* [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs
@ 2022-10-11 15:03 Michael D Kinney
2022-10-11 15:03 ` [Patch 01/12] CryptoPkg: Document and disable deprecated crypto services Michael D Kinney
` (12 more replies)
0 siblings, 13 replies; 23+ messages in thread
From: Michael D Kinney @ 2022-10-11 15:03 UTC (permalink / raw)
To: devel
Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher, Rebecca Cran, Ard Biesheuvel
The recent addition of the Ecliptic Curve (EC) feature and the performance
optimization features increased the complexity for platforms to integrate
and enable these features. This series simplifies the platform configuration
as much as possible and improves the ability to manage the the size impact
of cryptographic services in each FW phase. A Readme.md is also added that
provides an overview of the CryptoPkg design and features along with platform
integration recommendations.
This series also addresses private library class declarations missing from
CryptoPkg.dec and library instances not producing all the APIs defined
by the library classes. A review of the CryptoPkg EDK II meta data files identified
a number of additional cleanups. The CryptoPkg.dsc file was also updated to
improve CI coverage for future CryptoPkg changes and identified some
unit test bug fixes.
PR: https://github.com/tianocore/edk2/pull/3443
Branch: https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_MergeOptimizedOpensslLibs
Readme: https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_MergeOptimizedOpensslLibs/CryptoPkg/Readme.md
Change Summary
==============
* Document disabled/deprecated cryptographic services
* Add missing UNI files in BaseCryptLib
* Update BaseCryptLib internal functions to be STATIC and remove EFIAPI
* Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global variables
* Fix BaseCryptLib unit tests
* Cleanup BaseCryptLib and TlsLib INF files and
* Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that uses it.
* Merge 4 performance optimized INFs into OpensslLib*Accel.inf
* Remove use of PcdOpensslEcEnabled and use OpensslLibFull*.inf instead
* Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private library classes
* Update all OpensslLib instances to always produce all APIs in OpensslLib class
* Move PrintLib dependency from OpensslLib INF files to BaseCryptLib INF files
* Update CryptoPkg.dsc files to provide full CI test coverage across all the
supported combinations of OpensslLib, BaseCryptLib, and TlsLib instances.
* Remove PACKAGE profile from CryptoPkg.dsc and add TARGET_UNIT_TESTS
profile. Adding TARGET_UNIT_TESTS profile is required to prevent a few unit
test artifacts being included in non unit test builds of components.
* Add CryptoPkg Readme.md with overview and platform integration details.
* Update host-based unit tests to always use OpensslLibFull.inf and add unit
test coverage for OpensslLibFullAccel.inf.
* Add Readme.md with CryptoPkg overview and platform integration
documentation
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Cc: Rebecca Cran <quic_rcran@quicinc.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Michael D Kinney (12):
CryptoPkg: Document and disable deprecated crypto services
CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format
CryptoPkg/Library/BaseCryptLib: Update internal functions/variables
CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs
CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
CryptoPkg: Update DSC to improve CI test coverage
CryptoPkg: Fixed host-based unit tests
CryptoPkg: Add Readme.md
CryptoPkg/CryptoPkg.ci.yaml | 11 +-
CryptoPkg/CryptoPkg.dec | 42 +-
CryptoPkg/CryptoPkg.dsc | 460 +++++++++---
.../Pcd/PcdCryptoServiceFamilyEnable.h | 122 +--
.../Library/BaseCryptLib/BaseCryptLib.inf | 10 +-
.../Library/BaseCryptLib/BaseCryptLib.uni | 2 -
.../Library/BaseCryptLib/Hmac/CryptHmac.c | 7 +
.../Library/BaseCryptLib/Kdf/CryptHkdf.c | 5 +-
.../Library/BaseCryptLib/PeiCryptLib.inf | 8 +-
.../Library/BaseCryptLib/PeiCryptLib.uni | 2 -
.../BaseCryptLib/Pk/CryptAuthenticode.c | 2 +-
.../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 3 +-
.../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 3 +
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 44 +-
.../Library/BaseCryptLib/RuntimeCryptLib.inf | 9 +-
.../Library/BaseCryptLib/RuntimeCryptLib.uni | 2 -
.../Library/BaseCryptLib/SecCryptLib.inf | 13 +-
.../{SmmCryptLib.uni => SecCryptLib.uni} | 11 +-
.../Library/BaseCryptLib/SmmCryptLib.inf | 12 -
.../Library/BaseCryptLib/SmmCryptLib.uni | 2 -
.../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 22 +-
.../Library/Include/openssl/opensslconf.h | 328 +++++++-
.../Include/openssl/opensslconf_generated.h | 333 ---------
CryptoPkg/Library/OpensslLib/EcSm2Null.c | 291 ++++++++
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 133 ++--
CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +-
...nsslLibIa32Gcc.inf => OpensslLibAccel.inf} | 189 +++--
.../Library/OpensslLib/OpensslLibAccel.uni | 14 +
.../OpensslLib/OpensslLibConstructor.c | 6 +-
.../Library/OpensslLib/OpensslLibCrypto.inf | 185 +++--
.../Library/OpensslLib/OpensslLibCrypto.uni | 11 +-
.../{OpensslLib.inf => OpensslLibFull.inf} | 143 ++--
.../{OpensslLib.uni => OpensslLibFull.uni} | 10 +-
...sslLibIa32.inf => OpensslLibFullAccel.inf} | 192 +++--
.../OpensslLib/OpensslLibFullAccel.uni | 14 +
.../Library/OpensslLib/OpensslLibX64.inf | 706 ------------------
.../Library/OpensslLib/OpensslLibX64Gcc.inf | 706 ------------------
CryptoPkg/Library/OpensslLib/SslNull.c | 405 ++++++++++
.../SysCall/inet_pton.c | 0
CryptoPkg/Library/TlsLib/TlsConfig.c | 2 +-
CryptoPkg/Library/TlsLib/TlsLib.inf | 12 +-
CryptoPkg/Private/Library/IntrinsicLib.h | 16 +
CryptoPkg/Private/Library/OpensslLib.h | 14 +
CryptoPkg/Readme.md | 498 ++++++++++++
CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 17 +-
.../UnitTest/Library/BaseCryptLib/HmacTests.c | 17 +-
.../UnitTest/Library/BaseCryptLib/TSTests.c | 2 +-
.../TestBaseCryptLibHostAccel.inf | 55 ++
48 files changed, 2667 insertions(+), 2434 deletions(-)
copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni => SecCryptLib.uni} (74%)
delete mode 100644 CryptoPkg/Library/Include/openssl/opensslconf_generated.h
create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf => OpensslLibAccel.inf} (79%)
create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
copy CryptoPkg/Library/OpensslLib/{OpensslLib.inf => OpensslLibFull.inf} (80%)
copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni => OpensslLibFull.uni} (56%)
rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf => OpensslLibFullAccel.inf} (79%)
create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
rename CryptoPkg/Library/{BaseCryptLib => TlsLib}/SysCall/inet_pton.c (100%)
create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
create mode 100644 CryptoPkg/Readme.md
create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.inf
--
2.37.1.windows.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [Patch 01/12] CryptoPkg: Document and disable deprecated crypto services
2022-10-11 15:03 [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
@ 2022-10-11 15:03 ` Michael D Kinney
2022-10-11 15:03 ` [Patch 02/12] CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format Michael D Kinney
` (11 subsequent siblings)
12 siblings, 0 replies; 23+ messages in thread
From: Michael D Kinney @ 2022-10-11 15:03 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
Also note services that are recommended to be disabled and
update CryptoPkg.dsc PcdCryptoServiceFamilyEnable settings
disable all deprecated services.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 10 +-
.../Pcd/PcdCryptoServiceFamilyEnable.h | 122 ++++++++++--------
2 files changed, 77 insertions(+), 55 deletions(-)
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index e4e7bc0dbfae..ab28d8861f10 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -150,7 +150,6 @@ [PcdsFixedAtBuild]
!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
@@ -160,8 +159,10 @@ [PcdsFixedAtBuild]
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
@@ -172,7 +173,7 @@ [PcdsFixedAtBuild]
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Bn.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family | 0
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
!endif
!if $(CRYPTO_SERVICES) == MIN_PEI
@@ -216,6 +217,7 @@ [PcdsFixedAtBuild]
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
index 47405894176c..da533543172f 100644
--- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
+++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
@@ -1,6 +1,26 @@
/** @file
Defines the PCD_CRYPTO_SERVICE_FAMILY_ENABLE structure associated with
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable that is used
+ to enable/disable crypto services at either the family scope or the
+ individual service scope. Platforms can minimize the number of enabled
+ services to reduce size.
+
+ The following services have been deprecated and must never be enabled.
+ The associated fields in this data structure are never removed or replaced
+ to preseve the binary layout of the data structure. New services are
+ always added to the end of the data structure.
+ * HmacMd5 family
+ * HmacSha1 family
+ * Md4 family
+ * Md5 family
+ * Tdes family
+ * Arc4 family
+ * Aes.Services.EcbEncrypt service
+ * Aes.Services.EcbDecrypt service
+
+ Is is recommended that the following services always be disabled and may
+ be deprecated in the future.
+ * Sha1 family
Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -25,25 +45,25 @@
typedef struct {
union {
struct {
- UINT8 New : 1;
- UINT8 Free : 1;
- UINT8 SetKey : 1;
- UINT8 Duplicate : 1;
- UINT8 Update : 1;
- UINT8 Final : 1;
+ UINT8 New : 1; // Deprecated
+ UINT8 Free : 1; // Deprecated
+ UINT8 SetKey : 1; // Deprecated
+ UINT8 Duplicate : 1; // Deprecated
+ UINT8 Update : 1; // Deprecated
+ UINT8 Final : 1; // Deprecated
} Services;
- UINT32 Family;
+ UINT32 Family; // Deprecated
} HmacMd5;
union {
struct {
- UINT8 New : 1;
- UINT8 Free : 1;
- UINT8 SetKey : 1;
- UINT8 Duplicate : 1;
- UINT8 Update : 1;
- UINT8 Final : 1;
+ UINT8 New : 1; // Deprecated
+ UINT8 Free : 1; // Deprecated
+ UINT8 SetKey : 1; // Deprecated
+ UINT8 Duplicate : 1; // Deprecated
+ UINT8 Update : 1; // Deprecated
+ UINT8 Final : 1; // Deprecated
} Services;
- UINT32 Family;
+ UINT32 Family; // Deprecated
} HmacSha1;
union {
struct {
@@ -71,26 +91,26 @@ typedef struct {
} HmacSha384;
union {
struct {
- UINT8 GetContextSize : 1;
- UINT8 Init : 1;
- UINT8 Duplicate : 1;
- UINT8 Update : 1;
- UINT8 Final : 1;
- UINT8 HashAll : 1;
+ UINT8 GetContextSize : 1; // Deprecated
+ UINT8 Init : 1; // Deprecated
+ UINT8 Duplicate : 1; // Deprecated
+ UINT8 Update : 1; // Deprecated
+ UINT8 Final : 1; // Deprecated
+ UINT8 HashAll : 1; // Deprecated
} Services;
- UINT32 Family;
+ UINT32 Family; // Deprecated
} Md4;
union {
struct {
- UINT8 GetContextSize : 1;
- UINT8 Init : 1;
- UINT8 Duplicate : 1;
- UINT8 Update : 1;
- UINT8 Final : 1;
- UINT8 HashAll : 1;
+ UINT8 GetContextSize : 1; // Deprecated
+ UINT8 Init : 1; // Deprecated
+ UINT8 Duplicate : 1; // Deprecated
+ UINT8 Update : 1; // Deprecated
+ UINT8 Final : 1; // Deprecated
+ UINT8 HashAll : 1; // Deprecated
} Services;
UINT32 Family;
- } Md5;
+ } Md5; // Deprecated
union {
struct {
UINT8 Pkcs1v2Encrypt : 1;
@@ -143,14 +163,14 @@ typedef struct {
} Rsa;
union {
struct {
- UINT8 GetContextSize : 1;
- UINT8 Init : 1;
- UINT8 Duplicate : 1;
- UINT8 Update : 1;
- UINT8 Final : 1;
- UINT8 HashAll : 1;
+ UINT8 GetContextSize : 1; // Recommend disable
+ UINT8 Init : 1; // Recommend disable
+ UINT8 Duplicate : 1; // Recommend disable
+ UINT8 Update : 1; // Recommend disable
+ UINT8 Final : 1; // Recommend disable
+ UINT8 HashAll : 1; // Recommend disable
} Services;
- UINT32 Family;
+ UINT32 Family; // Recommend disable
} Sha1;
union {
struct {
@@ -202,21 +222,21 @@ typedef struct {
} X509;
union {
struct {
- UINT8 GetContextSize : 1;
- UINT8 Init : 1;
- UINT8 EcbEncrypt : 1;
- UINT8 EcbDecrypt : 1;
- UINT8 CbcEncrypt : 1;
- UINT8 CbcDecrypt : 1;
+ UINT8 GetContextSize : 1; // Deprecated
+ UINT8 Init : 1; // Deprecated
+ UINT8 EcbEncrypt : 1; // Deprecated
+ UINT8 EcbDecrypt : 1; // Deprecated
+ UINT8 CbcEncrypt : 1; // Deprecated
+ UINT8 CbcDecrypt : 1; // Deprecated
} Services;
- UINT32 Family;
+ UINT32 Family; // Deprecated
} Tdes;
union {
struct {
UINT8 GetContextSize : 1;
UINT8 Init : 1;
- UINT8 EcbEncrypt : 1;
- UINT8 EcbDecrypt : 1;
+ UINT8 EcbEncrypt : 1; // Deprecated
+ UINT8 EcbDecrypt : 1; // Deprecated
UINT8 CbcEncrypt : 1;
UINT8 CbcDecrypt : 1;
} Services;
@@ -224,13 +244,13 @@ typedef struct {
} Aes;
union {
struct {
- UINT8 GetContextSize : 1;
- UINT8 Init : 1;
- UINT8 Encrypt : 1;
- UINT8 Decrypt : 1;
- UINT8 Reset : 1;
+ UINT8 GetContextSize : 1; // Deprecated
+ UINT8 Init : 1; // Deprecated
+ UINT8 Encrypt : 1; // Deprecated
+ UINT8 Decrypt : 1; // Deprecated
+ UINT8 Reset : 1; // Deprecated
} Services;
- UINT32 Family;
+ UINT32 Family; // Deprecated
} Arc4;
union {
struct {
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [Patch 02/12] CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format
2022-10-11 15:03 [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
2022-10-11 15:03 ` [Patch 01/12] CryptoPkg: Document and disable deprecated crypto services Michael D Kinney
@ 2022-10-11 15:03 ` Michael D Kinney
2022-10-11 15:03 ` [Patch 03/12] CryptoPkg/Library/BaseCryptLib: Update internal functions/variables Michael D Kinney
` (10 subsequent siblings)
12 siblings, 0 replies; 23+ messages in thread
From: Michael D Kinney @ 2022-10-11 15:03 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.uni | 2 --
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni | 2 --
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni | 2 --
CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf | 1 +
.../BaseCryptLib/{SmmCryptLib.uni => SecCryptLib.uni} | 11 ++---------
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni | 2 --
6 files changed, 3 insertions(+), 17 deletions(-)
copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni => SecCryptLib.uni} (74%)
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.uni
index ed1852efbe04..d9d53d099c4e 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.uni
@@ -12,8 +12,6 @@
//
// **/
-
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_DRIVER"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow."
-
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
index 20ae64e8bf1a..8cffc00daf5d 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
@@ -18,8 +18,6 @@
//
// **/
-
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for PEIM"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
-
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
index 0cf378c5ab84..786738a99d73 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
@@ -17,8 +17,6 @@
//
// **/
-
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
-
diff --git a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
index 0b1dd31c411c..4f652be46a82 100644
--- a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
@@ -14,6 +14,7 @@
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = SecCryptLib
+ MODULE_UNI_FILE = SecCryptLib.uni
FILE_GUID = 3689D343-0D32-4284-8053-BF10537990E8
MODULE_TYPE = BASE
VERSION_STRING = 1.0
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.uni
similarity index 74%
copy from CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
copy to CryptoPkg/Library/BaseCryptLib/SecCryptLib.uni
index f0c33abbcf22..c0dd1eb0f351 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.uni
@@ -1,24 +1,17 @@
// /** @file
-// Cryptographic Library Instance for SMM driver.
+// Cryptographic Library Instance for SEC driver.
//
// Caution: This module requires additional review when modified.
// This library will have external input - signature.
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: AES
-// functions, RSA external functions, PKCS#7 SignedData sign functions,
-// Diffie-Hellman functions, and authenticode signature verification functions are
-// not supported in this instance.
-//
// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
//
// SPDX-License-Identifier: BSD-2-Clause-Patent
//
// **/
-
-#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver"
+#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SEC driver"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
-
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
index f0c33abbcf22..7e0f55f792e1 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
@@ -17,8 +17,6 @@
//
// **/
-
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
-
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [Patch 03/12] CryptoPkg/Library/BaseCryptLib: Update internal functions/variables
2022-10-11 15:03 [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
2022-10-11 15:03 ` [Patch 01/12] CryptoPkg: Document and disable deprecated crypto services Michael D Kinney
2022-10-11 15:03 ` [Patch 02/12] CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format Michael D Kinney
@ 2022-10-11 15:03 ` Michael D Kinney
2022-10-11 15:03 ` [Patch 04/12] CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes Michael D Kinney
` (9 subsequent siblings)
12 siblings, 0 replies; 23+ messages in thread
From: Michael D Kinney @ 2022-10-11 15:03 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
* Update BaseCryptLib internal worker functions to be 'STATIC'
* Update BaseCryptLib internal working functions to not use EFIAPI
* Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global variables
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/CryptoPkg.ci.yaml | 3 +-
.../Library/BaseCryptLib/Hmac/CryptHmac.c | 7 +++
.../Library/BaseCryptLib/Kdf/CryptHkdf.c | 5 ++-
.../BaseCryptLib/Pk/CryptAuthenticode.c | 2 +-
.../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 3 +-
.../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 3 ++
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 44 +++++++++++++------
7 files changed, 50 insertions(+), 17 deletions(-)
diff --git a/CryptoPkg/CryptoPkg.ci.yaml b/CryptoPkg/CryptoPkg.ci.yaml
index 2fa3a3d5ee05..ca129d6ae56c 100644
--- a/CryptoPkg/CryptoPkg.ci.yaml
+++ b/CryptoPkg/CryptoPkg.ci.yaml
@@ -24,7 +24,8 @@
"ExceptionList": [
"8001", "IsLeap",
"8001", "OBJ_get0_data",
- "8001", "OBJ_length"
+ "8001", "OBJ_length",
+ "5005", "X509PopCertificate"
],
## Both file path and directory path are accepted.
"IgnoreFiles": [
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
index 2786267a0be1..1ae33b6709cb 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
@@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
If the allocations fails, HmacMdNew() returns NULL.
**/
+STATIC
VOID *
HmacMdNew (
VOID
@@ -33,6 +34,7 @@ HmacMdNew (
@param[in] HmacMdCtx Pointer to the HMAC_CTX context to be released.
**/
+STATIC
VOID
HmacMdFree (
IN VOID *HmacMdCtx
@@ -59,6 +61,7 @@ HmacMdFree (
@retval FALSE The Key is set unsuccessfully.
**/
+STATIC
BOOLEAN
HmacMdSetKey (
IN CONST EVP_MD *Md,
@@ -94,6 +97,7 @@ HmacMdSetKey (
@retval FALSE HMAC-MD context copy failed.
**/
+STATIC
BOOLEAN
HmacMdDuplicate (
IN CONST VOID *HmacMdContext,
@@ -132,6 +136,7 @@ HmacMdDuplicate (
@retval FALSE HMAC-MD data digest failed.
**/
+STATIC
BOOLEAN
HmacMdUpdate (
IN OUT VOID *HmacMdContext,
@@ -183,6 +188,7 @@ HmacMdUpdate (
@retval FALSE HMAC-MD digest computation failed.
**/
+STATIC
BOOLEAN
HmacMdFinal (
IN OUT VOID *HmacMdContext,
@@ -233,6 +239,7 @@ HmacMdFinal (
@retval FALSE This interface is not supported.
**/
+STATIC
BOOLEAN
HmacMdAll (
IN CONST EVP_MD *Md,
diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
index ffaf5fb131ac..34e81246ed0d 100644
--- a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
+++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
@@ -6,7 +6,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
-#include <Library/BaseCryptLib.h>
+#include "InternalCryptLib.h"
#include <openssl/evp.h>
#include <openssl/kdf.h>
@@ -27,6 +27,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
@retval FALSE Hkdf generation failed.
**/
+STATIC
BOOLEAN
HkdfMdExtractAndExpand (
IN CONST EVP_MD *Md,
@@ -95,6 +96,7 @@ HkdfMdExtractAndExpand (
@retval false Hkdf generation failed.
**/
+STATIC
BOOLEAN
HkdfMdExtract (
IN CONST EVP_MD *Md,
@@ -174,6 +176,7 @@ HkdfMdExtract (
@retval FALSE Hkdf generation failed.
**/
+STATIC
BOOLEAN
HkdfMdExpand (
IN CONST EVP_MD *Md,
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
index aa4a33364d92..6b0dddd4af55 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
@@ -23,7 +23,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
//
// OID ASN.1 Value for SPC_INDIRECT_DATA_OBJID
//
-UINT8 mSpcIndirectOidValue[] = {
+GLOBAL_REMOVE_IF_UNREFERENCED const UINT8 mSpcIndirectOidValue[] = {
0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04
};
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
index f8028181e47f..4e5a14e35210 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
@@ -22,7 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <openssl/x509v3.h>
#include <openssl/pkcs7.h>
-UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
+GLOBAL_REMOVE_IF_UNREFERENCED const UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
/**
Check input P7Data is a wrapped ContentInfo structure or not. If not construct
@@ -145,6 +145,7 @@ WrapPkcs7Data (
@retval FALSE The pop operation failed.
**/
+STATIC
BOOLEAN
X509PopCertificate (
IN VOID *X509Stack,
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
index 833b29ae9755..63cd49434e71 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
@@ -62,6 +62,7 @@
@retval EFI_NOT_FOUND The number of signers found was not 1.
**/
+STATIC
EFI_STATUS
GetSignerCertificate (
IN CONST PKCS7 *CertChain,
@@ -132,6 +133,7 @@ GetSignerCertificate (
@retval EFI_NOT_FOUND One or more EKU's were not found in the signature.
**/
+STATIC
EFI_STATUS
IsEkuInCertificate (
IN CONST X509 *Cert,
@@ -255,6 +257,7 @@ IsEkuInCertificate (
@retval EFI_INVALID_PARAMETER A parameter was invalid.
@retval EFI_NOT_FOUND One or more EKU's were not found in the signature.
