha512-586.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/x86cpuid.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-avx2.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-gf2m.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont5.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/md5/md5-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/modes/aesni-gcm-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-md5-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/keccak1600-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/uefi-asm.conf
>
> --
> 2.16.2.windows.1
>

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#56333): https://edk2.groups.io/g/devel/message/56333
Mute This Topic: https://groups.io/mt/72021058/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 0/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64
Posted by Zurcher, Christopher J 4 years ago
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Ard Biesheuvel
> Sent: Wednesday, March 25, 2020 11:40
> To: Zurcher, Christopher J <christopher.j.zurcher@intel.com>
> Cc: edk2-devel-groups-io <devel@edk2.groups.io>; Wang, Jian J
> <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Eugene Cohen
> <eugene@hp.com>
> Subject: Re: [edk2-devel] [PATCH 0/1] CryptoPkg/OpensslLib: Add native
> instruction support for IA32 and X64
> 
> On Tue, 17 Mar 2020 at 11:26, Christopher J Zurcher
> <christopher.j.zurcher@intel.com> wrote:
> >
> > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507
> >
> > This patch adds support for building the native instruction algorithms for
> > IA32 and X64 versions of OpensslLib. The process_files.pl script was
> modified
> > to parse the .asm file targets from the OpenSSL build config data struct,
> and
> > generate the necessary assembly files for the EDK2 build environment.
> >
> > For the X64 variant, OpenSSL includes calls to a Windows error handling
> API,
> > and that function has been stubbed out in ApiHooks.c.
> >
> > For all variants, a constructor was added to call the required CPUID
> function
> > within OpenSSL to facilitate processor capability checks in the native
> > algorithms.
> >
> > Additional native architecture variants should be simple to add by
> following
> > the changes made for these two architectures.
> >
> > The OpenSSL assembly files are traditionally generated at build time using
> a
> > perl script. To avoid that burden on EDK2 users, these end-result assembly
> > files are generated during the configuration steps performed by the package
> > maintainer (through process_files.pl). The perl generator scripts inside
> > OpenSSL do not parse file comments as they are only meant to create
> > intermediate build files, so process_files.pl contains additional hooks to
> > preserve the copyright headers as well as clean up tabs and line endings to
> > comply with EDK2 coding standards. The resulting file headers align with
> > the generated .h files which are already included in the EDK2 repository.
> >
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > Cc: Eugene Cohen <eugene@hp.com>                                                                                                                  
> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >
> > Christopher J Zurcher (1):
> >   CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64
> >
> 
> Hello Christopher,
> 
> It would be helpful to understand the purpose of all this. Also, I
> think we could be more picky about which algorithms we enable - DES
> and MD5 don't seem highly useful, and even if they were, what do we
> gain by using a faster (or smaller?) implementation?
> 

The selection of algorithms comes from the default OpenSSL assembly targets; this combination is validated and widely used, and I don't know all the consequences of picking and choosing which ones to include. If necessary I could look into reducing the list.

The primary driver for this change is enabling the Full Flash Update (FFU) OS provisioning flow for Windows as described here:
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/wim-vs-ffu-image-file-formats
This item under "Reliability" is what we are speeding up: "Includes a catalog and hash table to validate a signature upfront before flashing onto a device. The hash table is generated during capture, and validated when applying the image."
This provisioning flow can be performed within the UEFI environment, and the native algorithms allow significant time savings in a factory setting (minutes per device).

We also had a BZ which requested these changes and the specific need was not provided. Maybe David @HP can provide further insight?
https://bugzilla.tianocore.org/show_bug.cgi?id=2507

There have been additional platform-specific benefits identified, for example speeding up HMAC authentication of communication with other HW/FW components.