**/
+STATIC
EFI_STATUS
CheckEKUs (
IN CONST X509 *SignerCert,
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
index f118f2e9d6aa..027dbb6842dc 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
@@ -21,7 +21,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
//
// OID ASN.1 Value for SPC_RFC3161_OBJID ("1.3.6.1.4.1.311.3.3.1")
//
-UINT8 mSpcRFC3161OidValue[] = {
+GLOBAL_REMOVE_IF_UNREFERENCED const UINT8 mSpcRFC3161OidValue[] = {
0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x03, 0x03, 0x01
};
@@ -43,11 +43,17 @@ typedef struct {
//
// ASN.1 Functions for TS_MESSAGE_IMPRINT
//
-DECLARE_ASN1_FUNCTIONS (TS_MESSAGE_IMPRINT)
-ASN1_SEQUENCE (TS_MESSAGE_IMPRINT) = {
+GLOBAL_REMOVE_IF_UNREFERENCED
+DECLARE_ASN1_FUNCTIONS (
+ TS_MESSAGE_IMPRINT
+ )
+ASN1_SEQUENCE (TS_MESSAGE_IMPRINT) =
+{
ASN1_SIMPLE (TS_MESSAGE_IMPRINT, HashAlgorithm, X509_ALGOR),
ASN1_SIMPLE (TS_MESSAGE_IMPRINT, HashedMessage, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END (TS_MESSAGE_IMPRINT)
+}
+
+ASN1_SEQUENCE_END (TS_MESSAGE_IMPRINT)
IMPLEMENT_ASN1_FUNCTIONS (TS_MESSAGE_IMPRINT)
///
@@ -68,12 +74,18 @@ typedef struct {
//
// ASN.1 Functions for TS_ACCURACY
//
-DECLARE_ASN1_FUNCTIONS (TS_ACCURACY)
-ASN1_SEQUENCE (TS_ACCURACY) = {
+GLOBAL_REMOVE_IF_UNREFERENCED
+DECLARE_ASN1_FUNCTIONS (
+ TS_ACCURACY
+ )
+ASN1_SEQUENCE (TS_ACCURACY) =
+{
ASN1_OPT (TS_ACCURACY, Seconds, ASN1_INTEGER),
ASN1_IMP_OPT (TS_ACCURACY, Millis, ASN1_INTEGER, 0),
ASN1_IMP_OPT (TS_ACCURACY, Micros, ASN1_INTEGER, 1)
-} ASN1_SEQUENCE_END (TS_ACCURACY)
+}
+
+ASN1_SEQUENCE_END (TS_ACCURACY)
IMPLEMENT_ASN1_FUNCTIONS (TS_ACCURACY)
///
@@ -114,8 +126,12 @@ typedef struct {
//
// ASN.1 Functions for TS_TST_INFO
//
-DECLARE_ASN1_FUNCTIONS (TS_TST_INFO)
-ASN1_SEQUENCE (TS_TST_INFO) = {
+GLOBAL_REMOVE_IF_UNREFERENCED
+DECLARE_ASN1_FUNCTIONS (
+ TS_TST_INFO
+ )
+ASN1_SEQUENCE (TS_TST_INFO) =
+{
ASN1_SIMPLE (TS_TST_INFO, Version, ASN1_INTEGER),
ASN1_SIMPLE (TS_TST_INFO, Policy, ASN1_OBJECT),
ASN1_SIMPLE (TS_TST_INFO, MessageImprint, TS_MESSAGE_IMPRINT),
@@ -126,7 +142,9 @@ ASN1_SEQUENCE (TS_TST_INFO) = {
ASN1_OPT (TS_TST_INFO, Nonce, ASN1_INTEGER),
ASN1_EXP_OPT (TS_TST_INFO, Tsa, GENERAL_NAME, 0),
ASN1_IMP_SEQUENCE_OF_OPT (TS_TST_INFO, Extensions, X509_EXTENSION, 1)
-} ASN1_SEQUENCE_END (TS_TST_INFO)
+}
+
+ASN1_SEQUENCE_END (TS_TST_INFO)
IMPLEMENT_ASN1_FUNCTIONS (TS_TST_INFO)
/**
@@ -139,8 +157,8 @@ IMPLEMENT_ASN1_FUNCTIONS (TS_TST_INFO)
@retval FALSE Invalid parameters.
**/
+STATIC
BOOLEAN
-EFIAPI
ConvertAsn1TimeToEfiTime (
IN ASN1_TIME *Asn1Time,
OUT EFI_TIME *EfiTime
@@ -222,8 +240,8 @@ ConvertAsn1TimeToEfiTime (
@retval FALSE Invalid TimeStamp Token Information.
**/
+STATIC
BOOLEAN
-EFIAPI
CheckTSTInfo (
IN CONST TS_TST_INFO *TstInfo,
IN CONST UINT8 *TimestampedData,
@@ -352,8 +370,8 @@ CheckTSTInfo (
@retval FALSE Invalid timestamp token.
**/
+STATIC
BOOLEAN
-EFIAPI
TimestampTokenVerify (
IN CONST UINT8 *TSToken,
IN UINTN TokenSize,
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [Patch 04/12] CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
2022-10-11 15:03 [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (2 preceding siblings ...)
2022-10-11 15:03 ` [Patch 03/12] CryptoPkg/Library/BaseCryptLib: Update internal functions/variables Michael D Kinney
@ 2022-10-11 15:03 ` Michael D Kinney
2022-10-11 15:03 ` [Patch 05/12] CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib Michael D Kinney
` (8 subsequent siblings)
12 siblings, 0 replies; 23+ messages in thread
From: Michael D Kinney @ 2022-10-11 15:03 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
* Update ImageTimeStampTest to return UNIT_TEST_PASSED instead of
Status. On success Status is TRUE(1), which was returning a unit
test status of UNIT_TEST_ERROR_PREREQUISITE_NOT_MET.
* Update HmacTests to use the *Free() service from the HMAC family
instead of FreePool(). Using FreePool() generates ASSERT() because
the context being freed was not allocated using AllocatePool().
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
.../UnitTest/Library/BaseCryptLib/HmacTests.c | 17 ++++++++++++-----
.../UnitTest/Library/BaseCryptLib/TSTests.c | 2 +-
2 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
index 9c5b39410d0f..b347cb4cb4f8 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
@@ -87,6 +87,12 @@ VOID *
VOID
);
+typedef
+VOID
+(EFIAPI *EFI_HMAC_FREE)(
+ IN VOID *HashContext
+ );
+
typedef
BOOLEAN
(EFIAPI *EFI_HMAC_INIT)(
@@ -113,6 +119,7 @@ BOOLEAN
typedef struct {
UINT32 DigestSize;
EFI_HMAC_NEW HmacNew;
+ EFI_HMAC_FREE HmacFree;
EFI_HMAC_INIT HmacInit;
EFI_HMAC_UPDATE HmacUpdate;
EFI_HMAC_FINAL HmacFinal;
@@ -123,10 +130,10 @@ typedef struct {
} HMAC_TEST_CONTEXT;
// These functions have been deprecated but they've been left commented out for future reference
-// HMAC_TEST_CONTEXT mHmacMd5TestCtx = {MD5_DIGEST_SIZE, HmacMd5New, HmacMd5SetKey, HmacMd5Update, HmacMd5Final, HmacMd5Key, sizeof(HmacMd5Key), HmacMd5Digest};
-// HMAC_TEST_CONTEXT mHmacSha1TestCtx = {SHA1_DIGEST_SIZE, HmacSha1New, HmacSha1SetKey, HmacSha1Update, HmacSha1Final, HmacSha1Key, sizeof(HmacSha1Key), HmacSha1Digest};
-HMAC_TEST_CONTEXT mHmacSha256TestCtx = { SHA256_DIGEST_SIZE, HmacSha256New, HmacSha256SetKey, HmacSha256Update, HmacSha256Final, HmacSha256Key, sizeof (HmacSha256Key), HmacSha256Digest };
-HMAC_TEST_CONTEXT mHmacSha384TestCtx = { SHA384_DIGEST_SIZE, HmacSha384New, HmacSha384SetKey, HmacSha384Update, HmacSha384Final, HmacSha384Key, sizeof (HmacSha384Key), HmacSha384Digest };
+// HMAC_TEST_CONTEXT mHmacMd5TestCtx = {MD5_DIGEST_SIZE, HmacMd5New, HmacMd5Free, HmacMd5SetKey, HmacMd5Update, HmacMd5Final, HmacMd5Key, sizeof(HmacMd5Key), HmacMd5Digest};
+// HMAC_TEST_CONTEXT mHmacSha1TestCtx = {SHA1_DIGEST_SIZE, HmacSha1New, HmacSha1Free, HmacSha1SetKey, HmacSha1Update, HmacSha1Final, HmacSha1Key, sizeof(HmacSha1Key), HmacSha1Digest};
+HMAC_TEST_CONTEXT mHmacSha256TestCtx = { SHA256_DIGEST_SIZE, HmacSha256New, HmacSha256Free, HmacSha256SetKey, HmacSha256Update, HmacSha256Final, HmacSha256Key, sizeof (HmacSha256Key), HmacSha256Digest };
+HMAC_TEST_CONTEXT mHmacSha384TestCtx = { SHA384_DIGEST_SIZE, HmacSha384New, HmacSha384Free, HmacSha384SetKey, HmacSha384Update, HmacSha384Final, HmacSha384Key, sizeof (HmacSha384Key), HmacSha384Digest };
UNIT_TEST_STATUS
EFIAPI
@@ -155,7 +162,7 @@ TestVerifyHmacCleanUp (
HmacTestContext = Context;
if (HmacTestContext->HmacCtx != NULL) {
- FreePool (HmacTestContext->HmacCtx);
+ HmacTestContext->HmacFree (HmacTestContext->HmacCtx);
}
}
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TSTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TSTests.c
index 225ec3e59746..226e57e66f04 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TSTests.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TSTests.c
@@ -322,7 +322,7 @@ TestVerifyImageTimestampVerify (
UT_ASSERT_EQUAL (SigningTime.Minute, 50);
UT_ASSERT_EQUAL (SigningTime.Second, 3);
- return Status;
+ return UNIT_TEST_PASSED;
}
TEST_DESC mImageTimestampTest[] = {
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [Patch 05/12] CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
2022-10-11 15:03 [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (3 preceding siblings ...)
2022-10-11 15:03 ` [Patch 04/12] CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes Michael D Kinney
@ 2022-10-11 15:03 ` Michael D Kinney
2022-10-11 15:03 ` [Patch 06/12] CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs Michael D Kinney
` (7 subsequent siblings)
12 siblings, 0 replies; 23+ messages in thread
From: Michael D Kinney @ 2022-10-11 15:03 UTC (permalink / raw)
To: devel
Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher, Rebecca Cran, Ard Biesheuvel
* Move SysCall/inet_pton.c from BaseCryptLib to TlsLib. The functions
in this file are only used by TlsLib instances and not any CryptLib
instances.
* Fix type mismatch in call to FreePool() in TlsConfig.c
* Remove use of gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled from
TslLib and CryptLib instances
* Add missing *Null.c files to SecCryptLib.inf and RuntimeCryptLib.inf.
* Remove ARM and AARCH64 sections from SmmCryptLib.inf that does not
support those architectures.
* Add missing PrintLib dependencies to [LibraryClasses] sections of
CryptLib INF files
* Remove extra library classes from [LibraryClasses] sections of
CryptLib INF files
* Remove unnecessary warning disables from [BuildOptions] sections of
TlsLib and CryptLib INF files
* Remove RVCT support from SecCryptLib.inf
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Cc: Rebecca Cran <quic_rcran@quicinc.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 10 +---------
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 8 +-------
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 9 ++-------
CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf | 12 ++++--------
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 12 ------------
.../{BaseCryptLib => TlsLib}/SysCall/inet_pton.c | 0
CryptoPkg/Library/TlsLib/TlsConfig.c | 2 +-
CryptoPkg/Library/TlsLib/TlsLib.inf | 12 +-----------
8 files changed, 10 insertions(+), 55 deletions(-)
rename CryptoPkg/Library/{BaseCryptLib => TlsLib}/SysCall/inet_pton.c (100%)
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 9634bd5fea25..5eaa6e5a2242 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -53,15 +53,13 @@ [Sources]
Pk/CryptTs.c
Pk/CryptRsaPss.c
Pk/CryptRsaPssSign.c
- Pk/CryptEcNull.c |*|*|*|!gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- Pk/CryptEc.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ Pk/CryptEc.c
Pem/CryptPem.c
Bn/CryptBn.c
SysCall/CrtWrapper.c
SysCall/TimerWrapper.c
SysCall/BaseMemAllocation.c
- SysCall/inet_pton.c
[Sources.Ia32]
Rand/CryptRandTsc.c
@@ -92,19 +90,13 @@ [LibraryClasses]
IntrinsicLib
PrintLib
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
-
#
# Remove these [BuildOptions] after this library is cleaned up
#
[BuildOptions]
#
# suppress the following warnings so we do not break the build with warnings-as-errors:
- # C4090: 'function' : different 'const' qualifiers
#
- MSFT:*_*_*_CC_FLAGS = /wd4090
-
GCC:*_CLANG35_*_CC_FLAGS = -std=c99
GCC:*_CLANG38_*_CC_FLAGS = -std=c99
GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index 3799780c9f52..b1629647f9c6 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -79,9 +79,7 @@ [LibraryClasses]
DebugLib
OpensslLib
IntrinsicLib
-
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ PrintLib
#
# Remove these [BuildOptions] after this library is cleaned up
@@ -89,11 +87,7 @@ [FixedPcd]
[BuildOptions]
#
# suppress the following warnings so we do not break the build with warnings-as-errors:
- # C4090: 'function' : different 'const' qualifiers
- # C4718: 'function call' : recursive call has no side effects, deleting
#
- MSFT:*_*_*_CC_FLAGS = /wd4090 /wd4718
-
GCC:*_CLANG35_*_CC_FLAGS = -std=c99
GCC:*_CLANG38_*_CC_FLAGS = -std=c99
GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index 845708bf1a1b..19039685a500 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -59,7 +59,9 @@ [Sources]
Pk/CryptTsNull.c
Pk/CryptRsaPssNull.c
Pk/CryptRsaPssSignNull.c
+ Pk/CryptEcNull.c
Pem/CryptPem.c
+ Bn/CryptBnNull.c
SysCall/CrtWrapper.c
SysCall/TimerWrapper.c
@@ -87,26 +89,19 @@ [Packages]
[LibraryClasses]
BaseLib
BaseMemoryLib
- UefiBootServicesTableLib
UefiRuntimeServicesTableLib
DebugLib
OpensslLib
IntrinsicLib
PrintLib
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
-
#
# Remove these [BuildOptions] after this library is cleaned up
#
[BuildOptions]
#
# suppress the following warnings so we do not break the build with warnings-as-errors:
- # C4090: 'function' : different 'const' qualifiers
#
- MSFT:*_*_*_CC_FLAGS = /wd4090
-
GCC:*_CLANG35_*_CC_FLAGS = -std=c99
GCC:*_CLANG38_*_CC_FLAGS = -std=c99
GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
diff --git a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
index 4f652be46a82..4ad59b7bbc59 100644
--- a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
@@ -38,6 +38,7 @@ [Sources]
Hmac/CryptHmacNull.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
+ Cipher/CryptAeadAesGcmNull.c
Pk/CryptRsaBasicNull.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
@@ -53,6 +54,8 @@ [Sources]
Rand/CryptRandNull.c
Pk/CryptRsaPssNull.c
Pk/CryptRsaPssSignNull.c
+ Pk/CryptEcNull.c
+ Bn/CryptBnNull.c
SysCall/CrtWrapper.c
SysCall/ConstantTimeClock.c
@@ -69,6 +72,7 @@ [LibraryClasses]
DebugLib
OpensslLib
IntrinsicLib
+ PrintLib
#
# Remove these [BuildOptions] after this library is cleaned up
@@ -76,15 +80,7 @@ [LibraryClasses]
[BuildOptions]
#
# suppress the following warnings so we do not break the build with warnings-as-errors:
- # C4090: 'function' : different 'const' qualifiers
- # C4718: 'function call' : recursive call has no side effects, deleting
#
- MSFT:*_*_*_CC_FLAGS = /wd4090 /wd4718
-
- # -JCryptoPkg/Include : To disable the use of the system includes provided by RVCT
- # --diag_remark=1 : Reduce severity of "#1-D: last line of file ends without a newline"
- RVCT:*_*_ARM_CC_FLAGS = -JCryptoPkg/Include --diag_remark=1
-
GCC:*_CLANG35_*_CC_FLAGS = -std=c99
GCC:*_CLANG38_*_CC_FLAGS = -std=c99
GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 9318052a51c5..0af7a3f96e8f 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -74,19 +74,12 @@ [Sources.Ia32]
[Sources.X64]
Rand/CryptRandTsc.c
-[Sources.ARM]
- Rand/CryptRand.c
-
-[Sources.AARCH64]
- Rand/CryptRand.c
-
[Packages]
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec
[LibraryClasses]
BaseLib
- IoLib
BaseMemoryLib
MemoryAllocationLib
OpensslLib
@@ -95,18 +88,13 @@ [LibraryClasses]
MmServicesTableLib
SynchronizationLib
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
-
#
# Remove these [BuildOptions] after this library is cleaned up
#
[BuildOptions]
#
# suppress the following warnings so we do not break the build with warnings-as-errors:
- # C4090: 'function' : different 'const' qualifiers
#
- MSFT:*_*_*_CC_FLAGS = /wd4090
XCODE:*_*_*_CC_FLAGS = -mmmx -msse -std=c99
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c b/CryptoPkg/Library/TlsLib/SysCall/inet_pton.c
similarity index 100%
rename from CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
rename to CryptoPkg/Library/TlsLib/SysCall/inet_pton.c
diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
index dbe1f0652996..f13ae0ab7e5a 100644
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -478,7 +478,7 @@ TlsSetCipherList (
FreePool (CipherString);
FreeMappedCipher:
- FreePool (MappedCipher);
+ FreePool ((VOID *)MappedCipher);
return Status;
}
diff --git a/CryptoPkg/Library/TlsLib/TlsLib.inf b/CryptoPkg/Library/TlsLib/TlsLib.inf
index bc61cda74556..e3500b9c2548 100644
--- a/CryptoPkg/Library/TlsLib/TlsLib.inf
+++ b/CryptoPkg/Library/TlsLib/TlsLib.inf
@@ -27,6 +27,7 @@ [Sources]
TlsInit.c
TlsConfig.c
TlsProcess.c
+ SysCall/inet_pton.c
[Packages]
MdePkg/MdePkg.dec
@@ -40,14 +41,3 @@ [LibraryClasses]
MemoryAllocationLib
OpensslLib
SafeIntLib
-
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
-
-[BuildOptions]
- #
- # suppress the following warnings so we do not break the build with warnings-as-errors:
- # C4090: 'function' : different 'const' qualifiers
- #
- MSFT:*_*_*_CC_FLAGS = /wd4090
-
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [Patch 06/12] CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs
2022-10-11 15:03 [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (4 preceding siblings ...)
2022-10-11 15:03 ` [Patch 05/12] CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib Michael D Kinney
@ 2022-10-11 15:03 ` Michael D Kinney
2022-10-11 23:20 ` [edk2-devel] " Christopher Zurcher
2022-10-11 15:03 ` [Patch 07/12] CryptoPkg/Library/OpensslLib: Produce consistent set of APIs Michael D Kinney
` (6 subsequent siblings)
12 siblings, 1 reply; 23+ messages in thread
From: Michael D Kinney @ 2022-10-11 15:03 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
* Remove IA32/X64 specific INF files for performance
optimized OpensslLib and combine into OpensslLibAccel.inf
and OpensslLibFullAccel.inf.
* Remove use of PcdOpensslEcEnabled and let the platform
select the EC feature by using either OpensslLibFull.inf
or OpensslLibFullAccel.inf.
* With PcdOpensslEcEnabled removed, roll back style of opensslconf.h
and remove opensslconf_generated.h. Move the choice to disable
EC/SM2 into OpensslLib INF files using OPENSSL_FLAGS define.
* Update OpensslLibContructor() API to be compatible with all
FW phases by using types from Base.h and using RETURN_STATUS
type and values instead of EFI_STATUS type and values.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/CryptoPkg.ci.yaml | 8 +-
.../Library/Include/openssl/opensslconf.h | 328 +++++++-
.../Include/openssl/opensslconf_generated.h | 333 ---------
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 130 ++--
CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +-
...OpensslLibIa32.inf => OpensslLibAccel.inf} | 186 +++--
.../Library/OpensslLib/OpensslLibAccel.uni | 14 +
.../OpensslLib/OpensslLibConstructor.c | 6 +-
.../Library/OpensslLib/OpensslLibCrypto.inf | 182 +++--
.../Library/OpensslLib/OpensslLibCrypto.uni | 11 +-
.../{OpensslLib.inf => OpensslLibFull.inf} | 140 ++--
.../{OpensslLib.uni => OpensslLibFull.uni} | 10 +-
...LibIa32Gcc.inf => OpensslLibFullAccel.inf} | 189 +++--
.../OpensslLib/OpensslLibFullAccel.uni | 14 +
.../Library/OpensslLib/OpensslLibX64.inf | 706 ------------------
.../Library/OpensslLib/OpensslLibX64Gcc.inf | 706 ------------------
16 files changed, 848 insertions(+), 2125 deletions(-)
delete mode 100644 CryptoPkg/Library/Include/openssl/opensslconf_generated.h
rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf => OpensslLibAccel.inf} (79%)
create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
copy CryptoPkg/Library/OpensslLib/{OpensslLib.inf => OpensslLibFull.inf} (80%)
copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni => OpensslLibFull.uni} (56%)
rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf => OpensslLibFullAccel.inf} (79%)
create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
diff --git a/CryptoPkg/CryptoPkg.ci.yaml b/CryptoPkg/CryptoPkg.ci.yaml
index ca129d6ae56c..47f29759676d 100644
--- a/CryptoPkg/CryptoPkg.ci.yaml
+++ b/CryptoPkg/CryptoPkg.ci.yaml
@@ -73,13 +73,7 @@
},
"DscCompleteCheck": {
"DscPath": "CryptoPkg.dsc",
- "IgnoreInf": [
- # These are alternatives to OpensslLib.inf
- "CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf",
- "CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf",
- "CryptoPkg/Library/OpensslLib/OpensslLibX64.inf",
- "CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf"
- ]
+ "IgnoreInf": []
},
"GuidCheck": {
"IgnoreGuidName": [],
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 53dd8c3efbe6..b98b068b3d3b 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -9,32 +9,324 @@
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
-#include <Library/PcdLib.h>
-#include <openssl/opensslconf_generated.h>
+
+#include <openssl/opensslv.h>
#ifdef __cplusplus
extern "C" {
#endif
-/* Autogenerated conditional openssl feature list starts here */
-#if !FixedPcdGetBool (PcdOpensslEcEnabled)
-# ifndef OPENSSL_NO_EC
-# define OPENSSL_NO_EC
-# endif
-# ifndef OPENSSL_NO_ECDH
-# define OPENSSL_NO_ECDH
-# endif
-# ifndef OPENSSL_NO_ECDSA
-# define OPENSSL_NO_ECDSA
-# endif
-# ifndef OPENSSL_NO_TLS1_3
-# define OPENSSL_NO_TLS1_3
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+#ifndef OPENSSL_SYS_UEFI
+# define OPENSSL_SYS_UEFI 1
+#endif
+#define OPENSSL_MIN_API 0x10100000L
+#ifndef OPENSSL_NO_BF
+# define OPENSSL_NO_BF
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+# define OPENSSL_NO_BLAKE2
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_CAST
+# define OPENSSL_NO_CAST
+#endif
+#ifndef OPENSSL_NO_CHACHA
+# define OPENSSL_NO_CHACHA
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_CT
+# define OPENSSL_NO_CT
+#endif
+#ifndef OPENSSL_NO_DES
+# define OPENSSL_NO_DES
+#endif
+#ifndef OPENSSL_NO_DSA
+# define OPENSSL_NO_DSA
+#endif
+#ifndef OPENSSL_NO_IDEA
+# define OPENSSL_NO_IDEA
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_MD4
+# define OPENSSL_NO_MD4
+#endif
+#ifndef OPENSSL_NO_MDC2
+# define OPENSSL_NO_MDC2
+#endif
+#ifndef OPENSSL_NO_POLY1305
+# define OPENSSL_NO_POLY1305
+#endif
+#ifndef OPENSSL_NO_RC2
+# define OPENSSL_NO_RC2
+#endif
+#ifndef OPENSSL_NO_RC4
+# define OPENSSL_NO_RC4
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RMD160
+# define OPENSSL_NO_RMD160
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_TS
+# define OPENSSL_NO_TS
+#endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+# define OPENSSL_NO_WHIRLPOOL
+#endif
+#ifndef OPENSSL_RAND_SEED_NONE
+# define OPENSSL_RAND_SEED_NONE
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+#ifndef OPENSSL_NO_APPS
+# define OPENSSL_NO_APPS
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_ASYNC
+# define OPENSSL_NO_ASYNC
+#endif
+#ifndef OPENSSL_NO_AUTOERRINIT
+# define OPENSSL_NO_AUTOERRINIT
+#endif
+#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
+# define OPENSSL_NO_AUTOLOAD_CONFIG
+#endif
+#ifndef OPENSSL_NO_CAPIENG
+# define OPENSSL_NO_CAPIENG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_DEPRECATED
+# define OPENSSL_NO_DEPRECATED
+#endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
+#ifndef OPENSSL_NO_DGRAM
+# define OPENSSL_NO_DGRAM
+#endif
+#ifndef OPENSSL_NO_DTLS
+# define OPENSSL_NO_DTLS
+#endif
+#ifndef OPENSSL_NO_DTLS1
+# define OPENSSL_NO_DTLS1
+#endif
+#ifndef OPENSSL_NO_DTLS1_2
+# define OPENSSL_NO_DTLS1_2
+#endif
+#ifndef OPENSSL_NO_EC2M
+# define OPENSSL_NO_EC2M
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_ENGINE
+# define OPENSSL_NO_ENGINE
+#endif
+#ifndef OPENSSL_NO_ERR
+# define OPENSSL_NO_ERR
+#endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
+#ifndef OPENSSL_NO_FILENAMES
+# define OPENSSL_NO_FILENAMES
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_HW
+# define OPENSSL_NO_HW
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_OCB
+# define OPENSSL_NO_OCB
+#endif
+#ifndef OPENSSL_NO_POSIX_IO
+# define OPENSSL_NO_POSIX_IO
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCRYPT
+# define OPENSSL_NO_SCRYPT
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SOCK
+# define OPENSSL_NO_SOCK
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_SSL3_METHOD
+#endif
+#ifndef OPENSSL_NO_STDIO
+# define OPENSSL_NO_STDIO
+#endif
+#ifndef OPENSSL_NO_TESTS
+# define OPENSSL_NO_TESTS
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UI_CONSOLE
+# define OPENSSL_NO_UI_CONSOLE
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that. This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f) f;
+# ifdef __GNUC__
+# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+# undef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
+# endif
+#elif defined(__SUNPRO_C)
+#if (__SUNPRO_C >= 0x5130)
+#undef DECLARE_DEPRECATED
+#define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
+#endif
# endif
-# ifndef OPENSSL_NO_SM2
-# define OPENSSL_NO_SM2
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+# define OPENSSL_FILE ""
+# define OPENSSL_LINE 0
+# else
+# define OPENSSL_FILE __FILE__
+# define OPENSSL_LINE __LINE__
# endif
#endif
-/* Autogenerated conditional openssl feature list ends here */
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f) f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+# undef BN_LLONG
+/* Only one for the following should be defined */
+# undef SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# define THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned int
#ifdef __cplusplus
}
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf_generated.h b/CryptoPkg/Library/Include/openssl/opensslconf_generated.h
deleted file mode 100644
index 09a6641ffcf9..000000000000
--- a/CryptoPkg/Library/Include/openssl/opensslconf_generated.h
+++ /dev/null
@@ -1,333 +0,0 @@
-/*
- * WARNING: do not edit!