Thanks,
Christopher Zurcher

> 
> 
> 
> >  CryptoPkg/Library/OpensslLib/OpensslLib.inf                          |
> 2 +-
> >  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf                    |
> 2 +-
> >  CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf                      |
> 680 ++
> >  CryptoPkg/Library/OpensslLib/OpensslLibX64.inf                       |
> 691 ++
> >  CryptoPkg/Library/Include/openssl/opensslconf.h                      |
> 3 -
> >  CryptoPkg/Library/OpensslLib/ApiHooks.c                              |
> 18 +
> >  CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c                 |
> 34 +
> >  CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/aesni-x86.nasm          |
> 3209 ++++++++
> >  CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/vpaes-x86.nasm          |
> 648 ++
> >  CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/bn-586.nasm              |
> 1522 ++++
> >  CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/co-586.nasm              |
> 1259 +++
> >  CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-gf2m.nasm            |
> 352 +
> >  CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-mont.nasm            |
> 486 ++
> >  CryptoPkg/Library/OpensslLib/Ia32/crypto/des/crypt586.nasm           |
> 887 +++
> >  CryptoPkg/Library/OpensslLib/Ia32/crypto/des/des-586.nasm            |
> 1835 +++++
> >  CryptoPkg/Library/OpensslLib/Ia32/crypto/md5/md5-586.nasm            |
> 690 ++
> >  CryptoPkg/Library/OpensslLib/Ia32/crypto/modes/ghash-x86.nasm        |
> 1264 +++
> >  CryptoPkg/Library/OpensslLib/Ia32/crypto/rc4/rc4-586.nasm            |
> 381 +
> >  CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha1-586.nasm           |
> 3977 ++++++++++
> >  CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha256-586.nasm         |
> 6796 ++++++++++++++++
> >  CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha512-586.nasm         |
> 2842 +++++++
> >  CryptoPkg/Library/OpensslLib/Ia32/crypto/x86cpuid.nasm               |
> 513 ++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm     |
> 1772 +++++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm   |
> 3271 ++++++++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm |
> 4709 +++++++++++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm        |
> 5084 ++++++++++++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm        |
> 1170 +++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-avx2.nasm            |
> 1989 +++++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-x86_64.nasm          |
> 2242 ++++++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-gf2m.nasm          |
> 432 +
> >  CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont.nasm          |
> 1479 ++++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont5.nasm         |
> 4033 ++++++++++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/md5/md5-x86_64.nasm          |
> 794 ++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/modes/aesni-gcm-x86_64.nasm  |
> 984 +++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm      |
> 2077 +++++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-md5-x86_64.nasm      |
> 1395 ++++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-x86_64.nasm          |
> 784 ++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/sha/keccak1600-x86_64.nasm   |
> 532 ++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm      |
> 7581 ++++++++++++++++++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm         |
> 5773 ++++++++++++++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm    |
> 8262 ++++++++++++++++++++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm       |
> 5712 ++++++++++++++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm       |
> 5668 ++++++++++++++
> >  CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm             |
> 472 ++
> >  CryptoPkg/Library/OpensslLib/process_files.pl                        |
> 208 +-
> >  CryptoPkg/Library/OpensslLib/uefi-asm.conf                           |
> 14 +
> >  46 files changed, 94478 insertions(+), 50 deletions(-)
> >  create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf
> >  create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> >  create mode 100644 CryptoPkg/Library/OpensslLib/ApiHooks.c
> >  create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
> >  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/aesni-
> x86.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/vpaes-
> x86.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/bn-586.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/co-586.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-
> gf2m.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-
> mont.nasm
> >  create mode 100644
> CryptoPkg/Library/OpensslLib/Ia32/crypto/des/crypt586.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/des/des-
> 586.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/md5/md5-
> 586.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/modes/ghash-
> x86.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/rc4/rc4-
> 586.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha1-
> 586.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha256-
> 586.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha512-
> 586.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/x86cpuid.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-
> x86_64.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-
> x86_64.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-
> sha256-x86_64.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-
> x86_64.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-