- * Generated from include/openssl/opensslconf.h.in
- *
- * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/opensslv.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# error OPENSSL_ALGORITHM_DEFINES no longer supported
-#endif
-
-/*
- * OpenSSL was configured with the following options:
- */
-
-#ifndef OPENSSL_SYS_UEFI
-# define OPENSSL_SYS_UEFI 1
-#endif
-#define OPENSSL_MIN_API 0x10100000L
-#ifndef OPENSSL_NO_BF
-# define OPENSSL_NO_BF
-#endif
-#ifndef OPENSSL_NO_BLAKE2
-# define OPENSSL_NO_BLAKE2
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAST
-# define OPENSSL_NO_CAST
-#endif
-#ifndef OPENSSL_NO_CHACHA
-# define OPENSSL_NO_CHACHA
-#endif
-#ifndef OPENSSL_NO_CMS
-# define OPENSSL_NO_CMS
-#endif
-#ifndef OPENSSL_NO_CT
-# define OPENSSL_NO_CT
-#endif
-#ifndef OPENSSL_NO_DES
-# define OPENSSL_NO_DES
-#endif
-#ifndef OPENSSL_NO_DSA
-# define OPENSSL_NO_DSA
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_MD4
-# define OPENSSL_NO_MD4
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_POLY1305
-# define OPENSSL_NO_POLY1305
-#endif
-#ifndef OPENSSL_NO_RC2
-# define OPENSSL_NO_RC2
-#endif
-#ifndef OPENSSL_NO_RC4
-# define OPENSSL_NO_RC4
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RMD160
-# define OPENSSL_NO_RMD160
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-#ifndef OPENSSL_NO_SRP
-# define OPENSSL_NO_SRP
-#endif
-#ifndef OPENSSL_NO_TS
-# define OPENSSL_NO_TS
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-# define OPENSSL_NO_WHIRLPOOL
-#endif
-#ifndef OPENSSL_RAND_SEED_NONE
-# define OPENSSL_RAND_SEED_NONE
-#endif
-#ifndef OPENSSL_NO_AFALGENG
-# define OPENSSL_NO_AFALGENG
-#endif
-#ifndef OPENSSL_NO_APPS
-# define OPENSSL_NO_APPS
-#endif
-#ifndef OPENSSL_NO_ASAN
-# define OPENSSL_NO_ASAN
-#endif
-#ifndef OPENSSL_NO_ASYNC
-# define OPENSSL_NO_ASYNC
-#endif
-#ifndef OPENSSL_NO_AUTOERRINIT
-# define OPENSSL_NO_AUTOERRINIT
-#endif
-#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
-# define OPENSSL_NO_AUTOLOAD_CONFIG
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-# define OPENSSL_NO_CRYPTO_MDEBUG
-#endif
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
-# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
-#endif
-#ifndef OPENSSL_NO_DEPRECATED
-# define OPENSSL_NO_DEPRECATED
-#endif
-#ifndef OPENSSL_NO_DEVCRYPTOENG
-# define OPENSSL_NO_DEVCRYPTOENG
-#endif
-#ifndef OPENSSL_NO_DGRAM
-# define OPENSSL_NO_DGRAM
-#endif
-#ifndef OPENSSL_NO_DTLS
-# define OPENSSL_NO_DTLS
-#endif
-#ifndef OPENSSL_NO_DTLS1
-# define OPENSSL_NO_DTLS1
-#endif
-#ifndef OPENSSL_NO_DTLS1_2
-# define OPENSSL_NO_DTLS1_2
-#endif
-#ifndef OPENSSL_NO_EC2M
-# define OPENSSL_NO_EC2M
-#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_EGD
-# define OPENSSL_NO_EGD
-#endif
-#ifndef OPENSSL_NO_ENGINE
-# define OPENSSL_NO_ENGINE
-#endif
-#ifndef OPENSSL_NO_ERR
-# define OPENSSL_NO_ERR
-#endif
-#ifndef OPENSSL_NO_EXTERNAL_TESTS
-# define OPENSSL_NO_EXTERNAL_TESTS
-#endif
-#ifndef OPENSSL_NO_FILENAMES
-# define OPENSSL_NO_FILENAMES
-#endif
-#ifndef OPENSSL_NO_FUZZ_AFL
-# define OPENSSL_NO_FUZZ_AFL
-#endif
-#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
-# define OPENSSL_NO_FUZZ_LIBFUZZER
-#endif
-#ifndef OPENSSL_NO_GOST
-# define OPENSSL_NO_GOST
-#endif
-#ifndef OPENSSL_NO_HEARTBEATS
-# define OPENSSL_NO_HEARTBEATS
-#endif
-#ifndef OPENSSL_NO_HW
-# define OPENSSL_NO_HW
-#endif
-#ifndef OPENSSL_NO_MSAN
-# define OPENSSL_NO_MSAN
-#endif
-#ifndef OPENSSL_NO_OCB
-# define OPENSSL_NO_OCB
-#endif
-#ifndef OPENSSL_NO_POSIX_IO
-# define OPENSSL_NO_POSIX_IO
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_SCRYPT
-# define OPENSSL_NO_SCRYPT
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SOCK
-# define OPENSSL_NO_SOCK
-#endif
-#ifndef OPENSSL_NO_SSL_TRACE
-# define OPENSSL_NO_SSL_TRACE
-#endif
-#ifndef OPENSSL_NO_SSL3
-# define OPENSSL_NO_SSL3
-#endif
-#ifndef OPENSSL_NO_SSL3_METHOD
-# define OPENSSL_NO_SSL3_METHOD
-#endif
-#ifndef OPENSSL_NO_STDIO
-# define OPENSSL_NO_STDIO
-#endif
-#ifndef OPENSSL_NO_TESTS
-# define OPENSSL_NO_TESTS
-#endif
-#ifndef OPENSSL_NO_UBSAN
-# define OPENSSL_NO_UBSAN
-#endif
-#ifndef OPENSSL_NO_UI_CONSOLE
-# define OPENSSL_NO_UI_CONSOLE
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-# define OPENSSL_NO_WEAK_SSL_CIPHERS
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-
-/*
- * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
- * don't like that. This will hopefully silence them.
- */
-#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
-
-/*
- * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
- * declarations of functions deprecated in or before <version>. Otherwise, they
- * still won't see them if the library has been built to disable deprecated
- * functions.
- */
-#ifndef DECLARE_DEPRECATED
-# define DECLARE_DEPRECATED(f) f;
-# ifdef __GNUC__
-# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
-# undef DECLARE_DEPRECATED
-# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
-# endif
-# elif defined(__SUNPRO_C)
-# if (__SUNPRO_C >= 0x5130)
-# undef DECLARE_DEPRECATED
-# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
-# endif
-# endif
-#endif
-
-#ifndef OPENSSL_FILE
-# ifdef OPENSSL_NO_FILENAMES
-# define OPENSSL_FILE ""
-# define OPENSSL_LINE 0
-# else
-# define OPENSSL_FILE __FILE__
-# define OPENSSL_LINE __LINE__
-# endif
-#endif
-
-#ifndef OPENSSL_MIN_API
-# define OPENSSL_MIN_API 0
-#endif
-
-#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
-# undef OPENSSL_API_COMPAT
-# define OPENSSL_API_COMPAT OPENSSL_MIN_API
-#endif
-
-/*
- * Do not deprecate things to be deprecated in version 1.2.0 before the
- * OpenSSL version number matches.
- */
-#if OPENSSL_VERSION_NUMBER < 0x10200000L
-# define DEPRECATEDIN_1_2_0(f) f;
-#elif OPENSSL_API_COMPAT < 0x10200000L
-# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_1_2_0(f)
-#endif
-
-#if OPENSSL_API_COMPAT < 0x10100000L
-# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_1_1_0(f)
-#endif
-
-#if OPENSSL_API_COMPAT < 0x10000000L
-# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_1_0_0(f)
-#endif
-
-#if OPENSSL_API_COMPAT < 0x00908000L
-# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_0_9_8(f)
-#endif
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-/*
- * The following are cipher-specific, but are part of the public API.
- */
-#if !defined(OPENSSL_SYS_UEFI)
-# undef BN_LLONG
-/* Only one for the following should be defined */
-# undef SIXTY_FOUR_BIT_LONG
-# undef SIXTY_FOUR_BIT
-# define THIRTY_TWO_BIT
-#endif
-
-#define RC4_INT unsigned int
-
-#ifdef __cplusplus
-}
-#endif
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index c899b811b149..7d4b729bf7c7 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -1,5 +1,5 @@
## @file
-# This module provides OpenSSL Library implementation.
+# This module provides OpenSSL Library implementation with TLS features.
#
# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
@@ -15,14 +15,18 @@ [Defines]
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
+ CONSTRUCTOR = OpensslLibConstructor
+
DEFINE OPENSSL_PATH = openssl
- DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM
+ DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_TLS1_3 -DOPENSSL_NO_SM2 -DOPENSSL_NO_ASM
+ DEFINE OPENSSL_FLAGS_CONFIG =
#
# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
#
[Sources]
+ OpensslLibConstructor.c
$(OPENSSL_PATH)/e_os.h
$(OPENSSL_PATH)/ms/uplink.h
# Autogenerated files list starts here
@@ -199,43 +203,43 @@ [Sources]
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+# $(OPENSSL_PATH)/crypto/ec/curve25519.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
+# $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+# $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+# $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+# $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+# $(OPENSSL_PATH)/crypto/ec/ec_check.c
+# $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+# $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+# $(OPENSSL_PATH)/crypto/ec/ec_err.c
+# $(OPENSSL_PATH)/crypto/ec/ec_key.c
+# $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
+# $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+# $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+# $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+# $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+# $(OPENSSL_PATH)/crypto/ec/ec_print.c
+# $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
+# $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
+# $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
+# $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
+# $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
+# $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+# $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -421,10 +425,10 @@ [Sources]
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+# $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
+# $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
+# $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
+# $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
$(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -537,15 +541,15 @@ [Sources]
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+# $(OPENSSL_PATH)/crypto/ec/ec_local.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/field.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/word.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -637,15 +641,13 @@ [LibraryClasses]
[LibraryClasses.ARM]
ArmSoftFloatLib
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
-
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought by openssl source,
# so we do not break the build with /WX option:
# C4090: 'function' : different 'const' qualifiers
# C4132: 'object' : const object should be initialized (tls13_enc.c)
+ # C4210: nonstandard extension used: function given file scope
# C4244: conversion from type1 to type2, possible loss of data
# C4245: conversion from type1 to type2, signed/unsigned mismatch
# C4267: conversion from size_t to type, possible loss of data
@@ -657,11 +659,11 @@ [BuildOptions]
# C4706: assignment within conditional expression
# C4819: The file contains a character that cannot be represented in the current code page
#
- MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
- MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
+ MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
+ MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
- INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
- INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
+ INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
+ INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
#
# Suppress the following build warnings in openssl so we don't break the build with -Werror
@@ -670,10 +672,10 @@ [BuildOptions]
# types appropriate to the format string specified.
# -Werror=unused-but-set-variable: Warn whenever a local variable is assigned to, but otherwise unused (aside from its declaration).
#
- GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
- GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
+ GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
+ GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
- GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable
+ GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable -Wno-error=format
GCC:*_*_RISCV64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable
GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
@@ -698,8 +700,8 @@ [BuildOptions]
# 1: ignore "#1-D: last line of file ends without a newline"
# 3017: <entity> may be used before being set (NOTE: This was fixed in OpenSSL 1.1 HEAD with
# commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be dropped then.)
- XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -std=c99 -Wno-error=uninitialized
- XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -std=c99 -Wno-error=uninitialized
+ XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
+ XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
#
# AARCH64 uses strict alignment and avoids SIMD registers for code that may execute
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.uni b/CryptoPkg/Library/OpensslLib/OpensslLib.uni
index abaff8a3c37f..6b62c46040f9 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.uni
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.uni
@@ -1,7 +1,5 @@
// /** @file
-// This module provides openSSL Library implementation.
-//
-// This module provides OpenSSL Library implementation.
+// This module provides OpenSSL Library implementation with TLS features.
//
// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
//
@@ -9,8 +7,6 @@
//
// **/
+#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library implementation with TLS features."
-#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library implementation"
-
-#string STR_MODULE_DESCRIPTION #language en-US "This module provides OpenSSL Library implementation."
-
+#string STR_MODULE_DESCRIPTION #language en-US "This module provides OpenSSL Library implementation with TLS features."
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
similarity index 79%
rename from CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf
rename to CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
index b6ee718edeff..b552b011e2bf 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
@@ -1,5 +1,7 @@
## @file
-# This module provides OpenSSL Library implementation.
+# This module provides OpenSSL Library implementation with TLS features
+# along with performance optimized implementations of SHA1, SHA256, SHA512,
+# AESNI, VPAED, and GHASH for IA32 and X64.
#
# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
@@ -9,33 +11,27 @@
[Defines]
INF_VERSION = 0x00010005
- BASE_NAME = OpensslLibIa32
- MODULE_UNI_FILE = OpensslLib.uni
- FILE_GUID = 5805D1D4-F8EE-4FBA-BDD8-74465F16A534
+ BASE_NAME = OpensslLibAccel
+ MODULE_UNI_FILE = OpensslLibAccel.uni
+ FILE_GUID = 96A34760-B04A-44EB-9680-AC7606E9776B
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
+ CONSTRUCTOR = OpensslLibConstructor
+
DEFINE OPENSSL_PATH = openssl
- DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
+ DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_TLS1_3 -DOPENSSL_NO_SM2
DEFINE OPENSSL_FLAGS_CONFIG = -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
- CONSTRUCTOR = OpensslLibConstructor
#
-# VALID_ARCHITECTURES = IA32
+# VALID_ARCHITECTURES = IA32 X64
#
-[Sources.IA32]
+[Sources]
OpensslLibConstructor.c
$(OPENSSL_PATH)/e_os.h
$(OPENSSL_PATH)/ms/uplink.h
# Autogenerated files list starts here
- IA32/crypto/aes/aesni-x86.nasm
- IA32/crypto/aes/vpaes-x86.nasm
- IA32/crypto/modes/ghash-x86.nasm
- IA32/crypto/sha/sha1-586.nasm
- IA32/crypto/sha/sha256-586.nasm
- IA32/crypto/sha/sha512-586.nasm
- IA32/crypto/x86cpuid.nasm
$(OPENSSL_PATH)/crypto/aes/aes_cbc.c
$(OPENSSL_PATH)/crypto/aes/aes_cfb.c
$(OPENSSL_PATH)/crypto/aes/aes_core.c
@@ -209,43 +205,43 @@ [Sources.IA32]
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+# $(OPENSSL_PATH)/crypto/ec/curve25519.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
+# $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+# $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+# $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+# $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+# $(OPENSSL_PATH)/crypto/ec/ec_check.c
+# $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+# $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+# $(OPENSSL_PATH)/crypto/ec/ec_err.c
+# $(OPENSSL_PATH)/crypto/ec/ec_key.c
+# $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
+# $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+# $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+# $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+# $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+# $(OPENSSL_PATH)/crypto/ec/ec_print.c
+# $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
+# $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
+# $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
+# $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
+# $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
+# $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+# $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -324,6 +320,7 @@ [Sources.IA32]
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
$(OPENSSL_PATH)/crypto/md5/md5_one.c
$(OPENSSL_PATH)/crypto/mem.c
+# $(OPENSSL_PATH)/crypto/mem_clr.c # Replaced by assembly optimized NASM/S files
$(OPENSSL_PATH)/crypto/mem_dbg.c
$(OPENSSL_PATH)/crypto/mem_sec.c
$(OPENSSL_PATH)/crypto/modes/cbc128.c
@@ -430,10 +427,10 @@ [Sources.IA32]
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+# $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
+# $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
+# $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
+# $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
$(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -546,15 +543,15 @@ [Sources.IA32]
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+# $(OPENSSL_PATH)/crypto/ec/ec_local.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/field.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/word.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -633,6 +630,53 @@ [Sources.IA32]
ossl_store.c
rand_pool.c
+[Sources.IA32]
+ IA32/crypto/aes/aesni-x86.nasm | MSFT
+ IA32/crypto/aes/vpaes-x86.nasm | MSFT
+ IA32/crypto/modes/ghash-x86.nasm | MSFT
+ IA32/crypto/sha/sha1-586.nasm | MSFT
+ IA32/crypto/sha/sha256-586.nasm | MSFT
+ IA32/crypto/sha/sha512-586.nasm | MSFT
+ IA32/crypto/x86cpuid.nasm | MSFT
+
+ IA32Gcc/crypto/aes/aesni-x86.S | GCC
+ IA32Gcc/crypto/aes/vpaes-x86.S | GCC
+ IA32Gcc/crypto/modes/ghash-x86.S | GCC
+ IA32Gcc/crypto/sha/sha1-586.S | GCC
+ IA32Gcc/crypto/sha/sha256-586.S | GCC
+ IA32Gcc/crypto/sha/sha512-586.S | GCC
+ IA32Gcc/crypto/x86cpuid.S | GCC
+
+[Sources.X64]
+ X64/ApiHooks.c
+ X64/crypto/aes/aesni-mb-x86_64.nasm | MSFT
+ X64/crypto/aes/aesni-sha1-x86_64.nasm | MSFT
+ X64/crypto/aes/aesni-sha256-x86_64.nasm | MSFT
+ X64/crypto/aes/aesni-x86_64.nasm | MSFT
+ X64/crypto/aes/vpaes-x86_64.nasm | MSFT
+ X64/crypto/modes/aesni-gcm-x86_64.nasm | MSFT
+ X64/crypto/modes/ghash-x86_64.nasm | MSFT
+ X64/crypto/sha/sha1-mb-x86_64.nasm | MSFT
+ X64/crypto/sha/sha1-x86_64.nasm | MSFT
+ X64/crypto/sha/sha256-mb-x86_64.nasm | MSFT
+ X64/crypto/sha/sha256-x86_64.nasm | MSFT
+ X64/crypto/sha/sha512-x86_64.nasm | MSFT
+ X64/crypto/x86_64cpuid.nasm | MSFT
+
+ X64Gcc/crypto/aes/aesni-mb-x86_64.S | GCC
+ X64Gcc/crypto/aes/aesni-sha1-x86_64.S | GCC
+ X64Gcc/crypto/aes/aesni-sha256-x86_64.S | GCC
+ X64Gcc/crypto/aes/aesni-x86_64.S | GCC
+ X64Gcc/crypto/aes/vpaes-x86_64.S | GCC
+ X64Gcc/crypto/modes/aesni-gcm-x86_64.S | GCC
+ X64Gcc/crypto/modes/ghash-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha1-mb-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha1-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha256-mb-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha256-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha512-x86_64.S | GCC
+ X64Gcc/crypto/x86_64cpuid.S | GCC
+
[Packages]
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec
@@ -643,9 +687,6 @@ [LibraryClasses]
RngLib
PrintLib
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
-
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought by openssl source,
@@ -665,8 +706,10 @@ [BuildOptions]
# C4819: The file contains a character that cannot be represented in the current code page
#
MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
+ MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
+ INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
#
# Suppress the following build warnings in openssl so we don't break the build with -Werror
@@ -675,7 +718,11 @@ [BuildOptions]
# types appropriate to the format string specified.
# -Werror=unused-but-set-variable: Warn whenever a local variable is assigned to, but otherwise unused (aside from its declaration).
#
- GCC:*_*_IA32_CC_FLAGS = -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
+ GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
+ GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
+ GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
+ GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
+ GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized -Wno-error=incompatible-pointer-types -Wno-error=pointer-sign -Wno-error=implicit-function-declaration -Wno-error=ignored-pragma-optimize
# suppress the following warnings in openssl so we don't break the build with warnings-as-errors:
# 1295: Deprecated declaration <entity> - give arg types
@@ -697,3 +744,4 @@ [BuildOptions]
# 3017: <entity> may be used before being set (NOTE: This was fixed in OpenSSL 1.1 HEAD with
# commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be dropped then.)
XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
+ XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
new file mode 100644
index 000000000000..e547a0c1e816
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
@@ -0,0 +1,14 @@
+// /** @file
+// This module provides OpenSSL Library implementation with TLS features
+// along with performance optimized implementations of SHA1, SHA256, SHA512,
+// AESNI, VPAED, and GHASH for IA32 and X64.
+//
+// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library implementation with TLS features and performance optimizations"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module provides OpenSSL Library implementation with TLS features along with performance optimized implementations of SHA1, SHA256, SHA512, AESNI, VPAED, and GHASH for IA32 and X64."
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c b/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
index 18d8a5612808..5daf73a54710 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
@@ -6,7 +6,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
-#include <Uefi.h>
+#include <Base.h>
/**
An internal OpenSSL function which fetches a local copy of the hardware
@@ -30,7 +30,7 @@ OPENSSL_cpuid_setup (
@retval EFI_SUCCESS The construction succeeded.
**/
-EFI_STATUS
+RETURN_STATUS
EFIAPI
OpensslLibConstructor (
VOID
@@ -38,5 +38,5 @@ OpensslLibConstructor (
{
OPENSSL_cpuid_setup ();
- return EFI_SUCCESS;
+ return RETURN_SUCCESS;
}
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 0ec372454119..5492865ddb2d 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -1,5 +1,6 @@
## @file
-# This module provides OpenSSL Library implementation.
+# This module provides OpenSSL Library implementation with ECC and TLS
+# features removed and features have performance optimizations enabled.
#
# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
@@ -15,14 +16,18 @@ [Defines]
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
+ CONSTRUCTOR = OpensslLibConstructor
+
DEFINE OPENSSL_PATH = openssl
- DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM
+ DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_TLS1_3 -DOPENSSL_NO_SM2 -DOPENSSL_NO_ASM
+ DEFINE OPENSSL_FLAGS_CONFIG =
#
# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
#
[Sources]
+ OpensslLibConstructor.c
$(OPENSSL_PATH)/e_os.h
$(OPENSSL_PATH)/ms/uplink.h
# Autogenerated files list starts here
@@ -199,43 +204,43 @@ [Sources]
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+# $(OPENSSL_PATH)/crypto/ec/curve25519.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
+# $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+# $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+# $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+# $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+# $(OPENSSL_PATH)/crypto/ec/ec_check.c
+# $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+# $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+# $(OPENSSL_PATH)/crypto/ec/ec_err.c
+# $(OPENSSL_PATH)/crypto/ec/ec_key.c
+# $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
+# $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+# $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+# $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+# $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+# $(OPENSSL_PATH)/crypto/ec/ec_print.c
+# $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
+# $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
+# $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
+# $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
+# $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
+# $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+# $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -421,10 +426,10 @@ [Sources]
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+# $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
+# $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
+# $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
+# $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
$(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -537,15 +542,15 @@ [Sources]
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+# $(OPENSSL_PATH)/crypto/ec/ec_local.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/field.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/word.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -568,6 +573,57 @@ [Sources]
$(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
+# $(OPENSSL_PATH)/ssl/bio_ssl.c
+# $(OPENSSL_PATH)/ssl/d1_lib.c
+# $(OPENSSL_PATH)/ssl/d1_msg.c
+# $(OPENSSL_PATH)/ssl/d1_srtp.c
+# $(OPENSSL_PATH)/ssl/methods.c
+# $(OPENSSL_PATH)/ssl/packet.c
+# $(OPENSSL_PATH)/ssl/pqueue.c
+# $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c
+# $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c
+# $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c
+# $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c
+# $(OPENSSL_PATH)/ssl/record/ssl3_record.c
+# $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c
+# $(OPENSSL_PATH)/ssl/s3_cbc.c
+# $(OPENSSL_PATH)/ssl/s3_enc.c
+# $(OPENSSL_PATH)/ssl/s3_lib.c
+# $(OPENSSL_PATH)/ssl/s3_msg.c
+# $(OPENSSL_PATH)/ssl/ssl_asn1.c
+# $(OPENSSL_PATH)/ssl/ssl_cert.c
+# $(OPENSSL_PATH)/ssl/ssl_ciph.c
+# $(OPENSSL_PATH)/ssl/ssl_conf.c
+# $(OPENSSL_PATH)/ssl/ssl_err.c
+# $(OPENSSL_PATH)/ssl/ssl_init.c
+# $(OPENSSL_PATH)/ssl/ssl_lib.c
+# $(OPENSSL_PATH)/ssl/ssl_mcnf.c
+# $(OPENSSL_PATH)/ssl/ssl_rsa.c
+# $(OPENSSL_PATH)/ssl/ssl_sess.c
+# $(OPENSSL_PATH)/ssl/ssl_stat.c
+# $(OPENSSL_PATH)/ssl/ssl_txt.c
+# $(OPENSSL_PATH)/ssl/ssl_utst.c
+# $(OPENSSL_PATH)/ssl/statem/extensions.c
+# $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c
+# $(OPENSSL_PATH)/ssl/statem/extensions_cust.c
+# $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c
+# $(OPENSSL_PATH)/ssl/statem/statem.c
+# $(OPENSSL_PATH)/ssl/statem/statem_clnt.c
+# $(OPENSSL_PATH)/ssl/statem/statem_dtls.c
+# $(OPENSSL_PATH)/ssl/statem/statem_lib.c
+# $(OPENSSL_PATH)/ssl/statem/statem_srvr.c
+# $(OPENSSL_PATH)/ssl/t1_enc.c
+# $(OPENSSL_PATH)/ssl/t1_lib.c
+# $(OPENSSL_PATH)/ssl/t1_trce.c
+# $(OPENSSL_PATH)/ssl/tls13_enc.c
+# $(OPENSSL_PATH)/ssl/tls_srp.c
+# $(OPENSSL_PATH)/ssl/packet_local.h
+# $(OPENSSL_PATH)/ssl/ssl_cert_table.h
+# $(OPENSSL_PATH)/ssl/ssl_local.h
+# $(OPENSSL_PATH)/ssl/record/record.h
+# $(OPENSSL_PATH)/ssl/record/record_local.h
+# $(OPENSSL_PATH)/ssl/statem/statem.h
+# $(OPENSSL_PATH)/ssl/statem/statem_local.h
# Autogenerated files list ends here
buildinf.h
ossl_store.c
@@ -586,15 +642,13 @@ [LibraryClasses]
[LibraryClasses.ARM]
ArmSoftFloatLib
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
-
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought by openssl source,
# so we do not break the build with /WX option:
# C4090: 'function' : different 'const' qualifiers
# C4132: 'object' : const object should be initialized (tls13_enc.c)
+ # C4210: nonstandard extension used: function given file scope
# C4244: conversion from type1 to type2, possible loss of data
# C4245: conversion from type1 to type2, signed/unsigned mismatch
# C4267: conversion from size_t to type, possible loss of data
@@ -606,11 +660,11 @@ [BuildOptions]
# C4706: assignment within conditional expression
# C4819: The file contains a character that cannot be represented in the current code page
#
- MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
- MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
+ MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
+ MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
- INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
- INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
+ INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
+ INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
#
# Suppress the following build warnings in openssl so we don't break the build with -Werror
@@ -619,10 +673,10 @@ [BuildOptions]
# types appropriate to the format string specified.
# -Werror=unused-but-set-variable: Warn whenever a local variable is assigned to, but otherwise unused (aside from its declaration).
#
- GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
- GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
+ GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
+ GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
- GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable
+ GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable -Wno-error=format
GCC:*_*_RISCV64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable
GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
@@ -647,8 +701,8 @@ [BuildOptions]
# 1: ignore "#1-D: last line of file ends without a newline"
# 3017: <entity> may be used before being set (NOTE: This was fixed in OpenSSL 1.1 HEAD with
# commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be dropped then.)
- XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -std=c99 -Wno-error=uninitialized
- XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -std=c99 -Wno-error=uninitialized
+ XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
+ XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
#
# AARCH64 uses strict alignment and avoids SIMD registers for code that may execute
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni
index d3f12e178cae..462ccf4355f7 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni
@@ -1,7 +1,6 @@
// /** @file
-// This module provides openSSL Library implementation (libcrypto only, no libssl).
-//
-// This module provides OpenSSL Library implementation (libcrypto only, no libssl).
+// This module provides OpenSSL Library implementation (libcrypto only, no
+// libssl or ecc).
//
// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
//
@@ -9,8 +8,6 @@
//
// **/
+#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library implementation (libcrypto only, no libssl or ecc)"
-#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library implementation (libcrypto only, no libssl)"
-
-#string STR_MODULE_DESCRIPTION #language en-US "This module provides OpenSSL Library implementation (libcrypto only, no libssl)."
-
+#string STR_MODULE_DESCRIPTION #language en-US "This module provides OpenSSL Library implementation (libcrypto only, no libssl or ecc)."
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
similarity index 80%
copy from CryptoPkg/Library/OpensslLib/OpensslLib.inf
copy to CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
index c899b811b149..1b5d9fa42405 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
@@ -1,5 +1,11 @@
## @file
-# This module provides OpenSSL Library implementation.
+# This module provides OpenSSL Library implementation with ECC and TLS
+# features.
+#
+# This library should be used if a module module needs ECC in TLS, or
+# asymmetric cryptography services such as X509 certificate or PEM format
+# data processing. This library increases the size overhead up to ~115 KB
+# compared to OpensslLib.inf library instance.
#
# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
@@ -9,20 +15,24 @@
[Defines]
INF_VERSION = 0x00010005
- BASE_NAME = OpensslLib
- MODULE_UNI_FILE = OpensslLib.uni
- FILE_GUID = C873A7D0-9824-409f-9B42-2C158B992E69
+ BASE_NAME = OpensslLibFull
+ MODULE_UNI_FILE = OpensslLibFull.uni
+ FILE_GUID = AB9E2231-D8FC-433F-9F27-FA293B64FB2C
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
+ CONSTRUCTOR = OpensslLibConstructor
+
DEFINE OPENSSL_PATH = openssl
DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM
+ DEFINE OPENSSL_FLAGS_CONFIG =
#
# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
#
[Sources]
+ OpensslLibConstructor.c
$(OPENSSL_PATH)/e_os.h
$(OPENSSL_PATH)/ms/uplink.h
# Autogenerated files list starts here
@@ -199,43 +209,43 @@ [Sources]
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -421,10 +431,10 @@ [Sources]
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
$(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -537,15 +547,15 @@ [Sources]
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -637,15 +647,13 @@ [LibraryClasses]
[LibraryClasses.ARM]
ArmSoftFloatLib
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
-
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought by openssl source,
# so we do not break the build with /WX option:
# C4090: 'function' : different 'const' qualifiers
# C4132: 'object' : const object should be initialized (tls13_enc.c)
+ # C4210: nonstandard extension used: function given file scope
# C4244: conversion from type1 to type2, possible loss of data
# C4245: conversion from type1 to type2, signed/unsigned mismatch
# C4267: conversion from size_t to type, possible loss of data
@@ -657,11 +665,11 @@ [BuildOptions]
# C4706: assignment within conditional expression
# C4819: The file contains a character that cannot be represented in the current code page
#
- MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
- MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
+ MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
+ MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
- INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
- INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
+ INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
+ INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
#
# Suppress the following build warnings in openssl so we don't break the build with -Werror
@@ -670,10 +678,10 @@ [BuildOptions]
# types appropriate to the format string specified.
# -Werror=unused-but-set-variable: Warn whenever a local variable is assigned to, but otherwise unused (aside from its declaration).
#
- GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
- GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
+ GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
+ GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
- GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable
+ GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable -Wno-error=format
GCC:*_*_RISCV64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable
GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
@@ -698,8 +706,8 @@ [BuildOptions]
# 1: ignore "#1-D: last line of file ends without a newline"
# 3017: <entity> may be used before being set (NOTE: This was fixed in OpenSSL 1.1 HEAD with
# commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be dropped then.)
- XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -std=c99 -Wno-error=uninitialized
- XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -std=c99 -Wno-error=uninitialized
+ XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
+ XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
#
# AARCH64 uses strict alignment and avoids SIMD registers for code that may execute
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.uni b/CryptoPkg/Library/OpensslLib/OpensslLibFull.uni
similarity index 56%
copy from CryptoPkg/Library/OpensslLib/OpensslLib.uni
copy to CryptoPkg/Library/OpensslLib/OpensslLibFull.uni
index abaff8a3c37f..ec50adba9f83 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.uni
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.uni
@@ -1,7 +1,5 @@
// /** @file
-// This module provides openSSL Library implementation.
-//
-// This module provides OpenSSL Library implementation.
+// This module provides OpenSSL Library implementation with TLS and ECC features.
//
// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
//
@@ -9,8 +7,6 @@
//
// **/
+#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library implementation with TLS and ECC features"
-#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library implementation"
-
-#string STR_MODULE_DESCRIPTION #language en-US "This module provides OpenSSL Library implementation."
-
+#string STR_MODULE_DESCRIPTION #language en-US "This module provides OpenSSL Library implementation with TLS and ECC features."
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
similarity index 79%
rename from CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf
rename to CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
index 150a82ec7af1..3c7b33f1e512 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
@@ -1,5 +1,12 @@
## @file
-# This module provides OpenSSL Library implementation.
+# This module provides OpenSSL Library implementation with ECC and TLS
+# features along with performance optimized implementations of SHA1,
+# SHA256, SHA512 AESNI, VPAED, and GHASH for IA32 and X64.
+#
+# This library should be used if a module module needs ECC in TLS, or
+# asymmetric cryptography services such as X509 certificate or PEM format
+# data processing. This library increases the size overhead up to ~115 KB
+# compared to OpensslLibAccel.inf library instance.
#
# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
@@ -9,33 +16,27 @@
[Defines]
INF_VERSION = 0x00010005
- BASE_NAME = OpensslLibIa32Gcc
- MODULE_UNI_FILE = OpensslLib.uni
- FILE_GUID = B1B32F26-A4E1-4D38-9E34-53A148B8EB11
+ BASE_NAME = OpensslLibFullAccel
+ MODULE_UNI_FILE = OpensslLibFullAccel.uni
+ FILE_GUID = AC649FB2-ADCF-450A-9C61-ED3CAFF12864
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
+ CONSTRUCTOR = OpensslLibConstructor
+
DEFINE OPENSSL_PATH = openssl
DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
DEFINE OPENSSL_FLAGS_CONFIG = -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
- CONSTRUCTOR = OpensslLibConstructor
#
-# VALID_ARCHITECTURES = IA32
+# VALID_ARCHITECTURES = IA32 X64
#
-[Sources.IA32]
+[Sources]
OpensslLibConstructor.c
$(OPENSSL_PATH)/e_os.h
$(OPENSSL_PATH)/ms/uplink.h
# Autogenerated files list starts here
- IA32Gcc/crypto/aes/aesni-x86.S
- IA32Gcc/crypto/aes/vpaes-x86.S
- IA32Gcc/crypto/modes/ghash-x86.S
- IA32Gcc/crypto/sha/sha1-586.S
- IA32Gcc/crypto/sha/sha256-586.S
- IA32Gcc/crypto/sha/sha512-586.S
- IA32Gcc/crypto/x86cpuid.S
$(OPENSSL_PATH)/crypto/aes/aes_cbc.c
$(OPENSSL_PATH)/crypto/aes/aes_cfb.c
$(OPENSSL_PATH)/crypto/aes/aes_core.c
@@ -209,43 +210,43 @@ [Sources.IA32]
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -324,6 +325,7 @@ [Sources.IA32]
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
$(OPENSSL_PATH)/crypto/md5/md5_one.c
$(OPENSSL_PATH)/crypto/mem.c
+# $(OPENSSL_PATH)/crypto/mem_clr.c # Replaced by assembly optimized NASM/S files
$(OPENSSL_PATH)/crypto/mem_dbg.c
$(OPENSSL_PATH)/crypto/mem_sec.c
$(OPENSSL_PATH)/crypto/modes/cbc128.c
@@ -430,10 +432,10 @@ [Sources.IA32]
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
$(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -546,15 +548,15 @@ [Sources.IA32]
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -633,6 +635,53 @@ [Sources.IA32]
ossl_store.c
rand_pool.c
+[Sources.IA32]
+ IA32/crypto/aes/aesni-x86.nasm | MSFT
+ IA32/crypto/aes/vpaes-x86.nasm | MSFT
+ IA32/crypto/modes/ghash-x86.nasm | MSFT
+ IA32/crypto/sha/sha1-586.nasm | MSFT
+ IA32/crypto/sha/sha256-586.nasm | MSFT
+ IA32/crypto/sha/sha512-586.nasm | MSFT
+ IA32/crypto/x86cpuid.nasm | MSFT
+
+ IA32Gcc/crypto/aes/aesni-x86.S | GCC
+ IA32Gcc/crypto/aes/vpaes-x86.S | GCC
+ IA32Gcc/crypto/modes/ghash-x86.S | GCC
+ IA32Gcc/crypto/sha/sha1-586.S | GCC
+ IA32Gcc/crypto/sha/sha256-586.S | GCC
+ IA32Gcc/crypto/sha/sha512-586.S | GCC
+ IA32Gcc/crypto/x86cpuid.S | GCC
+
+[Sources.X64]
+ X64/ApiHooks.c
+ X64/crypto/aes/aesni-mb-x86_64.nasm | MSFT
+ X64/crypto/aes/aesni-sha1-x86_64.nasm | MSFT
+ X64/crypto/aes/aesni-sha256-x86_64.nasm | MSFT
+ X64/crypto/aes/aesni-x86_64.nasm | MSFT
+ X64/crypto/aes/vpaes-x86_64.nasm | MSFT
+ X64/crypto/modes/aesni-gcm-x86_64.nasm | MSFT
+ X64/crypto/modes/ghash-x86_64.nasm | MSFT
+ X64/crypto/sha/sha1-mb-x86_64.nasm | MSFT
+ X64/crypto/sha/sha1-x86_64.nasm | MSFT
+ X64/crypto/sha/sha256-mb-x86_64.nasm | MSFT
+ X64/crypto/sha/sha256-x86_64.nasm | MSFT
+ X64/crypto/sha/sha512-x86_64.nasm | MSFT
+ X64/crypto/x86_64cpuid.nasm | MSFT
+
+ X64Gcc/crypto/aes/aesni-mb-x86_64.S | GCC
+ X64Gcc/crypto/aes/aesni-sha1-x86_64.S | GCC
+ X64Gcc/crypto/aes/aesni-sha256-x86_64.S | GCC
+ X64Gcc/crypto/aes/aesni-x86_64.S | GCC
+ X64Gcc/crypto/aes/vpaes-x86_64.S | GCC
+ X64Gcc/crypto/modes/aesni-gcm-x86_64.S | GCC
+ X64Gcc/crypto/modes/ghash-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha1-mb-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha1-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha256-mb-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha256-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha512-x86_64.S | GCC
+ X64Gcc/crypto/x86_64cpuid.S | GCC
+
[Packages]
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec
@@ -643,9 +692,6 @@ [LibraryClasses]
RngLib
PrintLib
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
-
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought by openssl source,
@@ -665,8 +711,10 @@ [BuildOptions]
# C4819: The file contains a character that cannot be represented in the current code page
#
MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
+ MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
+ INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
#
# Suppress the following build warnings in openssl so we don't break the build with -Werror
@@ -675,7 +723,11 @@ [BuildOptions]
# types appropriate to the format string specified.
# -Werror=unused-but-set-variable: Warn whenever a local variable is assigned to, but otherwise unused (aside from its declaration).
#
- GCC:*_*_IA32_CC_FLAGS = -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
+ GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
+ GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
+ GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
+ GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
+ GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized -Wno-error=incompatible-pointer-types -Wno-error=pointer-sign -Wno-error=implicit-function-declaration -Wno-error=ignored-pragma-optimize
# suppress the following warnings in openssl so we don't break the build with warnings-as-errors:
# 1295: Deprecated declaration <entity> - give arg types
@@ -697,3 +749,4 @@ [BuildOptions]
# 3017: <entity> may be used before being set (NOTE: This was fixed in OpenSSL 1.1 HEAD with
# commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be dropped then.)
XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
+ XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
new file mode 100644
index 000000000000..b8453b6c902e
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
@@ -0,0 +1,14 @@
+// /** @file
+// This module provides openSSL Library implementation with ECC and TLS
+// features along with performance optimized implementations of SHA1,
+// SHA256, SHA512 AESNI, VPAED, and GHASH for IA32 and X64.
+//
+// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library implementation with TLS and ECC features and performance optimizations"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module provides OpenSSL Library implementation with TLS and ECC features and performance optimizations."
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf b/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
deleted file mode 100644
index 5e92ba0844d5..000000000000
--- a/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
+++ /dev/null
@@ -1,706 +0,0 @@
-## @file
-# This module provides OpenSSL Library implementation.