> x86_64.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-
> avx2.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-
> x86_64.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-
> gf2m.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-
> mont.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-
> mont5.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/md5/md5-
> x86_64.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/modes/aesni-
> gcm-x86_64.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-
> x86_64.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-md5-
> x86_64.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-
> x86_64.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/keccak1600-
> x86_64.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-
> x86_64.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-
> x86_64.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-
> x86_64.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-
> x86_64.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-
> x86_64.nasm
> >  create mode 100644
> CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm
> >  create mode 100644 CryptoPkg/Library/OpensslLib/uefi-asm.conf
> >
> > --
> > 2.16.2.windows.1
> >
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#56350): https://edk2.groups.io/g/devel/message/56350
Mute This Topic: https://groups.io/mt/72021058/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 0/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64
Posted by Ard Biesheuvel 4 years ago
On Thu, 26 Mar 2020 at 02:04, Zurcher, Christopher J
<christopher.j.zurcher@intel.com> wrote:
>
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Ard Biesheuvel
> > Sent: Wednesday, March 25, 2020 11:40
> > To: Zurcher, Christopher J <christopher.j.zurcher@intel.com>
> > Cc: edk2-devel-groups-io <devel@edk2.groups.io>; Wang, Jian J
> > <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>; Eugene Cohen
> > <eugene@hp.com>
> > Subject: Re: [edk2-devel] [PATCH 0/1] CryptoPkg/OpensslLib: Add native
> > instruction support for IA32 and X64
> >
> > On Tue, 17 Mar 2020 at 11:26, Christopher J Zurcher
> > <christopher.j.zurcher@intel.com> wrote:
> > >
> > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507
> > >
> > > This patch adds support for building the native instruction algorithms for
> > > IA32 and X64 versions of OpensslLib. The process_files.pl script was
> > modified
> > > to parse the .asm file targets from the OpenSSL build config data struct,
> > and
> > > generate the necessary assembly files for the EDK2 build environment.
> > >
> > > For the X64 variant, OpenSSL includes calls to a Windows error handling
> > API,
> > > and that function has been stubbed out in ApiHooks.c.
> > >
> > > For all variants, a constructor was added to call the required CPUID
> > function
> > > within OpenSSL to facilitate processor capability checks in the native
> > > algorithms.
> > >
> > > Additional native architecture variants should be simple to add by
> > following
> > > the changes made for these two architectures.
> > >
> > > The OpenSSL assembly files are traditionally generated at build time using
> > a
> > > perl script. To avoid that burden on EDK2 users, these end-result assembly
> > > files are generated during the configuration steps performed by the package
> > > maintainer (through process_files.pl). The perl generator scripts inside
> > > OpenSSL do not parse file comments as they are only meant to create
> > > intermediate build files, so process_files.pl contains additional hooks to
> > > preserve the copyright headers as well as clean up tabs and line endings to
> > > comply with EDK2 coding standards. The resulting file headers align with
> > > the generated .h files which are already included in the EDK2 repository.
> > >
> > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > > Cc: Eugene Cohen <eugene@hp.com>
> > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > >
> > > Christopher J Zurcher (1):
> > >   CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64
> > >
> >
> > Hello Christopher,
> >
> > It would be helpful to understand the purpose of all this. Also, I
> > think we could be more picky about which algorithms we enable - DES
> > and MD5 don't seem highly useful, and even if they were, what do we
> > gain by using a faster (or smaller?) implementation?
> >
>
> The selection of algorithms comes from the default OpenSSL assembly targets; this combination is validated and widely used, and I don't know all the consequences of picking and choosing which ones to include. If necessary I could look into reducing the list.
>
> The primary driver for this change is enabling the Full Flash Update (FFU) OS provisioning flow for Windows as described here:
> https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/wim-vs-ffu-image-file-formats
> This item under "Reliability" is what we are speeding up: "Includes a catalog and hash table to validate a signature upfront before flashing onto a device. The hash table is generated during capture, and validated when applying the image."
> This provisioning flow can be performed within the UEFI environment, and the native algorithms allow significant time savings in a factory setting (minutes per device).
>
> We also had a BZ which requested these changes and the specific need was not provided. Maybe David @HP can provide further insight?
> https://bugzilla.tianocore.org/show_bug.cgi?id=2507
>
> There have been additional platform-specific benefits identified, for example speeding up HMAC authentication of communication with other HW/FW components.
>