-#
-# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
-# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
-# SPDX-License-Identifier: BSD-2-Clause-Patent
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = OpensslLibX64
- MODULE_UNI_FILE = OpensslLib.uni
- FILE_GUID = 18125E50-0117-4DD0-BE54-4784AD995FEF
- MODULE_TYPE = BASE
- VERSION_STRING = 1.0
- LIBRARY_CLASS = OpensslLib
- DEFINE OPENSSL_PATH = openssl
- DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
- DEFINE OPENSSL_FLAGS_CONFIG = -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
- CONSTRUCTOR = OpensslLibConstructor
-
-#
-# VALID_ARCHITECTURES = X64
-#
-
-[Sources.X64]
- OpensslLibConstructor.c
- $(OPENSSL_PATH)/e_os.h
- $(OPENSSL_PATH)/ms/uplink.h
-# Autogenerated files list starts here
- X64/crypto/aes/aesni-mb-x86_64.nasm
- X64/crypto/aes/aesni-sha1-x86_64.nasm
- X64/crypto/aes/aesni-sha256-x86_64.nasm
- X64/crypto/aes/aesni-x86_64.nasm
- X64/crypto/aes/vpaes-x86_64.nasm
- X64/crypto/modes/aesni-gcm-x86_64.nasm
- X64/crypto/modes/ghash-x86_64.nasm
- X64/crypto/sha/sha1-mb-x86_64.nasm
- X64/crypto/sha/sha1-x86_64.nasm
- X64/crypto/sha/sha256-mb-x86_64.nasm
- X64/crypto/sha/sha256-x86_64.nasm
- X64/crypto/sha/sha512-x86_64.nasm
- X64/crypto/x86_64cpuid.nasm
- $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
- $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
- $(OPENSSL_PATH)/crypto/aes/aes_core.c
- $(OPENSSL_PATH)/crypto/aes/aes_ige.c
- $(OPENSSL_PATH)/crypto/aes/aes_misc.c
- $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
- $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
- $(OPENSSL_PATH)/crypto/aria/aria.c
- $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
- $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
- $(OPENSSL_PATH)/crypto/asn1/a_digest.c
- $(OPENSSL_PATH)/crypto/asn1/a_dup.c
- $(OPENSSL_PATH)/crypto/asn1/a_gentm.c
- $(OPENSSL_PATH)/crypto/asn1/a_i2d_fp.c
- $(OPENSSL_PATH)/crypto/asn1/a_int.c
- $(OPENSSL_PATH)/crypto/asn1/a_mbstr.c
- $(OPENSSL_PATH)/crypto/asn1/a_object.c
- $(OPENSSL_PATH)/crypto/asn1/a_octet.c
- $(OPENSSL_PATH)/crypto/asn1/a_print.c
- $(OPENSSL_PATH)/crypto/asn1/a_sign.c
- $(OPENSSL_PATH)/crypto/asn1/a_strex.c
- $(OPENSSL_PATH)/crypto/asn1/a_strnid.c
- $(OPENSSL_PATH)/crypto/asn1/a_time.c
- $(OPENSSL_PATH)/crypto/asn1/a_type.c
- $(OPENSSL_PATH)/crypto/asn1/a_utctm.c
- $(OPENSSL_PATH)/crypto/asn1/a_utf8.c
- $(OPENSSL_PATH)/crypto/asn1/a_verify.c
- $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_err.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_par.c
- $(OPENSSL_PATH)/crypto/asn1/asn_mime.c
- $(OPENSSL_PATH)/crypto/asn1/asn_moid.c
- $(OPENSSL_PATH)/crypto/asn1/asn_mstbl.c
- $(OPENSSL_PATH)/crypto/asn1/asn_pack.c
- $(OPENSSL_PATH)/crypto/asn1/bio_asn1.c
- $(OPENSSL_PATH)/crypto/asn1/bio_ndef.c
- $(OPENSSL_PATH)/crypto/asn1/d2i_pr.c
- $(OPENSSL_PATH)/crypto/asn1/d2i_pu.c
- $(OPENSSL_PATH)/crypto/asn1/evp_asn1.c
- $(OPENSSL_PATH)/crypto/asn1/f_int.c
- $(OPENSSL_PATH)/crypto/asn1/f_string.c
- $(OPENSSL_PATH)/crypto/asn1/i2d_pr.c
- $(OPENSSL_PATH)/crypto/asn1/i2d_pu.c
- $(OPENSSL_PATH)/crypto/asn1/n_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/nsseq.c
- $(OPENSSL_PATH)/crypto/asn1/p5_pbe.c
- $(OPENSSL_PATH)/crypto/asn1/p5_pbev2.c
- $(OPENSSL_PATH)/crypto/asn1/p5_scrypt.c
- $(OPENSSL_PATH)/crypto/asn1/p8_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/t_bitst.c
- $(OPENSSL_PATH)/crypto/asn1/t_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/t_spki.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_dec.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_enc.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_fre.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_new.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_prn.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_scn.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_typ.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_utl.c
- $(OPENSSL_PATH)/crypto/asn1/x_algor.c
- $(OPENSSL_PATH)/crypto/asn1/x_bignum.c
- $(OPENSSL_PATH)/crypto/asn1/x_info.c
- $(OPENSSL_PATH)/crypto/asn1/x_int64.c
- $(OPENSSL_PATH)/crypto/asn1/x_long.c
- $(OPENSSL_PATH)/crypto/asn1/x_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/x_sig.c
- $(OPENSSL_PATH)/crypto/asn1/x_spki.c
- $(OPENSSL_PATH)/crypto/asn1/x_val.c
- $(OPENSSL_PATH)/crypto/async/arch/async_null.c
- $(OPENSSL_PATH)/crypto/async/arch/async_posix.c
- $(OPENSSL_PATH)/crypto/async/arch/async_win.c
- $(OPENSSL_PATH)/crypto/async/async.c
- $(OPENSSL_PATH)/crypto/async/async_err.c
- $(OPENSSL_PATH)/crypto/async/async_wait.c
- $(OPENSSL_PATH)/crypto/bio/b_addr.c
- $(OPENSSL_PATH)/crypto/bio/b_dump.c
- $(OPENSSL_PATH)/crypto/bio/b_sock.c
- $(OPENSSL_PATH)/crypto/bio/b_sock2.c
- $(OPENSSL_PATH)/crypto/bio/bf_buff.c
- $(OPENSSL_PATH)/crypto/bio/bf_lbuf.c
- $(OPENSSL_PATH)/crypto/bio/bf_nbio.c
- $(OPENSSL_PATH)/crypto/bio/bf_null.c
- $(OPENSSL_PATH)/crypto/bio/bio_cb.c
- $(OPENSSL_PATH)/crypto/bio/bio_err.c
- $(OPENSSL_PATH)/crypto/bio/bio_lib.c
- $(OPENSSL_PATH)/crypto/bio/bio_meth.c
- $(OPENSSL_PATH)/crypto/bio/bss_acpt.c
- $(OPENSSL_PATH)/crypto/bio/bss_bio.c
- $(OPENSSL_PATH)/crypto/bio/bss_conn.c
- $(OPENSSL_PATH)/crypto/bio/bss_dgram.c
- $(OPENSSL_PATH)/crypto/bio/bss_fd.c
- $(OPENSSL_PATH)/crypto/bio/bss_file.c
- $(OPENSSL_PATH)/crypto/bio/bss_log.c
- $(OPENSSL_PATH)/crypto/bio/bss_mem.c
- $(OPENSSL_PATH)/crypto/bio/bss_null.c
- $(OPENSSL_PATH)/crypto/bio/bss_sock.c
- $(OPENSSL_PATH)/crypto/bn/bn_add.c
- $(OPENSSL_PATH)/crypto/bn/bn_asm.c
- $(OPENSSL_PATH)/crypto/bn/bn_blind.c
- $(OPENSSL_PATH)/crypto/bn/bn_const.c
- $(OPENSSL_PATH)/crypto/bn/bn_ctx.c
- $(OPENSSL_PATH)/crypto/bn/bn_depr.c
- $(OPENSSL_PATH)/crypto/bn/bn_dh.c
- $(OPENSSL_PATH)/crypto/bn/bn_div.c
- $(OPENSSL_PATH)/crypto/bn/bn_err.c
- $(OPENSSL_PATH)/crypto/bn/bn_exp.c
- $(OPENSSL_PATH)/crypto/bn/bn_exp2.c
- $(OPENSSL_PATH)/crypto/bn/bn_gcd.c
- $(OPENSSL_PATH)/crypto/bn/bn_gf2m.c
- $(OPENSSL_PATH)/crypto/bn/bn_intern.c
- $(OPENSSL_PATH)/crypto/bn/bn_kron.c
- $(OPENSSL_PATH)/crypto/bn/bn_lib.c
- $(OPENSSL_PATH)/crypto/bn/bn_mod.c
- $(OPENSSL_PATH)/crypto/bn/bn_mont.c
- $(OPENSSL_PATH)/crypto/bn/bn_mpi.c
- $(OPENSSL_PATH)/crypto/bn/bn_mul.c
- $(OPENSSL_PATH)/crypto/bn/bn_nist.c
- $(OPENSSL_PATH)/crypto/bn/bn_prime.c
- $(OPENSSL_PATH)/crypto/bn/bn_print.c
- $(OPENSSL_PATH)/crypto/bn/bn_rand.c
- $(OPENSSL_PATH)/crypto/bn/bn_recp.c
- $(OPENSSL_PATH)/crypto/bn/bn_shift.c
- $(OPENSSL_PATH)/crypto/bn/bn_sqr.c
- $(OPENSSL_PATH)/crypto/bn/bn_sqrt.c
- $(OPENSSL_PATH)/crypto/bn/bn_srp.c
- $(OPENSSL_PATH)/crypto/bn/bn_word.c
- $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
- $(OPENSSL_PATH)/crypto/buffer/buf_err.c
- $(OPENSSL_PATH)/crypto/buffer/buffer.c
- $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
- $(OPENSSL_PATH)/crypto/cmac/cm_pmeth.c
- $(OPENSSL_PATH)/crypto/cmac/cmac.c
- $(OPENSSL_PATH)/crypto/comp/c_zlib.c
- $(OPENSSL_PATH)/crypto/comp/comp_err.c
- $(OPENSSL_PATH)/crypto/comp/comp_lib.c
- $(OPENSSL_PATH)/crypto/conf/conf_api.c
- $(OPENSSL_PATH)/crypto/conf/conf_def.c
- $(OPENSSL_PATH)/crypto/conf/conf_err.c
- $(OPENSSL_PATH)/crypto/conf/conf_lib.c
- $(OPENSSL_PATH)/crypto/conf/conf_mall.c
- $(OPENSSL_PATH)/crypto/conf/conf_mod.c
- $(OPENSSL_PATH)/crypto/conf/conf_sap.c
- $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
- $(OPENSSL_PATH)/crypto/cpt_err.c
- $(OPENSSL_PATH)/crypto/cryptlib.c
- $(OPENSSL_PATH)/crypto/ctype.c
- $(OPENSSL_PATH)/crypto/cversion.c
- $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
- $(OPENSSL_PATH)/crypto/dh/dh_asn1.c
- $(OPENSSL_PATH)/crypto/dh/dh_check.c
- $(OPENSSL_PATH)/crypto/dh/dh_depr.c
- $(OPENSSL_PATH)/crypto/dh/dh_err.c
- $(OPENSSL_PATH)/crypto/dh/dh_gen.c
- $(OPENSSL_PATH)/crypto/dh/dh_kdf.c
- $(OPENSSL_PATH)/crypto/dh/dh_key.c
- $(OPENSSL_PATH)/crypto/dh/dh_lib.c
- $(OPENSSL_PATH)/crypto/dh/dh_meth.c
- $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c
- $(OPENSSL_PATH)/crypto/dh/dh_prn.c
- $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
- $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
- $(OPENSSL_PATH)/crypto/dso/dso_dl.c
- $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
- $(OPENSSL_PATH)/crypto/dso/dso_err.c
- $(OPENSSL_PATH)/crypto/dso/dso_lib.c
- $(OPENSSL_PATH)/crypto/dso/dso_openssl.c
- $(OPENSSL_PATH)/crypto/dso/dso_vms.c
- $(OPENSSL_PATH)/crypto/dso/dso_win32.c
- $(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/err/err.c
- $(OPENSSL_PATH)/crypto/err/err_prn.c
- $(OPENSSL_PATH)/crypto/evp/bio_b64.c
- $(OPENSSL_PATH)/crypto/evp/bio_enc.c
- $(OPENSSL_PATH)/crypto/evp/bio_md.c
- $(OPENSSL_PATH)/crypto/evp/bio_ok.c
- $(OPENSSL_PATH)/crypto/evp/c_allc.c
- $(OPENSSL_PATH)/crypto/evp/c_alld.c
- $(OPENSSL_PATH)/crypto/evp/cmeth_lib.c
- $(OPENSSL_PATH)/crypto/evp/digest.c
- $(OPENSSL_PATH)/crypto/evp/e_aes.c
- $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c
- $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c
- $(OPENSSL_PATH)/crypto/evp/e_aria.c
- $(OPENSSL_PATH)/crypto/evp/e_bf.c
- $(OPENSSL_PATH)/crypto/evp/e_camellia.c
- $(OPENSSL_PATH)/crypto/evp/e_cast.c
- $(OPENSSL_PATH)/crypto/evp/e_chacha20_poly1305.c
- $(OPENSSL_PATH)/crypto/evp/e_des.c
- $(OPENSSL_PATH)/crypto/evp/e_des3.c
- $(OPENSSL_PATH)/crypto/evp/e_idea.c
- $(OPENSSL_PATH)/crypto/evp/e_null.c
- $(OPENSSL_PATH)/crypto/evp/e_old.c
- $(OPENSSL_PATH)/crypto/evp/e_rc2.c
- $(OPENSSL_PATH)/crypto/evp/e_rc4.c
- $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c
- $(OPENSSL_PATH)/crypto/evp/e_rc5.c
- $(OPENSSL_PATH)/crypto/evp/e_seed.c
- $(OPENSSL_PATH)/crypto/evp/e_sm4.c
- $(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c
- $(OPENSSL_PATH)/crypto/evp/encode.c
- $(OPENSSL_PATH)/crypto/evp/evp_cnf.c
- $(OPENSSL_PATH)/crypto/evp/evp_enc.c
- $(OPENSSL_PATH)/crypto/evp/evp_err.c
- $(OPENSSL_PATH)/crypto/evp/evp_key.c
- $(OPENSSL_PATH)/crypto/evp/evp_lib.c
- $(OPENSSL_PATH)/crypto/evp/evp_pbe.c
- $(OPENSSL_PATH)/crypto/evp/evp_pkey.c
- $(OPENSSL_PATH)/crypto/evp/m_md2.c
- $(OPENSSL_PATH)/crypto/evp/m_md4.c
- $(OPENSSL_PATH)/crypto/evp/m_md5.c
- $(OPENSSL_PATH)/crypto/evp/m_md5_sha1.c
- $(OPENSSL_PATH)/crypto/evp/m_mdc2.c
- $(OPENSSL_PATH)/crypto/evp/m_null.c
- $(OPENSSL_PATH)/crypto/evp/m_ripemd.c
- $(OPENSSL_PATH)/crypto/evp/m_sha1.c
- $(OPENSSL_PATH)/crypto/evp/m_sha3.c
- $(OPENSSL_PATH)/crypto/evp/m_sigver.c
- $(OPENSSL_PATH)/crypto/evp/m_wp.c
- $(OPENSSL_PATH)/crypto/evp/names.c
- $(OPENSSL_PATH)/crypto/evp/p5_crpt.c
- $(OPENSSL_PATH)/crypto/evp/p5_crpt2.c
- $(OPENSSL_PATH)/crypto/evp/p_dec.c
- $(OPENSSL_PATH)/crypto/evp/p_enc.c
- $(OPENSSL_PATH)/crypto/evp/p_lib.c
- $(OPENSSL_PATH)/crypto/evp/p_open.c
- $(OPENSSL_PATH)/crypto/evp/p_seal.c
- $(OPENSSL_PATH)/crypto/evp/p_sign.c
- $(OPENSSL_PATH)/crypto/evp/p_verify.c
- $(OPENSSL_PATH)/crypto/evp/pbe_scrypt.c
- $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
- $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
- $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
- $(OPENSSL_PATH)/crypto/ex_data.c
- $(OPENSSL_PATH)/crypto/getenv.c
- $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
- $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
- $(OPENSSL_PATH)/crypto/hmac/hmac.c
- $(OPENSSL_PATH)/crypto/init.c
- $(OPENSSL_PATH)/crypto/kdf/hkdf.c
- $(OPENSSL_PATH)/crypto/kdf/kdf_err.c
- $(OPENSSL_PATH)/crypto/kdf/scrypt.c
- $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
- $(OPENSSL_PATH)/crypto/lhash/lh_stats.c
- $(OPENSSL_PATH)/crypto/lhash/lhash.c
- $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
- $(OPENSSL_PATH)/crypto/md5/md5_one.c
- $(OPENSSL_PATH)/crypto/mem.c
- $(OPENSSL_PATH)/crypto/mem_dbg.c
- $(OPENSSL_PATH)/crypto/mem_sec.c
- $(OPENSSL_PATH)/crypto/modes/cbc128.c
- $(OPENSSL_PATH)/crypto/modes/ccm128.c
- $(OPENSSL_PATH)/crypto/modes/cfb128.c
- $(OPENSSL_PATH)/crypto/modes/ctr128.c
- $(OPENSSL_PATH)/crypto/modes/cts128.c
- $(OPENSSL_PATH)/crypto/modes/gcm128.c
- $(OPENSSL_PATH)/crypto/modes/ocb128.c
- $(OPENSSL_PATH)/crypto/modes/ofb128.c
- $(OPENSSL_PATH)/crypto/modes/wrap128.c
- $(OPENSSL_PATH)/crypto/modes/xts128.c
- $(OPENSSL_PATH)/crypto/o_dir.c
- $(OPENSSL_PATH)/crypto/o_fips.c
- $(OPENSSL_PATH)/crypto/o_fopen.c
- $(OPENSSL_PATH)/crypto/o_init.c
- $(OPENSSL_PATH)/crypto/o_str.c
- $(OPENSSL_PATH)/crypto/o_time.c
- $(OPENSSL_PATH)/crypto/objects/o_names.c
- $(OPENSSL_PATH)/crypto/objects/obj_dat.c
- $(OPENSSL_PATH)/crypto/objects/obj_err.c
- $(OPENSSL_PATH)/crypto/objects/obj_lib.c
- $(OPENSSL_PATH)/crypto/objects/obj_xref.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
- $(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
- $(OPENSSL_PATH)/crypto/pem/pem_all.c
- $(OPENSSL_PATH)/crypto/pem/pem_err.c
- $(OPENSSL_PATH)/crypto/pem/pem_info.c
- $(OPENSSL_PATH)/crypto/pem/pem_lib.c
- $(OPENSSL_PATH)/crypto/pem/pem_oth.c
- $(OPENSSL_PATH)/crypto/pem/pem_pk8.c
- $(OPENSSL_PATH)/crypto/pem/pem_pkey.c
- $(OPENSSL_PATH)/crypto/pem/pem_sign.c
- $(OPENSSL_PATH)/crypto/pem/pem_x509.c
- $(OPENSSL_PATH)/crypto/pem/pem_xaux.c
- $(OPENSSL_PATH)/crypto/pem/pvkfmt.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_add.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_attr.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_crpt.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_crt.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_decr.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_init.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_key.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_kiss.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_mutl.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_npas.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_sbag.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c
- $(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
- $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_doit.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
- $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
- $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
- $(OPENSSL_PATH)/crypto/rand/drbg_lib.c
- $(OPENSSL_PATH)/crypto/rand/rand_egd.c
- $(OPENSSL_PATH)/crypto/rand/rand_err.c
- $(OPENSSL_PATH)/crypto/rand/rand_lib.c
- $(OPENSSL_PATH)/crypto/rand/rand_unix.c
- $(OPENSSL_PATH)/crypto/rand/rand_vms.c
- $(OPENSSL_PATH)/crypto/rand/rand_win.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_crpt.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_depr.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_err.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_meth.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_mp.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_none.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_ossl.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_pmeth.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_prn.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_pss.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_saos.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_sign.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
- $(OPENSSL_PATH)/crypto/sha/keccak1600.c
- $(OPENSSL_PATH)/crypto/sha/sha1_one.c
- $(OPENSSL_PATH)/crypto/sha/sha1dgst.c
- $(OPENSSL_PATH)/crypto/sha/sha256.c
- $(OPENSSL_PATH)/crypto/sha/sha512.c
- $(OPENSSL_PATH)/crypto/siphash/siphash.c
- $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
- $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
- $(OPENSSL_PATH)/crypto/sm3/sm3.c
- $(OPENSSL_PATH)/crypto/sm4/sm4.c
- $(OPENSSL_PATH)/crypto/stack/stack.c
- $(OPENSSL_PATH)/crypto/threads_none.c
- $(OPENSSL_PATH)/crypto/threads_pthread.c
- $(OPENSSL_PATH)/crypto/threads_win.c
- $(OPENSSL_PATH)/crypto/txt_db/txt_db.c
- $(OPENSSL_PATH)/crypto/ui/ui_err.c
- $(OPENSSL_PATH)/crypto/ui/ui_lib.c
- $(OPENSSL_PATH)/crypto/ui/ui_null.c
- $(OPENSSL_PATH)/crypto/ui/ui_openssl.c
- $(OPENSSL_PATH)/crypto/ui/ui_util.c
- $(OPENSSL_PATH)/crypto/uid.c
- $(OPENSSL_PATH)/crypto/x509/by_dir.c
- $(OPENSSL_PATH)/crypto/x509/by_file.c
- $(OPENSSL_PATH)/crypto/x509/t_crl.c
- $(OPENSSL_PATH)/crypto/x509/t_req.c
- $(OPENSSL_PATH)/crypto/x509/t_x509.c
- $(OPENSSL_PATH)/crypto/x509/x509_att.c
- $(OPENSSL_PATH)/crypto/x509/x509_cmp.c
- $(OPENSSL_PATH)/crypto/x509/x509_d2.c
- $(OPENSSL_PATH)/crypto/x509/x509_def.c
- $(OPENSSL_PATH)/crypto/x509/x509_err.c
- $(OPENSSL_PATH)/crypto/x509/x509_ext.c
- $(OPENSSL_PATH)/crypto/x509/x509_lu.c
- $(OPENSSL_PATH)/crypto/x509/x509_meth.c
- $(OPENSSL_PATH)/crypto/x509/x509_obj.c
- $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
- $(OPENSSL_PATH)/crypto/x509/x509_req.c
- $(OPENSSL_PATH)/crypto/x509/x509_set.c
- $(OPENSSL_PATH)/crypto/x509/x509_trs.c
- $(OPENSSL_PATH)/crypto/x509/x509_txt.c
- $(OPENSSL_PATH)/crypto/x509/x509_v3.c
- $(OPENSSL_PATH)/crypto/x509/x509_vfy.c
- $(OPENSSL_PATH)/crypto/x509/x509_vpm.c
- $(OPENSSL_PATH)/crypto/x509/x509cset.c
- $(OPENSSL_PATH)/crypto/x509/x509name.c
- $(OPENSSL_PATH)/crypto/x509/x509rset.c
- $(OPENSSL_PATH)/crypto/x509/x509spki.c
- $(OPENSSL_PATH)/crypto/x509/x509type.c
- $(OPENSSL_PATH)/crypto/x509/x_all.c
- $(OPENSSL_PATH)/crypto/x509/x_attrib.c
- $(OPENSSL_PATH)/crypto/x509/x_crl.c
- $(OPENSSL_PATH)/crypto/x509/x_exten.c
- $(OPENSSL_PATH)/crypto/x509/x_name.c
- $(OPENSSL_PATH)/crypto/x509/x_pubkey.c
- $(OPENSSL_PATH)/crypto/x509/x_req.c
- $(OPENSSL_PATH)/crypto/x509/x_x509.c
- $(OPENSSL_PATH)/crypto/x509/x_x509a.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_map.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_admis.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_asid.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_bcons.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_bitst.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_conf.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_cpols.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_crld.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_enum.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_extku.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_genn.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_ia5.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_info.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_int.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_lib.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_ncons.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pci.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pcia.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pcons.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pku.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pmaps.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_prn.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_purp.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_skey.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_sxnet.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
- $(OPENSSL_PATH)/crypto/x509v3/v3err.c
- $(OPENSSL_PATH)/crypto/arm_arch.h
- $(OPENSSL_PATH)/crypto/mips_arch.h
- $(OPENSSL_PATH)/crypto/ppc_arch.h
- $(OPENSSL_PATH)/crypto/s390x_arch.h
- $(OPENSSL_PATH)/crypto/sparc_arch.h
- $(OPENSSL_PATH)/crypto/vms_rms.h
- $(OPENSSL_PATH)/crypto/aes/aes_local.h
- $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
- $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
- $(OPENSSL_PATH)/crypto/asn1/charmap.h
- $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
- $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
- $(OPENSSL_PATH)/crypto/async/async_local.h
- $(OPENSSL_PATH)/crypto/async/arch/async_null.h
- $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
- $(OPENSSL_PATH)/crypto/async/arch/async_win.h
- $(OPENSSL_PATH)/crypto/bio/bio_local.h
- $(OPENSSL_PATH)/crypto/bn/bn_local.h
- $(OPENSSL_PATH)/crypto/bn/bn_prime.h
- $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
- $(OPENSSL_PATH)/crypto/comp/comp_local.h
- $(OPENSSL_PATH)/crypto/conf/conf_def.h
- $(OPENSSL_PATH)/crypto/conf/conf_local.h
- $(OPENSSL_PATH)/crypto/dh/dh_local.h
- $(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/evp/evp_local.h
- $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
- $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
- $(OPENSSL_PATH)/crypto/md5/md5_local.h
- $(OPENSSL_PATH)/crypto/modes/modes_local.h
- $(OPENSSL_PATH)/crypto/objects/obj_dat.h
- $(OPENSSL_PATH)/crypto/objects/obj_local.h
- $(OPENSSL_PATH)/crypto/objects/obj_xref.h
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
- $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
- $(OPENSSL_PATH)/crypto/rand/rand_local.h
- $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
- $(OPENSSL_PATH)/crypto/sha/sha_local.h
- $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
- $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
- $(OPENSSL_PATH)/crypto/store/store_local.h
- $(OPENSSL_PATH)/crypto/ui/ui_local.h
- $(OPENSSL_PATH)/crypto/x509/x509_local.h
- $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
- $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
- $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
- $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
- $(OPENSSL_PATH)/ssl/bio_ssl.c
- $(OPENSSL_PATH)/ssl/d1_lib.c
- $(OPENSSL_PATH)/ssl/d1_msg.c
- $(OPENSSL_PATH)/ssl/d1_srtp.c
- $(OPENSSL_PATH)/ssl/methods.c
- $(OPENSSL_PATH)/ssl/packet.c
- $(OPENSSL_PATH)/ssl/pqueue.c
- $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c
- $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c
- $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c
- $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c
- $(OPENSSL_PATH)/ssl/record/ssl3_record.c
- $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c
- $(OPENSSL_PATH)/ssl/s3_cbc.c
- $(OPENSSL_PATH)/ssl/s3_enc.c
- $(OPENSSL_PATH)/ssl/s3_lib.c
- $(OPENSSL_PATH)/ssl/s3_msg.c
- $(OPENSSL_PATH)/ssl/ssl_asn1.c
- $(OPENSSL_PATH)/ssl/ssl_cert.c
- $(OPENSSL_PATH)/ssl/ssl_ciph.c
- $(OPENSSL_PATH)/ssl/ssl_conf.c
- $(OPENSSL_PATH)/ssl/ssl_err.c
- $(OPENSSL_PATH)/ssl/ssl_init.c
- $(OPENSSL_PATH)/ssl/ssl_lib.c
- $(OPENSSL_PATH)/ssl/ssl_mcnf.c
- $(OPENSSL_PATH)/ssl/ssl_rsa.c
- $(OPENSSL_PATH)/ssl/ssl_sess.c
- $(OPENSSL_PATH)/ssl/ssl_stat.c
- $(OPENSSL_PATH)/ssl/ssl_txt.c
- $(OPENSSL_PATH)/ssl/ssl_utst.c
- $(OPENSSL_PATH)/ssl/statem/extensions.c
- $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c
- $(OPENSSL_PATH)/ssl/statem/extensions_cust.c
- $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c
- $(OPENSSL_PATH)/ssl/statem/statem.c
- $(OPENSSL_PATH)/ssl/statem/statem_clnt.c
- $(OPENSSL_PATH)/ssl/statem/statem_dtls.c
- $(OPENSSL_PATH)/ssl/statem/statem_lib.c
- $(OPENSSL_PATH)/ssl/statem/statem_srvr.c
- $(OPENSSL_PATH)/ssl/t1_enc.c
- $(OPENSSL_PATH)/ssl/t1_lib.c
- $(OPENSSL_PATH)/ssl/t1_trce.c
- $(OPENSSL_PATH)/ssl/tls13_enc.c
- $(OPENSSL_PATH)/ssl/tls_srp.c
- $(OPENSSL_PATH)/ssl/packet_local.h
- $(OPENSSL_PATH)/ssl/ssl_cert_table.h
- $(OPENSSL_PATH)/ssl/ssl_local.h
- $(OPENSSL_PATH)/ssl/record/record.h
- $(OPENSSL_PATH)/ssl/record/record_local.h
- $(OPENSSL_PATH)/ssl/statem/statem.h
- $(OPENSSL_PATH)/ssl/statem/statem_local.h
-# Autogenerated files list ends here
- buildinf.h
- ossl_store.c
- rand_pool.c
- X64/ApiHooks.c
-
-[Packages]
- MdePkg/MdePkg.dec
- CryptoPkg/CryptoPkg.dec
-
-[LibraryClasses]
- BaseLib
- DebugLib
- RngLib
- PrintLib
-
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
-
-[BuildOptions]
- #
- # Disables the following Visual Studio compiler warnings brought by openssl source,
- # so we do not break the build with /WX option:
- # C4090: 'function' : different 'const' qualifiers
- # C4132: 'object' : const object should be initialized (tls13_enc.c)
- # C4210: nonstandard extension used: function given file scope
- # C4244: conversion from type1 to type2, possible loss of data
- # C4245: conversion from type1 to type2, signed/unsigned mismatch
- # C4267: conversion from size_t to type, possible loss of data
- # C4306: 'identifier' : conversion from 'type1' to 'type2' of greater size
- # C4310: cast truncates constant value
- # C4389: 'operator' : signed/unsigned mismatch (xxxx)
- # C4700: uninitialized local variable 'name' used. (conf_sap.c(71))
- # C4702: unreachable code
- # C4706: assignment within conditional expression
- # C4819: The file contains a character that cannot be represented in the current code page
- #
- MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
-
- INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
-
- #
- # Suppress the following build warnings in openssl so we don't break the build with -Werror
- # -Werror=maybe-uninitialized: there exist some other paths for which the variable is not initialized.
- # -Werror=format: Check calls to printf and scanf, etc., to make sure that the arguments supplied have
- # types appropriate to the format string specified.
- # -Werror=unused-but-set-variable: Warn whenever a local variable is assigned to, but otherwise unused (aside from its declaration).
- #
- GCC:*_*_X64_CC_FLAGS = -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
-
- # suppress the following warnings in openssl so we don't break the build with warnings-as-errors:
- # 1295: Deprecated declaration <entity> - give arg types
- # 550: <entity> was set but never used
- # 1293: assignment in condition
- # 111: statement is unreachable (invariably "break;" after "return X;" in case statement)
- # 68: integer conversion resulted in a change of sign ("if (Status == -1)")
- # 177: <entity> was declared but never referenced
- # 223: function <entity> declared implicitly
- # 144: a value of type <type> cannot be used to initialize an entity of type <type>
- # 513: a value of type <type> cannot be assigned to an entity of type <type>
- # 188: enumerated type mixed with another type (i.e. passing an integer as an enum without a cast)
- # 1296: Extended constant initialiser used
- # 128: loop is not reachable - may be emitted inappropriately if code follows a conditional return
- # from the function that evaluates to true at compile time
- # 546: transfer of control bypasses initialization - may be emitted inappropriately if the uninitialized
- # variable is never referenced after the jump
- # 1: ignore "#1-D: last line of file ends without a newline"
- # 3017: <entity> may be used before being set (NOTE: This was fixed in OpenSSL 1.1 HEAD with
- # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be dropped then.)
- XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf b/CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
deleted file mode 100644
index 0f1b4b16f8b1..000000000000
--- a/CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
+++ /dev/null
@@ -1,706 +0,0 @@
-## @file
-# This module provides OpenSSL Library implementation.
-#
-# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
-# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
-# SPDX-License-Identifier: BSD-2-Clause-Patent
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = OpensslLibX64Gcc
- MODULE_UNI_FILE = OpensslLib.uni
- FILE_GUID = DD90DB9D-6A3F-4F2B-87BF-A8F2BBEF982F
- MODULE_TYPE = BASE
- VERSION_STRING = 1.0
- LIBRARY_CLASS = OpensslLib
- DEFINE OPENSSL_PATH = openssl
- DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
- DEFINE OPENSSL_FLAGS_CONFIG = -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
- CONSTRUCTOR = OpensslLibConstructor
-
-#
-# VALID_ARCHITECTURES = X64
-#
-
-[Sources.X64]
- OpensslLibConstructor.c
- $(OPENSSL_PATH)/e_os.h
- $(OPENSSL_PATH)/ms/uplink.h
-# Autogenerated files list starts here
- X64Gcc/crypto/aes/aesni-mb-x86_64.S
- X64Gcc/crypto/aes/aesni-sha1-x86_64.S
- X64Gcc/crypto/aes/aesni-sha256-x86_64.S
- X64Gcc/crypto/aes/aesni-x86_64.S
- X64Gcc/crypto/aes/vpaes-x86_64.S
- X64Gcc/crypto/modes/aesni-gcm-x86_64.S
- X64Gcc/crypto/modes/ghash-x86_64.S
- X64Gcc/crypto/sha/sha1-mb-x86_64.S
- X64Gcc/crypto/sha/sha1-x86_64.S
- X64Gcc/crypto/sha/sha256-mb-x86_64.S
- X64Gcc/crypto/sha/sha256-x86_64.S
- X64Gcc/crypto/sha/sha512-x86_64.S
- X64Gcc/crypto/x86_64cpuid.S
- $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
- $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
- $(OPENSSL_PATH)/crypto/aes/aes_core.c
- $(OPENSSL_PATH)/crypto/aes/aes_ige.c
- $(OPENSSL_PATH)/crypto/aes/aes_misc.c
- $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
- $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
- $(OPENSSL_PATH)/crypto/aria/aria.c
- $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
- $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
- $(OPENSSL_PATH)/crypto/asn1/a_digest.c
- $(OPENSSL_PATH)/crypto/asn1/a_dup.c
- $(OPENSSL_PATH)/crypto/asn1/a_gentm.c
- $(OPENSSL_PATH)/crypto/asn1/a_i2d_fp.c
- $(OPENSSL_PATH)/crypto/asn1/a_int.c
- $(OPENSSL_PATH)/crypto/asn1/a_mbstr.c
- $(OPENSSL_PATH)/crypto/asn1/a_object.c
- $(OPENSSL_PATH)/crypto/asn1/a_octet.c
- $(OPENSSL_PATH)/crypto/asn1/a_print.c
- $(OPENSSL_PATH)/crypto/asn1/a_sign.c
- $(OPENSSL_PATH)/crypto/asn1/a_strex.c
- $(OPENSSL_PATH)/crypto/asn1/a_strnid.c
- $(OPENSSL_PATH)/crypto/asn1/a_time.c
- $(OPENSSL_PATH)/crypto/asn1/a_type.c
- $(OPENSSL_PATH)/crypto/asn1/a_utctm.c
- $(OPENSSL_PATH)/crypto/asn1/a_utf8.c
- $(OPENSSL_PATH)/crypto/asn1/a_verify.c
- $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_err.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_par.c
- $(OPENSSL_PATH)/crypto/asn1/asn_mime.c
- $(OPENSSL_PATH)/crypto/asn1/asn_moid.c
- $(OPENSSL_PATH)/crypto/asn1/asn_mstbl.c
- $(OPENSSL_PATH)/crypto/asn1/asn_pack.c
- $(OPENSSL_PATH)/crypto/asn1/bio_asn1.c
- $(OPENSSL_PATH)/crypto/asn1/bio_ndef.c
- $(OPENSSL_PATH)/crypto/asn1/d2i_pr.c
- $(OPENSSL_PATH)/crypto/asn1/d2i_pu.c
- $(OPENSSL_PATH)/crypto/asn1/evp_asn1.c
- $(OPENSSL_PATH)/crypto/asn1/f_int.c
- $(OPENSSL_PATH)/crypto/asn1/f_string.c
- $(OPENSSL_PATH)/crypto/asn1/i2d_pr.c
- $(OPENSSL_PATH)/crypto/asn1/i2d_pu.c
- $(OPENSSL_PATH)/crypto/asn1/n_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/nsseq.c
- $(OPENSSL_PATH)/crypto/asn1/p5_pbe.c
- $(OPENSSL_PATH)/crypto/asn1/p5_pbev2.c
- $(OPENSSL_PATH)/crypto/asn1/p5_scrypt.c
- $(OPENSSL_PATH)/crypto/asn1/p8_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/t_bitst.c
- $(OPENSSL_PATH)/crypto/asn1/t_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/t_spki.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_dec.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_enc.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_fre.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_new.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_prn.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_scn.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_typ.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_utl.c
- $(OPENSSL_PATH)/crypto/asn1/x_algor.c
- $(OPENSSL_PATH)/crypto/asn1/x_bignum.c
- $(OPENSSL_PATH)/crypto/asn1/x_info.c
- $(OPENSSL_PATH)/crypto/asn1/x_int64.c
- $(OPENSSL_PATH)/crypto/asn1/x_long.c
- $(OPENSSL_PATH)/crypto/asn1/x_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/x_sig.c
- $(OPENSSL_PATH)/crypto/asn1/x_spki.c
- $(OPENSSL_PATH)/crypto/asn1/x_val.c
- $(OPENSSL_PATH)/crypto/async/arch/async_null.c
- $(OPENSSL_PATH)/crypto/async/arch/async_posix.c
- $(OPENSSL_PATH)/crypto/async/arch/async_win.c
- $(OPENSSL_PATH)/crypto/async/async.c
- $(OPENSSL_PATH)/crypto/async/async_err.c
- $(OPENSSL_PATH)/crypto/async/async_wait.c
- $(OPENSSL_PATH)/crypto/bio/b_addr.c
- $(OPENSSL_PATH)/crypto/bio/b_dump.c
- $(OPENSSL_PATH)/crypto/bio/b_sock.c
- $(OPENSSL_PATH)/crypto/bio/b_sock2.c
- $(OPENSSL_PATH)/crypto/bio/bf_buff.c
- $(OPENSSL_PATH)/crypto/bio/bf_lbuf.c
- $(OPENSSL_PATH)/crypto/bio/bf_nbio.c
- $(OPENSSL_PATH)/crypto/bio/bf_null.c
- $(OPENSSL_PATH)/crypto/bio/bio_cb.c
- $(OPENSSL_PATH)/crypto/bio/bio_err.c
- $(OPENSSL_PATH)/crypto/bio/bio_lib.c
- $(OPENSSL_PATH)/crypto/bio/bio_meth.c
- $(OPENSSL_PATH)/crypto/bio/bss_acpt.c
- $(OPENSSL_PATH)/crypto/bio/bss_bio.c
- $(OPENSSL_PATH)/crypto/bio/bss_conn.c
- $(OPENSSL_PATH)/crypto/bio/bss_dgram.c
- $(OPENSSL_PATH)/crypto/bio/bss_fd.c
- $(OPENSSL_PATH)/crypto/bio/bss_file.c
- $(OPENSSL_PATH)/crypto/bio/bss_log.c
- $(OPENSSL_PATH)/crypto/bio/bss_mem.c
- $(OPENSSL_PATH)/crypto/bio/bss_null.c
- $(OPENSSL_PATH)/crypto/bio/bss_sock.c
- $(OPENSSL_PATH)/crypto/bn/bn_add.c
- $(OPENSSL_PATH)/crypto/bn/bn_asm.c
- $(OPENSSL_PATH)/crypto/bn/bn_blind.c
- $(OPENSSL_PATH)/crypto/bn/bn_const.c
- $(OPENSSL_PATH)/crypto/bn/bn_ctx.c
- $(OPENSSL_PATH)/crypto/bn/bn_depr.c
- $(OPENSSL_PATH)/crypto/bn/bn_dh.c
- $(OPENSSL_PATH)/crypto/bn/bn_div.c
- $(OPENSSL_PATH)/crypto/bn/bn_err.c
- $(OPENSSL_PATH)/crypto/bn/bn_exp.c
- $(OPENSSL_PATH)/crypto/bn/bn_exp2.c
- $(OPENSSL_PATH)/crypto/bn/bn_gcd.c
- $(OPENSSL_PATH)/crypto/bn/bn_gf2m.c
- $(OPENSSL_PATH)/crypto/bn/bn_intern.c
- $(OPENSSL_PATH)/crypto/bn/bn_kron.c
- $(OPENSSL_PATH)/crypto/bn/bn_lib.c
- $(OPENSSL_PATH)/crypto/bn/bn_mod.c
- $(OPENSSL_PATH)/crypto/bn/bn_mont.c
- $(OPENSSL_PATH)/crypto/bn/bn_mpi.c
- $(OPENSSL_PATH)/crypto/bn/bn_mul.c
- $(OPENSSL_PATH)/crypto/bn/bn_nist.c
- $(OPENSSL_PATH)/crypto/bn/bn_prime.c
- $(OPENSSL_PATH)/crypto/bn/bn_print.c
- $(OPENSSL_PATH)/crypto/bn/bn_rand.c
- $(OPENSSL_PATH)/crypto/bn/bn_recp.c
- $(OPENSSL_PATH)/crypto/bn/bn_shift.c
- $(OPENSSL_PATH)/crypto/bn/bn_sqr.c
- $(OPENSSL_PATH)/crypto/bn/bn_sqrt.c
- $(OPENSSL_PATH)/crypto/bn/bn_srp.c
- $(OPENSSL_PATH)/crypto/bn/bn_word.c
- $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
- $(OPENSSL_PATH)/crypto/buffer/buf_err.c
- $(OPENSSL_PATH)/crypto/buffer/buffer.c
- $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
- $(OPENSSL_PATH)/crypto/cmac/cm_pmeth.c
- $(OPENSSL_PATH)/crypto/cmac/cmac.c
- $(OPENSSL_PATH)/crypto/comp/c_zlib.c
- $(OPENSSL_PATH)/crypto/comp/comp_err.c
- $(OPENSSL_PATH)/crypto/comp/comp_lib.c
- $(OPENSSL_PATH)/crypto/conf/conf_api.c
- $(OPENSSL_PATH)/crypto/conf/conf_def.c
- $(OPENSSL_PATH)/crypto/conf/conf_err.c
- $(OPENSSL_PATH)/crypto/conf/conf_lib.c
- $(OPENSSL_PATH)/crypto/conf/conf_mall.c
- $(OPENSSL_PATH)/crypto/conf/conf_mod.c
- $(OPENSSL_PATH)/crypto/conf/conf_sap.c
- $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
- $(OPENSSL_PATH)/crypto/cpt_err.c
- $(OPENSSL_PATH)/crypto/cryptlib.c
- $(OPENSSL_PATH)/crypto/ctype.c
- $(OPENSSL_PATH)/crypto/cversion.c
- $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
- $(OPENSSL_PATH)/crypto/dh/dh_asn1.c
- $(OPENSSL_PATH)/crypto/dh/dh_check.c
- $(OPENSSL_PATH)/crypto/dh/dh_depr.c
- $(OPENSSL_PATH)/crypto/dh/dh_err.c
- $(OPENSSL_PATH)/crypto/dh/dh_gen.c
- $(OPENSSL_PATH)/crypto/dh/dh_kdf.c
- $(OPENSSL_PATH)/crypto/dh/dh_key.c
- $(OPENSSL_PATH)/crypto/dh/dh_lib.c
- $(OPENSSL_PATH)/crypto/dh/dh_meth.c
- $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c
- $(OPENSSL_PATH)/crypto/dh/dh_prn.c
- $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
- $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
- $(OPENSSL_PATH)/crypto/dso/dso_dl.c
- $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
- $(OPENSSL_PATH)/crypto/dso/dso_err.c
- $(OPENSSL_PATH)/crypto/dso/dso_lib.c
- $(OPENSSL_PATH)/crypto/dso/dso_openssl.c
- $(OPENSSL_PATH)/crypto/dso/dso_vms.c
- $(OPENSSL_PATH)/crypto/dso/dso_win32.c
- $(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/err/err.c
- $(OPENSSL_PATH)/crypto/err/err_prn.c
- $(OPENSSL_PATH)/crypto/evp/bio_b64.c
- $(OPENSSL_PATH)/crypto/evp/bio_enc.c
- $(OPENSSL_PATH)/crypto/evp/bio_md.c
- $(OPENSSL_PATH)/crypto/evp/bio_ok.c
- $(OPENSSL_PATH)/crypto/evp/c_allc.c
- $(OPENSSL_PATH)/crypto/evp/c_alld.c
- $(OPENSSL_PATH)/crypto/evp/cmeth_lib.c
- $(OPENSSL_PATH)/crypto/evp/digest.c
- $(OPENSSL_PATH)/crypto/evp/e_aes.c
- $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c
- $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c
- $(OPENSSL_PATH)/crypto/evp/e_aria.c
- $(OPENSSL_PATH)/crypto/evp/e_bf.c
- $(OPENSSL_PATH)/crypto/evp/e_camellia.c
- $(OPENSSL_PATH)/crypto/evp/e_cast.c
- $(OPENSSL_PATH)/crypto/evp/e_chacha20_poly1305.c
- $(OPENSSL_PATH)/crypto/evp/e_des.c
- $(OPENSSL_PATH)/crypto/evp/e_des3.c
- $(OPENSSL_PATH)/crypto/evp/e_idea.c
- $(OPENSSL_PATH)/crypto/evp/e_null.c
- $(OPENSSL_PATH)/crypto/evp/e_old.c
- $(OPENSSL_PATH)/crypto/evp/e_rc2.c
- $(OPENSSL_PATH)/crypto/evp/e_rc4.c
- $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c
- $(OPENSSL_PATH)/crypto/evp/e_rc5.c
- $(OPENSSL_PATH)/crypto/evp/e_seed.c
- $(OPENSSL_PATH)/crypto/evp/e_sm4.c
- $(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c
- $(OPENSSL_PATH)/crypto/evp/encode.c
- $(OPENSSL_PATH)/crypto/evp/evp_cnf.c
- $(OPENSSL_PATH)/crypto/evp/evp_enc.c
- $(OPENSSL_PATH)/crypto/evp/evp_err.c
- $(OPENSSL_PATH)/crypto/evp/evp_key.c
- $(OPENSSL_PATH)/crypto/evp/evp_lib.c
- $(OPENSSL_PATH)/crypto/evp/evp_pbe.c
- $(OPENSSL_PATH)/crypto/evp/evp_pkey.c
- $(OPENSSL_PATH)/crypto/evp/m_md2.c
- $(OPENSSL_PATH)/crypto/evp/m_md4.c
- $(OPENSSL_PATH)/crypto/evp/m_md5.c
- $(OPENSSL_PATH)/crypto/evp/m_md5_sha1.c
- $(OPENSSL_PATH)/crypto/evp/m_mdc2.c
- $(OPENSSL_PATH)/crypto/evp/m_null.c
- $(OPENSSL_PATH)/crypto/evp/m_ripemd.c
- $(OPENSSL_PATH)/crypto/evp/m_sha1.c
- $(OPENSSL_PATH)/crypto/evp/m_sha3.c
- $(OPENSSL_PATH)/crypto/evp/m_sigver.c
- $(OPENSSL_PATH)/crypto/evp/m_wp.c
- $(OPENSSL_PATH)/crypto/evp/names.c
- $(OPENSSL_PATH)/crypto/evp/p5_crpt.c
- $(OPENSSL_PATH)/crypto/evp/p5_crpt2.c
- $(OPENSSL_PATH)/crypto/evp/p_dec.c
- $(OPENSSL_PATH)/crypto/evp/p_enc.c
- $(OPENSSL_PATH)/crypto/evp/p_lib.c
- $(OPENSSL_PATH)/crypto/evp/p_open.c
- $(OPENSSL_PATH)/crypto/evp/p_seal.c
- $(OPENSSL_PATH)/crypto/evp/p_sign.c
- $(OPENSSL_PATH)/crypto/evp/p_verify.c
- $(OPENSSL_PATH)/crypto/evp/pbe_scrypt.c
- $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
- $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
- $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
- $(OPENSSL_PATH)/crypto/ex_data.c
- $(OPENSSL_PATH)/crypto/getenv.c
- $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
- $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
- $(OPENSSL_PATH)/crypto/hmac/hmac.c
- $(OPENSSL_PATH)/crypto/init.c
- $(OPENSSL_PATH)/crypto/kdf/hkdf.c
- $(OPENSSL_PATH)/crypto/kdf/kdf_err.c
- $(OPENSSL_PATH)/crypto/kdf/scrypt.c
- $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
- $(OPENSSL_PATH)/crypto/lhash/lh_stats.c
- $(OPENSSL_PATH)/crypto/lhash/lhash.c
- $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
- $(OPENSSL_PATH)/crypto/md5/md5_one.c
- $(OPENSSL_PATH)/crypto/mem.c
- $(OPENSSL_PATH)/crypto/mem_dbg.c
- $(OPENSSL_PATH)/crypto/mem_sec.c
- $(OPENSSL_PATH)/crypto/modes/cbc128.c
- $(OPENSSL_PATH)/crypto/modes/ccm128.c
- $(OPENSSL_PATH)/crypto/modes/cfb128.c
- $(OPENSSL_PATH)/crypto/modes/ctr128.c
- $(OPENSSL_PATH)/crypto/modes/cts128.c
- $(OPENSSL_PATH)/crypto/modes/gcm128.c
- $(OPENSSL_PATH)/crypto/modes/ocb128.c
- $(OPENSSL_PATH)/crypto/modes/ofb128.c
- $(OPENSSL_PATH)/crypto/modes/wrap128.c
- $(OPENSSL_PATH)/crypto/modes/xts128.c
- $(OPENSSL_PATH)/crypto/o_dir.c
- $(OPENSSL_PATH)/crypto/o_fips.c
- $(OPENSSL_PATH)/crypto/o_fopen.c
- $(OPENSSL_PATH)/crypto/o_init.c
- $(OPENSSL_PATH)/crypto/o_str.c
- $(OPENSSL_PATH)/crypto/o_time.c
- $(OPENSSL_PATH)/crypto/objects/o_names.c
- $(OPENSSL_PATH)/crypto/objects/obj_dat.c
- $(OPENSSL_PATH)/crypto/objects/obj_err.c
- $(OPENSSL_PATH)/crypto/objects/obj_lib.c
- $(OPENSSL_PATH)/crypto/objects/obj_xref.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
- $(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
- $(OPENSSL_PATH)/crypto/pem/pem_all.c
- $(OPENSSL_PATH)/crypto/pem/pem_err.c
- $(OPENSSL_PATH)/crypto/pem/pem_info.c
- $(OPENSSL_PATH)/crypto/pem/pem_lib.c
- $(OPENSSL_PATH)/crypto/pem/pem_oth.c
- $(OPENSSL_PATH)/crypto/pem/pem_pk8.c
- $(OPENSSL_PATH)/crypto/pem/pem_pkey.c
- $(OPENSSL_PATH)/crypto/pem/pem_sign.c
- $(OPENSSL_PATH)/crypto/pem/pem_x509.c
- $(OPENSSL_PATH)/crypto/pem/pem_xaux.c
- $(OPENSSL_PATH)/crypto/pem/pvkfmt.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_add.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_attr.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_crpt.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_crt.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_decr.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_init.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_key.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_kiss.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_mutl.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_npas.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_sbag.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c
- $(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
- $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_doit.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
- $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
- $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
- $(OPENSSL_PATH)/crypto/rand/drbg_lib.c
- $(OPENSSL_PATH)/crypto/rand/rand_egd.c
- $(OPENSSL_PATH)/crypto/rand/rand_err.c
- $(OPENSSL_PATH)/crypto/rand/rand_lib.c
- $(OPENSSL_PATH)/crypto/rand/rand_unix.c
- $(OPENSSL_PATH)/crypto/rand/rand_vms.c
- $(OPENSSL_PATH)/crypto/rand/rand_win.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_crpt.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_depr.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_err.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_meth.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_mp.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_none.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_ossl.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_pmeth.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_prn.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_pss.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_saos.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_sign.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
- $(OPENSSL_PATH)/crypto/sha/keccak1600.c
- $(OPENSSL_PATH)/crypto/sha/sha1_one.c
- $(OPENSSL_PATH)/crypto/sha/sha1dgst.c
- $(OPENSSL_PATH)/crypto/sha/sha256.c
- $(OPENSSL_PATH)/crypto/sha/sha512.c
- $(OPENSSL_PATH)/crypto/siphash/siphash.c
- $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
- $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
- $(OPENSSL_PATH)/crypto/sm3/sm3.c
- $(OPENSSL_PATH)/crypto/sm4/sm4.c
- $(OPENSSL_PATH)/crypto/stack/stack.c
- $(OPENSSL_PATH)/crypto/threads_none.c
- $(OPENSSL_PATH)/crypto/threads_pthread.c
- $(OPENSSL_PATH)/crypto/threads_win.c
- $(OPENSSL_PATH)/crypto/txt_db/txt_db.c
- $(OPENSSL_PATH)/crypto/ui/ui_err.c
- $(OPENSSL_PATH)/crypto/ui/ui_lib.c
- $(OPENSSL_PATH)/crypto/ui/ui_null.c
- $(OPENSSL_PATH)/crypto/ui/ui_openssl.c
- $(OPENSSL_PATH)/crypto/ui/ui_util.c
- $(OPENSSL_PATH)/crypto/uid.c
- $(OPENSSL_PATH)/crypto/x509/by_dir.c
- $(OPENSSL_PATH)/crypto/x509/by_file.c
- $(OPENSSL_PATH)/crypto/x509/t_crl.c
- $(OPENSSL_PATH)/crypto/x509/t_req.c
- $(OPENSSL_PATH)/crypto/x509/t_x509.c
- $(OPENSSL_PATH)/crypto/x509/x509_att.c
- $(OPENSSL_PATH)/crypto/x509/x509_cmp.c
- $(OPENSSL_PATH)/crypto/x509/x509_d2.c
- $(OPENSSL_PATH)/crypto/x509/x509_def.c
- $(OPENSSL_PATH)/crypto/x509/x509_err.c
- $(OPENSSL_PATH)/crypto/x509/x509_ext.c
- $(OPENSSL_PATH)/crypto/x509/x509_lu.c
- $(OPENSSL_PATH)/crypto/x509/x509_meth.c
- $(OPENSSL_PATH)/crypto/x509/x509_obj.c
- $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
- $(OPENSSL_PATH)/crypto/x509/x509_req.c
- $(OPENSSL_PATH)/crypto/x509/x509_set.c
- $(OPENSSL_PATH)/crypto/x509/x509_trs.c
- $(OPENSSL_PATH)/crypto/x509/x509_txt.c
- $(OPENSSL_PATH)/crypto/x509/x509_v3.c
- $(OPENSSL_PATH)/crypto/x509/x509_vfy.c
- $(OPENSSL_PATH)/crypto/x509/x509_vpm.c
- $(OPENSSL_PATH)/crypto/x509/x509cset.c
- $(OPENSSL_PATH)/crypto/x509/x509name.c
- $(OPENSSL_PATH)/crypto/x509/x509rset.c
- $(OPENSSL_PATH)/crypto/x509/x509spki.c
- $(OPENSSL_PATH)/crypto/x509/x509type.c
- $(OPENSSL_PATH)/crypto/x509/x_all.c
- $(OPENSSL_PATH)/crypto/x509/x_attrib.c
- $(OPENSSL_PATH)/crypto/x509/x_crl.c
- $(OPENSSL_PATH)/crypto/x509/x_exten.c
- $(OPENSSL_PATH)/crypto/x509/x_name.c
- $(OPENSSL_PATH)/crypto/x509/x_pubkey.c
- $(OPENSSL_PATH)/crypto/x509/x_req.c
- $(OPENSSL_PATH)/crypto/x509/x_x509.c
- $(OPENSSL_PATH)/crypto/x509/x_x509a.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_map.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_admis.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_asid.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_bcons.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_bitst.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_conf.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_cpols.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_crld.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_enum.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_extku.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_genn.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_ia5.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_info.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_int.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_lib.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_ncons.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pci.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pcia.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pcons.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pku.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pmaps.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_prn.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_purp.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_skey.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_sxnet.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
- $(OPENSSL_PATH)/crypto/x509v3/v3err.c
- $(OPENSSL_PATH)/crypto/arm_arch.h
- $(OPENSSL_PATH)/crypto/mips_arch.h
- $(OPENSSL_PATH)/crypto/ppc_arch.h
- $(OPENSSL_PATH)/crypto/s390x_arch.h
- $(OPENSSL_PATH)/crypto/sparc_arch.h
- $(OPENSSL_PATH)/crypto/vms_rms.h
- $(OPENSSL_PATH)/crypto/aes/aes_local.h
- $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
- $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
- $(OPENSSL_PATH)/crypto/asn1/charmap.h
- $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
- $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
- $(OPENSSL_PATH)/crypto/async/async_local.h
- $(OPENSSL_PATH)/crypto/async/arch/async_null.h
- $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
- $(OPENSSL_PATH)/crypto/async/arch/async_win.h
- $(OPENSSL_PATH)/crypto/bio/bio_local.h
- $(OPENSSL_PATH)/crypto/bn/bn_local.h
- $(OPENSSL_PATH)/crypto/bn/bn_prime.h
- $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
- $(OPENSSL_PATH)/crypto/comp/comp_local.h
- $(OPENSSL_PATH)/crypto/conf/conf_def.h
- $(OPENSSL_PATH)/crypto/conf/conf_local.h
- $(OPENSSL_PATH)/crypto/dh/dh_local.h
- $(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/evp/evp_local.h
- $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
- $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
- $(OPENSSL_PATH)/crypto/md5/md5_local.h
- $(OPENSSL_PATH)/crypto/modes/modes_local.h
- $(OPENSSL_PATH)/crypto/objects/obj_dat.h
- $(OPENSSL_PATH)/crypto/objects/obj_local.h
- $(OPENSSL_PATH)/crypto/objects/obj_xref.h
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
- $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
- $(OPENSSL_PATH)/crypto/rand/rand_local.h