OK, so in summary, there is one particular hash that you need to speed
up, and this is why you enable every single asm implementation in
OpenSSL for X86. I'm not sure I am convinced that this is justified.

OpenSSL can easily deal with having just a couple of these accelerated
implementations enabled. To me, it seems like a more sensible approach
to only enable algorithms based on special instructions (such as
AES-NI and SHA-NI), which typically give a speedup in the 10x-20x
range, and to leave the other ones disabled. E.g., accelerated
montgomery multiplication for RSA is really not worth it, since the
speedup is around 50% and RSA is hardly a bottleneck in UEFI. Same
applies to deprecated ciphers such as DES or MD5 - they are not based
on special instructions, and shouldn't be used in the first place.

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#56375): https://edk2.groups.io/g/devel/message/56375
Mute This Topic: https://groups.io/mt/72021058/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 0/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64
Posted by Laszlo Ersek 4 years ago
On 03/17/20 11:26, Zurcher, Christopher J wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507
> 
> This patch adds support for building the native instruction algorithms for
> IA32 and X64 versions of OpensslLib. The process_files.pl script was modified
> to parse the .asm file targets from the OpenSSL build config data struct, and
> generate the necessary assembly files for the EDK2 build environment.
> 
> For the X64 variant, OpenSSL includes calls to a Windows error handling API,
> and that function has been stubbed out in ApiHooks.c.
> 
> For all variants, a constructor was added to call the required CPUID function
> within OpenSSL to facilitate processor capability checks in the native
> algorithms.
> 
> Additional native architecture variants should be simple to add by following
> the changes made for these two architectures.
> 
> The OpenSSL assembly files are traditionally generated at build time using a
> perl script. To avoid that burden on EDK2 users, these end-result assembly
> files are generated during the configuration steps performed by the package
> maintainer (through process_files.pl). The perl generator scripts inside
> OpenSSL do not parse file comments as they are only meant to create
> intermediate build files, so process_files.pl contains additional hooks to
> preserve the copyright headers as well as clean up tabs and line endings to
> comply with EDK2 coding standards. The resulting file headers align with
> the generated .h files which are already included in the EDK2 repository.
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Eugene Cohen <eugene@hp.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> 
> Christopher J Zurcher (1):
>   CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64
> 
>  CryptoPkg/Library/OpensslLib/OpensslLib.inf                          |    2 +-
>  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf                    |    2 +-
>  CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf                      |  680 ++
>  CryptoPkg/Library/OpensslLib/OpensslLibX64.inf                       |  691 ++
>  CryptoPkg/Library/Include/openssl/opensslconf.h                      |    3 -
>  CryptoPkg/Library/OpensslLib/ApiHooks.c                              |   18 +
>  CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c                 |   34 +
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/aesni-x86.nasm          | 3209 ++++++++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/vpaes-x86.nasm          |  648 ++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/bn-586.nasm              | 1522 ++++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/co-586.nasm              | 1259 +++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-gf2m.nasm            |  352 +
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-mont.nasm            |  486 ++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/des/crypt586.nasm           |  887 +++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/des/des-586.nasm            | 1835 +++++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/md5/md5-586.nasm            |  690 ++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/modes/ghash-x86.nasm        | 1264 +++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/rc4/rc4-586.nasm            |  381 +
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha1-586.nasm           | 3977 ++++++++++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha256-586.nasm         | 6796 ++++++++++++++++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha512-586.nasm         | 2842 +++++++
>  CryptoPkg/Library/OpensslLib/Ia32/crypto/x86cpuid.nasm               |  513 ++
>  CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm     | 1772 +++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm   | 3271 ++++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm | 4709 +++++++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm        | 5084 ++++++++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm        | 1170 +++
>  CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-avx2.nasm            | 1989 +++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-x86_64.nasm          | 2242 ++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-gf2m.nasm          |  432 +
>  CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont.nasm          | 1479 ++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont5.nasm         | 4033 ++++++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/md5/md5-x86_64.nasm          |  794 ++
>  CryptoPkg/Library/OpensslLib/X64/crypto/modes/aesni-gcm-x86_64.nasm  |  984 +++
>  CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm      | 2077 +++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-md5-x86_64.nasm      | 1395 ++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-x86_64.nasm          |  784 ++
>  CryptoPkg/Library/OpensslLib/X64/crypto/sha/keccak1600-x86_64.nasm   |  532 ++
>  CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm      | 7581 ++++++++++++++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm         | 5773 ++++++++++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm    | 8262 ++++++++++++++++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm       | 5712 ++++++++++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm       | 5668 ++++++++++++++
>  CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm             |  472 ++
>  CryptoPkg/Library/OpensslLib/process_files.pl                        |  208 +-
>  CryptoPkg/Library/OpensslLib/uefi-asm.conf                           |   14 +
>  46 files changed, 94478 insertions(+), 50 deletions(-)
>  create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf
>  create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
>  create mode 100644 CryptoPkg/Library/OpensslLib/ApiHooks.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/aesni-x86.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/vpaes-x86.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/bn-586.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/co-586.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-gf2m.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-mont.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/des/crypt586.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/des/des-586.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/md5/md5-586.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/modes/ghash-x86.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/rc4/rc4-586.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha1-586.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha256-586.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha512-586.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/Ia32/crypto/x86cpuid.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-avx2.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-gf2m.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont5.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/md5/md5-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/modes/aesni-gcm-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-md5-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/keccak1600-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm
>  create mode 100644 CryptoPkg/Library/OpensslLib/uefi-asm.conf
> 

(1) Please break this patch into at least two patches. The generated
files add more than ninety thousand lines, and (as I understand) noone
is expected to review them in detail. They should be separated to a
dedicated patch.

The rest of the code changes should be reviewed with more care, so they
deserve at least one stand-alone patch (several patches if necessary).

(2) Furthermore, I would suggest including a comment near the top of
each generated NASM file that said file was generated, and should not be
modified manually. (Of course this would mean updating the perl script
-- I'm not asking for manual comments!)

Thanks!
Laszlo


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#56105): https://edk2.groups.io/g/devel/message/56105
Mute This Topic: https://groups.io/mt/72021058/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-