- $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
- $(OPENSSL_PATH)/crypto/sha/sha_local.h
- $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
- $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
- $(OPENSSL_PATH)/crypto/store/store_local.h
- $(OPENSSL_PATH)/crypto/ui/ui_local.h
- $(OPENSSL_PATH)/crypto/x509/x509_local.h
- $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
- $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
- $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
- $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
- $(OPENSSL_PATH)/ssl/bio_ssl.c
- $(OPENSSL_PATH)/ssl/d1_lib.c
- $(OPENSSL_PATH)/ssl/d1_msg.c
- $(OPENSSL_PATH)/ssl/d1_srtp.c
- $(OPENSSL_PATH)/ssl/methods.c
- $(OPENSSL_PATH)/ssl/packet.c
- $(OPENSSL_PATH)/ssl/pqueue.c
- $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c
- $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c
- $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c
- $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c
- $(OPENSSL_PATH)/ssl/record/ssl3_record.c
- $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c
- $(OPENSSL_PATH)/ssl/s3_cbc.c
- $(OPENSSL_PATH)/ssl/s3_enc.c
- $(OPENSSL_PATH)/ssl/s3_lib.c
- $(OPENSSL_PATH)/ssl/s3_msg.c
- $(OPENSSL_PATH)/ssl/ssl_asn1.c
- $(OPENSSL_PATH)/ssl/ssl_cert.c
- $(OPENSSL_PATH)/ssl/ssl_ciph.c
- $(OPENSSL_PATH)/ssl/ssl_conf.c
- $(OPENSSL_PATH)/ssl/ssl_err.c
- $(OPENSSL_PATH)/ssl/ssl_init.c
- $(OPENSSL_PATH)/ssl/ssl_lib.c
- $(OPENSSL_PATH)/ssl/ssl_mcnf.c
- $(OPENSSL_PATH)/ssl/ssl_rsa.c
- $(OPENSSL_PATH)/ssl/ssl_sess.c
- $(OPENSSL_PATH)/ssl/ssl_stat.c
- $(OPENSSL_PATH)/ssl/ssl_txt.c
- $(OPENSSL_PATH)/ssl/ssl_utst.c
- $(OPENSSL_PATH)/ssl/statem/extensions.c
- $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c
- $(OPENSSL_PATH)/ssl/statem/extensions_cust.c
- $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c
- $(OPENSSL_PATH)/ssl/statem/statem.c
- $(OPENSSL_PATH)/ssl/statem/statem_clnt.c
- $(OPENSSL_PATH)/ssl/statem/statem_dtls.c
- $(OPENSSL_PATH)/ssl/statem/statem_lib.c
- $(OPENSSL_PATH)/ssl/statem/statem_srvr.c
- $(OPENSSL_PATH)/ssl/t1_enc.c
- $(OPENSSL_PATH)/ssl/t1_lib.c
- $(OPENSSL_PATH)/ssl/t1_trce.c
- $(OPENSSL_PATH)/ssl/tls13_enc.c
- $(OPENSSL_PATH)/ssl/tls_srp.c
- $(OPENSSL_PATH)/ssl/packet_local.h
- $(OPENSSL_PATH)/ssl/ssl_cert_table.h
- $(OPENSSL_PATH)/ssl/ssl_local.h
- $(OPENSSL_PATH)/ssl/record/record.h
- $(OPENSSL_PATH)/ssl/record/record_local.h
- $(OPENSSL_PATH)/ssl/statem/statem.h
- $(OPENSSL_PATH)/ssl/statem/statem_local.h
-# Autogenerated files list ends here
- buildinf.h
- ossl_store.c
- rand_pool.c
- X64/ApiHooks.c
-
-[Packages]
- MdePkg/MdePkg.dec
- CryptoPkg/CryptoPkg.dec
-
-[LibraryClasses]
- BaseLib
- DebugLib
- RngLib
- PrintLib
-
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
-
-[BuildOptions]
- #
- # Disables the following Visual Studio compiler warnings brought by openssl source,
- # so we do not break the build with /WX option:
- # C4090: 'function' : different 'const' qualifiers
- # C4132: 'object' : const object should be initialized (tls13_enc.c)
- # C4210: nonstandard extension used: function given file scope
- # C4244: conversion from type1 to type2, possible loss of data
- # C4245: conversion from type1 to type2, signed/unsigned mismatch
- # C4267: conversion from size_t to type, possible loss of data
- # C4306: 'identifier' : conversion from 'type1' to 'type2' of greater size
- # C4310: cast truncates constant value
- # C4389: 'operator' : signed/unsigned mismatch (xxxx)
- # C4700: uninitialized local variable 'name' used. (conf_sap.c(71))
- # C4702: unreachable code
- # C4706: assignment within conditional expression
- # C4819: The file contains a character that cannot be represented in the current code page
- #
- MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
-
- INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
-
- #
- # Suppress the following build warnings in openssl so we don't break the build with -Werror
- # -Werror=maybe-uninitialized: there exist some other paths for which the variable is not initialized.
- # -Werror=format: Check calls to printf and scanf, etc., to make sure that the arguments supplied have
- # types appropriate to the format string specified.
- # -Werror=unused-but-set-variable: Warn whenever a local variable is assigned to, but otherwise unused (aside from its declaration).
- #
- GCC:*_*_X64_CC_FLAGS = -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
-
- # suppress the following warnings in openssl so we don't break the build with warnings-as-errors:
- # 1295: Deprecated declaration <entity> - give arg types
- # 550: <entity> was set but never used
- # 1293: assignment in condition
- # 111: statement is unreachable (invariably "break;" after "return X;" in case statement)
- # 68: integer conversion resulted in a change of sign ("if (Status == -1)")
- # 177: <entity> was declared but never referenced
- # 223: function <entity> declared implicitly
- # 144: a value of type <type> cannot be used to initialize an entity of type <type>
- # 513: a value of type <type> cannot be assigned to an entity of type <type>
- # 188: enumerated type mixed with another type (i.e. passing an integer as an enum without a cast)
- # 1296: Extended constant initialiser used
- # 128: loop is not reachable - may be emitted inappropriately if code follows a conditional return
- # from the function that evaluates to true at compile time
- # 546: transfer of control bypasses initialization - may be emitted inappropriately if the uninitialized
- # variable is never referenced after the jump
- # 1: ignore "#1-D: last line of file ends without a newline"
- # 3017: <entity> may be used before being set (NOTE: This was fixed in OpenSSL 1.1 HEAD with
- # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be dropped then.)
- XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [Patch 07/12] CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
2022-10-11 15:03 [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (5 preceding siblings ...)
2022-10-11 15:03 ` [Patch 06/12] CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs Michael D Kinney
@ 2022-10-11 15:03 ` Michael D Kinney
2022-10-11 15:03 ` [Patch 08/12] CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files Michael D Kinney
` (5 subsequent siblings)
12 siblings, 0 replies; 23+ messages in thread
From: Michael D Kinney @ 2022-10-11 15:03 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
Update all OpensslLib instances so they all produce all the APIs
used by the BaseCryptLib instances. Not producing the same set of
APIs for a library class does not follow the EDK II library class
rules and breaks the assumptions that consumers of the OpensslLib
may make about which services are present.
* Add missing declaration of the private library class OpensslLib
to CryptoPkg.dec.
* Add SslNull.c with NULL implementations of SSL functions
* Add EcSm2Null.c with NULL implementations of EC/SM2 functions.
* Update OpensslLibCrypto.inf to include both SslNull.c and
EcSm2Null.c so this library instance produces all the opensll
APIs used by the BaseCryptLib instances.
* Update OpensslLib.inf and OpensslLibAccel.inf to include
EcSm2Null.c so these library instances produce all the opensll
APIs used by the BaseCryptLib instances.
* Add missing declaration of the private library class IntrinsicLib
to CryptoPkg.dec
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/CryptoPkg.dec | 9 +
CryptoPkg/Library/OpensslLib/EcSm2Null.c | 291 +++++++++++++
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 +
.../Library/OpensslLib/OpensslLibAccel.inf | 2 +
.../Library/OpensslLib/OpensslLibCrypto.inf | 2 +
.../Library/OpensslLib/OpensslLibFull.inf | 2 +
.../OpensslLib/OpensslLibFullAccel.inf | 2 +
CryptoPkg/Library/OpensslLib/SslNull.c | 405 ++++++++++++++++++
CryptoPkg/Private/Library/IntrinsicLib.h | 16 +
CryptoPkg/Private/Library/OpensslLib.h | 14 +
10 files changed, 745 insertions(+)
create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index 217e73c3bcd2..f326c6324013 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -37,6 +37,15 @@ [LibraryClasses]
#
HashApiLib|Include/Library/HashApiLib.h
+[LibraryClasses.common.Private]
+ ## @libraryclass Provides library functions from the openssl project.
+ #
+ OpensslLib|Private/Library/OpensslLib.h
+
+ ## @libraryclass Provides compiler intrinsic functions required to link openssl project.
+ #
+ InstrinsicLib|Private/Library/IntrinsicLib.h
+
[Protocols]
## EDK II Crypto DXE protocol
# 2C2275C9-3A7B-426F-BE54-2D22BD9D1092
diff --git a/CryptoPkg/Library/OpensslLib/EcSm2Null.c b/CryptoPkg/Library/OpensslLib/EcSm2Null.c
new file mode 100644
index 000000000000..8c52626ab29d
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/EcSm2Null.c
@@ -0,0 +1,291 @@
+/** @file
+ Null implementation of EC and SM2 functions called by BaseCryptLib.
+
+ Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <Library/DebugLib.h>
+
+#undef OPENSSL_NO_EC
+
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+
+void
+EC_GROUP_free (
+ EC_GROUP *group
+ )
+{
+ ASSERT (FALSE);
+}
+
+int
+EC_GROUP_get_order (
+ const EC_GROUP *group,
+ BIGNUM *order,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_GROUP_get_curve_name (
+ const EC_GROUP *group
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_GROUP_get_curve (
+ const EC_GROUP *group,
+ BIGNUM *p,
+ BIGNUM *a,
+ BIGNUM *b,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_GROUP_get_degree (
+ const EC_GROUP *group
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+EC_GROUP *
+EC_GROUP_new_by_curve_name (
+ int nid
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+EC_POINT *
+EC_POINT_new (
+ const EC_GROUP *group
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+void
+EC_POINT_free (
+ EC_POINT *point
+ )
+{
+ ASSERT (FALSE);
+}
+
+void
+EC_POINT_clear_free (
+ EC_POINT *point
+ )
+{
+ ASSERT (FALSE);
+}
+
+int
+EC_POINT_set_affine_coordinates (
+ const EC_GROUP *group,
+ EC_POINT *p,
+ const BIGNUM *x,
+ const BIGNUM *y,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_POINT_get_affine_coordinates (
+ const EC_GROUP *group,
+ const EC_POINT *p,
+ BIGNUM *x,
+ BIGNUM *y,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_POINT_set_compressed_coordinates (
+ const EC_GROUP *group,
+ EC_POINT *p,
+ const BIGNUM *x,
+ int y_bit,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_POINT_add (
+ const EC_GROUP *group,
+ EC_POINT *r,
+ const EC_POINT *a,
+ const EC_POINT *b,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_POINT_invert (
+ const EC_GROUP *group,
+ EC_POINT *a,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_POINT_is_at_infinity (
+ const EC_GROUP *group,
+ const EC_POINT *p
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_POINT_is_on_curve (
+ const EC_GROUP *group,
+ const EC_POINT *point,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return -1;
+}
+
+int
+EC_POINT_cmp (
+ const EC_GROUP *group,
+ const EC_POINT *a,
+ const EC_POINT *b,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return -1;
+}
+
+int
+EC_POINT_mul (
+ const EC_GROUP *group,
+ EC_POINT *r,
+ const BIGNUM *n,
+ const EC_POINT *q,
+ const BIGNUM *m,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return -0;
+}
+
+EC_KEY *
+EC_KEY_new_by_curve_name (
+ int nid
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+void
+EC_KEY_free (
+ EC_KEY *key
+ )
+{
+ ASSERT (FALSE);
+}
+
+const EC_GROUP *
+EC_KEY_get0_group (
+ const EC_KEY *key
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+const EC_POINT *
+EC_KEY_get0_public_key (
+ const EC_KEY *key
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+int
+EC_KEY_set_public_key (
+ EC_KEY *key,
+ const EC_POINT *pub
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_KEY_generate_key (
+ EC_KEY *key
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_KEY_check_key (
+ const EC_KEY *key
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+ECDH_compute_key (
+ void *out,
+ size_t outlen,
+ const EC_POINT *pub_key,
+ const EC_KEY *ecdh,
+ void *(*KDF)(
+ const void *in,
+ size_t inlen,
+ void *out,
+ size_t *outlen
+ )
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 7d4b729bf7c7..9dc1dd23cf5a 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -627,6 +627,8 @@ [Sources]
buildinf.h
ossl_store.c
rand_pool.c
+# SslNull.c
+ EcSm2Null.c
[Packages]
MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
index b552b011e2bf..256400bcc1b0 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
@@ -629,6 +629,8 @@ [Sources]
buildinf.h
ossl_store.c
rand_pool.c
+# SslNull.c
+ EcSm2Null.c
[Sources.IA32]
IA32/crypto/aes/aesni-x86.nasm | MSFT
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 5492865ddb2d..543487d53642 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -628,6 +628,8 @@ [Sources]
buildinf.h
ossl_store.c
rand_pool.c
+ SslNull.c
+ EcSm2Null.c
[Packages]
MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
index 1b5d9fa42405..c563ab13e4dc 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
@@ -633,6 +633,8 @@ [Sources]
buildinf.h
ossl_store.c
rand_pool.c
+# SslNull.c
+# EcSm2Null.c
[Packages]
MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
index 3c7b33f1e512..6ba05f23187c 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
@@ -634,6 +634,8 @@ [Sources]
buildinf.h
ossl_store.c
rand_pool.c
+# SslNull.c
+# EcSm2Null.c
[Sources.IA32]
IA32/crypto/aes/aesni-x86.nasm | MSFT
diff --git a/CryptoPkg/Library/OpensslLib/SslNull.c b/CryptoPkg/Library/OpensslLib/SslNull.c
new file mode 100644
index 000000000000..49f1405bc0f1
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/SslNull.c
@@ -0,0 +1,405 @@
+/** @file
+ Null implementation of SSL functions called by BaseCryptLib.
+
+ Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <Library/DebugLib.h>
+#include <openssl/ssl.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+int
+OPENSSL_init_ssl (
+ uint64_t opts,
+ const OPENSSL_INIT_SETTINGS *settings
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur uint32_t
+SSL_CIPHER_get_id (
+ const SSL_CIPHER *c
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur int
+SSL_COMP_add_compression_method (
+ int id,
+ COMP_METHOD *cm
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+long
+SSL_CTX_ctrl (
+ SSL_CTX *ctx,
+ int cmd,
+ long larg,
+ void *parg
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+void
+SSL_CTX_free (
+ SSL_CTX *x
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+__owur X509_STORE *
+SSL_CTX_get_cert_store (
+ const SSL_CTX *x
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+__owur SSL_CTX *
+SSL_CTX_new (
+ const SSL_METHOD *meth
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+unsigned long
+SSL_CTX_set_options (
+ SSL_CTX *ctx,
+ unsigned long op
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+const unsigned char *
+SSL_SESSION_get_id (
+ const SSL_SESSION *s,
+ unsigned int *len
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur size_t
+SSL_SESSION_get_master_key (
+ const SSL_SESSION *sess,
+ unsigned char *out,
+ size_t outlen
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur int
+SSL_SESSION_set1_id (
+ SSL_SESSION *s,
+ const unsigned char *sid,
+ unsigned int sid_len
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+long
+SSL_ctrl (
+ SSL *ssl,
+ int cmd,
+ long larg,
+ void *parg
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur int
+SSL_do_handshake (
+ SSL *s
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+void
+SSL_free (
+ SSL *ssl
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+__owur X509 *
+SSL_get_certificate (
+ const SSL *ssl
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+__owur size_t
+SSL_get_client_random (
+ const SSL *ssl,
+ unsigned char *out,
+ size_t outlen
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur const SSL_CIPHER *
+SSL_get_current_cipher (
+ const SSL *s
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+__owur int
+SSL_get_error (
+ const SSL *s,
+ int ret_code
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur size_t
+SSL_get_server_random (
+ const SSL *ssl,
+ unsigned char *out,
+ size_t outlen
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur SSL_SESSION *
+SSL_get_session (
+ const SSL *ssl
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+__owur SSL_CTX *
+SSL_get_SSL_CTX (
+ const SSL *ssl
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+__owur OSSL_HANDSHAKE_STATE
+SSL_get_state (
+ const SSL *ssl
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur int
+SSL_get_verify_mode (
+ const SSL *s
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur X509_VERIFY_PARAM *
+SSL_get0_param (
+ SSL *ssl
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+int
+SSL_is_init_finished (
+ const SSL *s
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur int
+SSL_is_server (
+ const SSL *s
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+SSL *
+SSL_new (
+ SSL_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+__owur int
+SSL_read (
+ SSL *ssl,
+ void *buf,
+ int num
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+void
+SSL_set_bio (
+ SSL *s,
+ BIO *rbio,
+ BIO *wbio
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+__owur int
+SSL_set_cipher_list (
+ SSL *s,
+ const char *str
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+void
+SSL_set_connect_state (
+ SSL *s
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+void
+SSL_set_hostflags (
+ SSL *s,
+ unsigned int flags
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+void
+SSL_set_info_callback (
+ SSL *ssl,
+ void ( *cb )(const SSL *ssl, int type, int val)
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+void
+SSL_set_security_level (
+ SSL *s,
+ int level
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+void
+SSL_set_verify (
+ SSL *s,
+ int mode,
+ SSL_verify_cb callback
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+int
+SSL_shutdown (
+ SSL *s
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur int
+SSL_use_certificate (
+ SSL *ssl,
+ X509 *x
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur int
+SSL_version (
+ const SSL *ssl
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur int
+SSL_write (
+ SSL *ssl,
+ const void *buf,
+ int num
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur const SSL_METHOD *
+TLS_client_method (
+ void
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
diff --git a/CryptoPkg/Private/Library/IntrinsicLib.h b/CryptoPkg/Private/Library/IntrinsicLib.h
new file mode 100644
index 000000000000..69172a041949
--- /dev/null
+++ b/CryptoPkg/Private/Library/IntrinsicLib.h
@@ -0,0 +1,16 @@
+/** @file
+ InstrinsicLib class with intrinsic APIs generated by compilers.
+
+ Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef INTRINSTIC_LIB_H_
+#define INTRINSTIC_LIB_H_
+
+//
+// Compiler dependent intrinsic APIs.
+//
+
+#endif
diff --git a/CryptoPkg/Private/Library/OpensslLib.h b/CryptoPkg/Private/Library/OpensslLib.h
new file mode 100644
index 000000000000..005eb848724e
--- /dev/null
+++ b/CryptoPkg/Private/Library/OpensslLib.h
@@ -0,0 +1,14 @@
+/** @file
+ OpensslLib class with APIs from the openssl project
+
+ Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef OPENSSL_LIB_H_
+#define OPENSSL_LIB_H_
+
+#include <openssl/opensslv.h>
+
+#endif
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [Patch 08/12] CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
2022-10-11 15:03 [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (6 preceding siblings ...)
2022-10-11 15:03 ` [Patch 07/12] CryptoPkg/Library/OpensslLib: Produce consistent set of APIs Michael D Kinney
@ 2022-10-11 15:03 ` Michael D Kinney
2022-10-11 15:03 ` [Patch 09/12] CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec Michael D Kinney
` (4 subsequent siblings)
12 siblings, 0 replies; 23+ messages in thread
From: Michael D Kinney @ 2022-10-11 15:03 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
The OpensslLib instances do not directly use any PrintLib services.
Remove PrintLib from [LibraryClasses] sections of all OpensslLib
INF files.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 -
CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf | 1 -
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 1 -
CryptoPkg/Library/OpensslLib/OpensslLibFull.inf | 1 -
CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf | 1 -
5 files changed, 5 deletions(-)
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 9dc1dd23cf5a..a12b52bc0c72 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -638,7 +638,6 @@ [LibraryClasses]
BaseLib
DebugLib
RngLib
- PrintLib
[LibraryClasses.ARM]
ArmSoftFloatLib
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
index 256400bcc1b0..c6e28a7ce0e7 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
@@ -687,7 +687,6 @@ [LibraryClasses]
BaseLib
DebugLib
RngLib
- PrintLib
[BuildOptions]
#
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 543487d53642..4aade29bb852 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -639,7 +639,6 @@ [LibraryClasses]
BaseLib
DebugLib
RngLib
- PrintLib
[LibraryClasses.ARM]
ArmSoftFloatLib
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
index c563ab13e4dc..35f6259d8f89 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
@@ -644,7 +644,6 @@ [LibraryClasses]
BaseLib
DebugLib
RngLib
- PrintLib
[LibraryClasses.ARM]
ArmSoftFloatLib
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
index 6ba05f23187c..c4bd8c683e96 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
@@ -692,7 +692,6 @@ [LibraryClasses]
BaseLib
DebugLib
RngLib
- PrintLib
[BuildOptions]
#
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [Patch 09/12] CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
2022-10-11 15:03 [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (7 preceding siblings ...)
2022-10-11 15:03 ` [Patch 08/12] CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files Michael D Kinney
@ 2022-10-11 15:03 ` Michael D Kinney
2022-10-11 15:03 ` [Patch 10/12] CryptoPkg: Update DSC to improve CI test coverage Michael D Kinney
` (3 subsequent siblings)
12 siblings, 0 replies; 23+ messages in thread
From: Michael D Kinney @ 2022-10-11 15:03 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
Remove the PcdOpensslEcEnabled PCD that is no longer used.
The EC feature is selected by using one of the OpensslLib
instances that includes the EC features which are either
OpensslLibFull.inf or OpensslLibFullAccel.inf.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/CryptoPkg.dec | 33 ---------------------------------
1 file changed, 33 deletions(-)
diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index f326c6324013..e20a5e9c38e3 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -90,38 +90,5 @@ [PcdsFixedAtBuild]
# @ValidList 0x80000001 | 0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010
gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x00000002|UINT32|0x00000001
- ## Enable/Disable the ECC feature in openssl library. The default is disabled.
- # If ECC feature is disabled, all related source files will not be compiled.
- # @Prompt Enable/Disable ECC feature in openssl library
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled|FALSE|BOOLEAN|0x0000003
- # Set it to TRUE if:
- # 1) Platform needs ECC in TLS, or asymmetric cryptography services such as
- # X509 certificate or PEM format data processing.
- # 2) Platform needs to enable PcdCryptoServiceFamilyEnable.Ec service.
- # Please note:
- # ECC feature will cause a significant memory increase, approximate memory impact
- # in below table for reference by platform developers with FW size limitations.
- # Uncompressed LZMA Compressed
- # CPU CRYPTO_SERVICES Module EC=FALSE EC=TRUE EC=FALSE EC=TRUE Increase
- # ==== =============== ======== ======== ======= ======== ======= ========
- # IA32 NONE CryptoPei 21536 21568 0 KB
- # IA32 NONE CryptoDxe 21632 21696 0 KB
- # IA32 NONE CryptoSmm 22976 23072 0 KB
- # IA32 MIN_PEI CryptoPei 248992 249120 0 KB
- # IA32 MIN_DXE_MIN_SMM CryptoDxe 636672 829568 288520 401034 113 KB
- # IA32 MIN_DXE_MIN_SMM CryptoSmm 426048 601472 191517 296022 105 KB
- # IA32 ALL CryptoPei 423840 598976 189047 293759 104 KB
- # IA32 ALL CryptoDxe 645280 838144 292955 405277 113 KB
- # IA32 ALL CryptoSmm 441888 617184 198779 303628 105 KB
- # X64 NONE CryptoPei 29632 29664 0 KB
- # X64 NONE CryptoDxe 29792 29792 0 KB
- # X64 NONE CryptoSmm 31296 31296 0 KB
- # X64 MIN_PEI CryptoPei 310784 310848 0 KB
- # X64 MIN_DXE_MIN_SMM CryptoDxe 804288 1016256 311436 426596 115 KB
- # X64 MIN_DXE_MIN_SMM CryptoSmm 543776 733920 204483 310775 106 KB
- # X64 ALL CryptoPei 540384 730240 202494 308467 106 KB
- # X64 ALL CryptoDxe 815392 1027296 316228 431321 115 KB
- # X64 ALL CryptoSmm 563648 753696 213488 319644 106 KB
-
[UserExtensions.TianoCore."ExtraFiles"]
CryptoPkgExtra.uni
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [Patch 10/12] CryptoPkg: Update DSC to improve CI test coverage
2022-10-11 15:03 [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (8 preceding siblings ...)
2022-10-11 15:03 ` [Patch 09/12] CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec Michael D Kinney
@ 2022-10-11 15:03 ` Michael D Kinney
2022-10-11 15:03 ` [Patch 11/12] CryptoPkg: Fixed host-based unit tests Michael D Kinney
` (2 subsequent siblings)
12 siblings, 0 replies; 23+ messages in thread
From: Michael D Kinney @ 2022-10-11 15:03 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
With the addition of EC services and performance optimized versions
of the OpensslLib for IA32/X64, the CryptoPkg.dsc file is updated
to make sure all combinations are covered in CI builds.
* Use different output directory for each CRYPTO_SERVICES profile.
* Add FILE_GUID define names for CryptoPei, CryptoDxe, and CryptoSmm
when they are linked with different OpensslLib instances.
* Update CryptoPei, CryptoDxe, CryptoSmm builds to include all
combinations of OpensslLib library instances supported by each
CPU architecture.
* Add TARGET_UINT_TESTS profile to CryptoPkg.dsc to build only
the target-based unit tests. This reduces the size of CryptoPkg
components not related to unit testing by removing unit test
specific assert handlers. Build target-based unit tests using
OpensslLibFull.inf and OpensslLibFullAccel.inf.
* Remove the PACKAGE profile and instead make the ALL profile
the default for CI testing that enables all services for all
modules.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 450 +++++++++++++++++++++++++++++++---------
1 file changed, 356 insertions(+), 94 deletions(-)
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index ab28d8861f10..34abf63f2a1d 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -18,34 +18,73 @@ [Defines]
PLATFORM_GUID = E1063286-6C8C-4c25-AEF0-67A9A5B6E6B6
PLATFORM_VERSION = 0.98
DSC_SPECIFICATION = 0x00010005
- OUTPUT_DIRECTORY = Build/CryptoPkg
SUPPORTED_ARCHITECTURES = IA32|X64|ARM|AARCH64|RISCV64
BUILD_TARGETS = DEBUG|RELEASE|NOOPT
SKUID_IDENTIFIER = DEFAULT
#
# Flavor of PEI, DXE, SMM modules to build.
- # Must be one of ALL, NONE, MIN_PEI, MIN_DXE_MIN_SMM.
+ # Must be one of ALL, NONE, MIN_PEI, MIN_DXE_MIN_SMM, TARGET_UINT_TESTS.
# Default is ALL that is used for package build verification.
- # PACKAGE - Package verification build of all components. Null
- # versions of libraries are used to minimize build times.
- # ALL - Build PEIM, DXE, and SMM drivers. Protocols and PPIs
- # publish all services.
- # NONE - Build PEIM, DXE, and SMM drivers. Protocols and PPIs
- # publish no services. Used to verify compiler/linker
- # optimizations are working correctly.
- # MIN_PEI - Build PEIM with PPI that publishes minimum required
- # services.
- # MIN_DXE_MIN_SMM - Build DXE and SMM drivers with Protocols that publish
- # minimum required services.
+ # ALL - Build PEIM, DXE, and SMM drivers. Protocols and PPIs
+ # publish all services.
+ # NONE - Build PEIM, DXE, and SMM drivers. Protocols and PPIs
+ # publish no services. Used to verify compiler/linker
+ # optimizations are working correctly.
+ # MIN_PEI - Build PEIM with PPI that publishes minimum required
+ # services.
+ # MIN_DXE_MIN_SMM - Build DXE and SMM drivers with Protocols that publish
+ # minimum required services.
+ # TARGET_UNIT_TESTS - Build target-based unit tests
#
- DEFINE CRYPTO_SERVICES = PACKAGE
-!if $(CRYPTO_SERVICES) IN "PACKAGE ALL NONE MIN_PEI MIN_DXE_MIN_SMM"
+ DEFINE CRYPTO_SERVICES = ALL
+!if $(CRYPTO_SERVICES) IN "ALL NONE MIN_PEI MIN_DXE_MIN_SMM TARGET_UNIT_TESTS"
!else
- !error CRYPTO_SERVICES must be set to one of PACKAGE ALL NONE MIN_PEI MIN_DXE_MIN_SMM.
+ !error CRYPTO_SERVICES must be set to one of ALL NONE MIN_PEI MIN_DXE_MIN_SMM TARGET_UNIT_TESTS.
!endif
-!include UnitTestFrameworkPkg/UnitTestFrameworkPkgTarget.dsc.inc
+#
+# Define different OUTPUT_DIRECTORY for each CRYPTO_SERVICES profile
+#
+!if $(CRYPTO_SERVICES) == ALL
+ OUTPUT_DIRECTORY = Build/CryptoPkg/All
+!endif
+!if $(CRYPTO_SERVICES) == NONE
+ OUTPUT_DIRECTORY = Build/CryptoPkg/None
+!endif
+!if $(CRYPTO_SERVICES) == MIN_PEI
+ OUTPUT_DIRECTORY = Build/CryptoPkg/MinPei
+!endif
+!if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
+ OUTPUT_DIRECTORY = Build/CryptoPkg/MinDxeMinSmm
+!endif
+!if $(CRYPTO_SERVICES) == TARGET_UNIT_TESTS
+ OUTPUT_DIRECTORY = Build/CryptoPkg/TagetUnitTests
+!endif
+
+#
+# Define FILE_GUID names/values for CryptoPei, CryptopDxe, and CryptoSmm
+# drivers that are linked with different OpensslLib instances
+#
+ DEFINE PEI_CRYPTO_GUID = C693A250-6B36-49B9-B7F3-7283F8136A72
+ DEFINE PEI_STD_GUID = EBD49F5C-6D8B-40D1-A56D-9AFA485A8661
+ DEFINE PEI_FULL_GUID = D51FCE59-6860-49C0-9B35-984470735D17
+ DEFINE PEI_STD_ACCEL_GUID = DCC9CB49-7BE2-47C6-864E-6DCC932360F9
+ DEFINE PEI_FULL_ACCEL_GUID = A10827AD-7598-4955-B661-52EE2B62B057
+ DEFINE DXE_CRYPTO_GUID = 31C17C54-325D-47D5-8622-888098F10E44
+ DEFINE DXE_STD_GUID = ADD6D05A-52A2-437B-98E7-DBFDA89352CD
+ DEFINE DXE_FULL_GUID = AA83B296-F6EA-447F-B013-E80E98629CF8
+ DEFINE DXE_STD_ACCEL_GUID = 9FBDAD27-910C-4229-9EFF-A93BB5FE18C6
+ DEFINE DXE_FULL_ACCEL_GUID = 41A491D1-A972-468B-A299-DABF415A43B7
+ DEFINE SMM_CRYPTO_GUID = 1A1C9E13-5722-4636-AB73-31328EDE8BAF
+ DEFINE SMM_STD_GUID = E4D7D1E3-E886-4412-A442-EFD6F2502DD3
+ DEFINE SMM_FULL_GUID = 1930CE7E-6598-48ED-8AB1-EBE7E85EC254
+ DEFINE SMM_STD_ACCEL_GUID = 828959D3-CEA6-4B79-B1FC-5AFA0D7F2144
+ DEFINE SMM_FULL_ACCEL_GUID = C1760694-AB3A-4532-8C6D-52D8F86EB1AA
+
+!if $(CRYPTO_SERVICES) == TARGET_UNIT_TESTS
+ !include UnitTestFrameworkPkg/UnitTestFrameworkPkgTarget.dsc.inc
+!endif
################################################################################
#
@@ -58,17 +97,24 @@ [Defines]
[LibraryClasses]
BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
- PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
- DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
- UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
- UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
- TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
- HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
- RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf
+ DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
+ SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
+ TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
+ RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf
+ PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
+ DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf
+ DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
+ OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+
+[LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
+ RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
[LibraryClasses.ARM, LibraryClasses.AARCH64]
+ ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
#
# It is not possible to prevent the ARM compiler for generic intrinsic functions.
# This library provides the instrinsic functions generate by a given compiler.
@@ -80,41 +126,19 @@ [LibraryClasses.ARM, LibraryClasses.AARCH64]
# Add support for stack protector
NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
-[LibraryClasses.common.PEIM]
- PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
- MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf
- PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf
- PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
- HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
-
-[LibraryClasses.common.DXE_SMM_DRIVER]
- SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf
- MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf
- MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf
-
-!if $(CRYPTO_SERVICES) IN "ALL NONE MIN_PEI MIN_DXE_MIN_SMM"
-[LibraryClasses]
- MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
- DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf
- DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
- OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
- PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
- DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
- PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
- TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
- UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf #???
- IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf #???
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
- SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
-
[LibraryClasses.ARM]
ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
[LibraryClasses.common.SEC]
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
[LibraryClasses.common.PEIM]
+ PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
+ PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf
+ PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
+ MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf
+ HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -123,19 +147,34 @@ [LibraryClasses.common.PEIM]
[LibraryClasses.IA32.PEIM, LibraryClasses.X64.PEIM]
PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf
-[LibraryClasses.ARM.PEIM, LibraryClasses.AARCH64.PEIM]
- PeiServicesTablePointerLib|ArmPkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf
-
[LibraryClasses.common.DXE_DRIVER]
+ UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
+ UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
+ UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf
+ MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
[LibraryClasses.common.DXE_SMM_DRIVER]
+ UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
+ UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
+ SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf
+ MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf
+ MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf
ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/SmmReportStatusCodeLib.inf
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
-!endif
+
+[LibraryClasses.common.UEFI_APPLICATION]
+ UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf
+ UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
+ UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf
+ MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
+ ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
+ PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
################################################################################
#
@@ -147,7 +186,12 @@ [PcdsFixedAtBuild]
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000000
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
-!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
+#
+# For ALL and TARGET_UINT_TESTS profiles, enable all non-deprecated families
+# and services in PcdCryptoServiceFamilyEnable.
+#
+!if $(CRYPTO_SERVICES) IN "ALL TARGET_UINT_TESTS"
+[PcdsFixedAtBuild]
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
@@ -176,7 +220,12 @@ [PcdsFixedAtBuild]
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
!endif
+#
+# Enable minimum set of families/services in PcdCryptoServiceFamilyEnable
+# required by typical PEI phase.
+#
!if $(CRYPTO_SERVICES) == MIN_PEI
+[PcdsFixedAtBuild]
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
@@ -191,7 +240,12 @@ [PcdsFixedAtBuild]
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
!endif
+#
+# Enable minimum set of families/services in PcdCryptoServiceFamilyEnable
+# required by typical DXE and SMM phases.
+#
!if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
+[PcdsFixedAtBuild]
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt | TRUE
@@ -243,12 +297,61 @@ [PcdsFixedAtBuild]
# generated for it, but the binary will not be put into any firmware volume.
#
###################################################################################################
-[Components]
- CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
- CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
-!if $(CRYPTO_SERVICES) == PACKAGE
+#
+# If profile is TARGET_UNIT_TESTS, then build target-based unit tests
+# using the OpensslLib, BaseCryptLib, and TlsLib with the largest set of
+# available services.
+#
+!if $(CRYPTO_SERVICES) == TARGET_UNIT_TESTS
+[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
+ #
+ # Target based unit tests
+ #
+ CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf {
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ <BuildOptions>
+ MSFT:*_*_*_DLINK_FLAGS = /ALIGN:4096 /FILEALIGN:4096 /SUBSYSTEM:CONSOLE
+ MSFT:DEBUG_*_*_DLINK_FLAGS = /EXPORT:InitializeDriver=$(IMAGE_ENTRY_POINT) /BASE:0x10000
+ MSFT:DEBUG_*_*_DLINK_FLAGS = /EXPORT:InitializeDriver=$(IMAGE_ENTRY_POINT) /BASE:0x10000
+ MSFT:NOOPT_*_*_DLINK_FLAGS = /EXPORT:InitializeDriver=$(IMAGE_ENTRY_POINT) /BASE:0x10000
+ }
+
+[Components.IA32, Components.X64]
+ CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf {
+ <Defines>
+ FILE_GUID = B91B9A95-4D52-4501-A98F-A1711C14ED93
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ <BuildOptions>
+ MSFT:*_*_*_DLINK_FLAGS = /ALIGN:4096 /FILEALIGN:4096 /SUBSYSTEM:CONSOLE
+ MSFT:DEBUG_*_*_DLINK_FLAGS = /EXPORT:InitializeDriver=$(IMAGE_ENTRY_POINT) /BASE:0x10000
+ MSFT:DEBUG_*_*_DLINK_FLAGS = /EXPORT:InitializeDriver=$(IMAGE_ENTRY_POINT) /BASE:0x10000
+ MSFT:NOOPT_*_*_DLINK_FLAGS = /EXPORT:InitializeDriver=$(IMAGE_ENTRY_POINT) /BASE:0x10000
+ }
+
+[Components.RISCV64]
+ CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf {
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ }
+!endif
+
+#
+# If profile is ALL, then do verification build of all library instances.
+#
+!if $(CRYPTO_SERVICES) == ALL
[Components]
+ #
+ # Build verification of all library instances
+ #
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -258,59 +361,218 @@ [Components]
CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
CryptoPkg/Library/TlsLib/TlsLib.inf
CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
- CryptoPkg/Library/OpensslLib/OpensslLib.inf
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
-
CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+ #
+ # Build verification of target-based unit tests
+ #
+ CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf {
+ <LibraryClasses>
+ UnitTestLib|UnitTestFrameworkPkg/Library/UnitTestLib/UnitTestLib.inf
+ UnitTestPersistenceLib|UnitTestFrameworkPkg/Library/UnitTestPersistenceLibNull/UnitTestPersistenceLibNull.inf
+ UnitTestResultReportLib|UnitTestFrameworkPkg/Library/UnitTestResultReportLib/UnitTestResultReportLibConOut.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ }
+
+[Components.IA32, Components.X64]
+ #
+ # Build verification of IA32/X64 specific libraries
+ #
+ CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+ CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
!endif
-!if $(CRYPTO_SERVICES) IN "PACKAGE ALL NONE MIN_PEI"
+#
+# If profile is ALL or NONE or MIN_PEI, then build CryptoPei with all supported
+# OpensslLib instances.
+#
+!if $(CRYPTO_SERVICES) in "ALL NONE MIN_PEI"
+[Components]
+ #
+ # CryptoPei with OpensslLib instance without SSL or EC services
+ #
+ CryptoPkg/Driver/CryptoPei.inf {
+ <Defines>
+ FILE_GUID = $(PEI_CRYPTO_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ }
+ #
+ # CryptoPei with OpensslLib instance without EC services
+ #
+ CryptoPkg/Driver/CryptoPei.inf {
+ <Defines>
+ FILE_GUID = $(PEI_STD_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ }
[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
+ #
+ # CryptoPei with OpensslLib instance with all services
+ #
+ CryptoPkg/Driver/CryptoPei.inf {
+ <Defines>
+ FILE_GUID = $(PEI_FULL_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+ }
+
+[Components.IA32, Components.X64]
+ #
+ # CryptoPei with IA32/X64 performance optimized OpensslLib instance without EC services
+ # IA32/X64 assembly optimizations required larger alignments
+ #
CryptoPkg/Driver/CryptoPei.inf {
<Defines>
- !if $(CRYPTO_SERVICES) == ALL
- FILE_GUID = 8DF53C2E-3380-495F-A8B7-370CFE28E1C6
- !elseif $(CRYPTO_SERVICES) == NONE
- FILE_GUID = E5A97EE3-71CC-407F-9DA9-6BE0C8A6C7DF
- !elseif $(CRYPTO_SERVICES) == MIN_PEI
- FILE_GUID = 0F5827A9-35FD-4F41-8D38-9BAFCE594D31
- !endif
+ FILE_GUID = $(PEI_STD_ACCEL_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+ <BuildOptions>
+ MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64
+ MSFT:*_*_X64_DLINK_FLAGS = /ALIGN:256
+ }
+
+ #
+ # CryptoPei with IA32/X64 performance optimized OpensslLib instance all services
+ # IA32/X64 assembly optimizations required larger alignments
+ #
+ CryptoPkg/Driver/CryptoPei.inf {
+ <Defines>
+ FILE_GUID = $(PEI_FULL_ACCEL_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+ <BuildOptions>
+ MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64
+ MSFT:*_*_X64_DLINK_FLAGS = /ALIGN:256
}
!endif
-!if $(CRYPTO_SERVICES) IN "PACKAGE ALL NONE MIN_DXE_MIN_SMM"
-[Components.IA32, Components.X64, Components.AARCH64]
+#
+# If profile is ALL or NONE or MIN_DXE_MIN_SMM, then build CryptoDxe and
+# CryptoSmm using all supported OpensslLib instances.
+#
+!if $(CRYPTO_SERVICES) in "ALL NONE MIN_DXE_MIN_SMM"
+[Components]
+ #
+ # CryptoDxe with OpensslLib instance with no SSL or EC services
+ #
CryptoPkg/Driver/CryptoDxe.inf {
<Defines>
- !if $(CRYPTO_SERVICES) == ALL
- FILE_GUID = D9444B06-060D-42C5-9344-F04707BE0169
- !elseif $(CRYPTO_SERVICES) == NONE
- FILE_GUID = C7A340F4-A6CC-4F95-A2DA-42BEA4C3944A
- !elseif $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
- FILE_GUID = DDF5BE9E-159A-4B77-B6D7-82B84B5763A2
- !endif
+ FILE_GUID = $(DXE_CRYPTO_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ }
+ #
+ # CryptoDxe with OpensslLib instance with no EC services
+ #
+ CryptoPkg/Driver/CryptoDxe.inf {
+ <Defines>
+ FILE_GUID = $(DXE_STD_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ }
+[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
+ #
+ # CryptoDxe with OpensslLib instance with all services
+ #
+ CryptoPkg/Driver/CryptoDxe.inf {
+ <Defines>
+ FILE_GUID = $(DXE_FULL_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
}
[Components.IA32, Components.X64]
+ #
+ # CryptoDxe with IA32/X64 performance optimized OpensslLib instance with no EC services
+ # with TLS feature enabled.
+ # IA32/X64 assembly optimizations required larger alignments
+ #
+ CryptoPkg/Driver/CryptoDxe.inf {
+ <Defines>
+ FILE_GUID = $(DXE_STD_ACCEL_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+ <BuildOptions>
+ MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64
+ MSFT:*_*_X64_DLINK_FLAGS = /ALIGN:256
+ }
+ #
+ # CryptoDxe with IA32/X64 performance optimized OpensslLib instance with all services.
+ # IA32/X64 assembly optimizations required larger alignments
+ #
+ CryptoPkg/Driver/CryptoDxe.inf {
+ <Defines>
+ FILE_GUID = $(DXE_FULL_ACCEL_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+ <BuildOptions>
+ MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64
+ MSFT:*_*_X64_DLINK_FLAGS = /ALIGN:256
+ }
+ #
+ # CryptoSmm with OpensslLib instance with no SSL or EC services
+ #
+ CryptoPkg/Driver/CryptoSmm.inf {
+ <Defines>
+ FILE_GUID = $(SMM_CRYPTO_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ }
+ #
+ # CryptoSmm with OpensslLib instance with no SSL services
+ #
+ CryptoPkg/Driver/CryptoSmm.inf {
+ <Defines>
+ FILE_GUID = $(SMM_STD_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ }
+ #
+ # CryptoSmm with OpensslLib instance with no all services
+ #
+ CryptoPkg/Driver/CryptoSmm.inf {
+ <Defines>
+ FILE_GUID = $(SMM_FULL_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+ }
+ #
+ # CryptoSmm with IA32/X64 performance optimized OpensslLib instance with no EC services
+ # IA32/X64 assembly optimizations required larger alignments
+ #
+ CryptoPkg/Driver/CryptoSmm.inf {
+ <Defines>
+ FILE_GUID = $(SMM_STD_ACCEL_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+ <BuildOptions>
+ MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64
+ MSFT:*_*_X64_DLINK_FLAGS = /ALIGN:256
+ }
+ #
+ # CryptoSmm with IA32/X64 performance optimized OpensslLib instance with all services
+ # IA32/X64 assembly optimizations required larger alignments
+ #
CryptoPkg/Driver/CryptoSmm.inf {
<Defines>
- !if $(CRYPTO_SERVICES) == ALL
- FILE_GUID = A3542CE8-77F7-49DC-A834-45D37D2EC1FA
- !elseif $(CRYPTO_SERVICES) == NONE
- FILE_GUID = 6DCB3127-01E7-4131-A487-DC77A965A541
- !elseif $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
- FILE_GUID = 85F7EA15-3A2B-474A-8875-180542CD6BF3
- !endif
+ FILE_GUID = $(SMM_FULL_ACCEL_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+ <BuildOptions>
+ MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64
+ MSFT:*_*_X64_DLINK_FLAGS = /ALIGN:256
}
!endif
[BuildOptions]
- *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
-!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
- MSFT:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
- INTEL:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
- GCC:*_*_*_CC_FLAGS = -D ENABLE_MD5_DEPRECATED_INTERFACES
-!endif
+ RELEASE_*_*_CC_FLAGS = -DMDEPKG_NDEBUG
+ *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [Patch 11/12] CryptoPkg: Fixed host-based unit tests
2022-10-11 15:03 [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (9 preceding siblings ...)
2022-10-11 15:03 ` [Patch 10/12] CryptoPkg: Update DSC to improve CI test coverage Michael D Kinney
@ 2022-10-11 15:03 ` Michael D Kinney
2022-10-11 15:03 ` [Patch 12/12] CryptoPkg: Add Readme.md Michael D Kinney
2022-10-12 1:08 ` [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Yao, Jiewen
12 siblings, 0 replies; 23+ messages in thread
From: Michael D Kinney @ 2022-10-11 15:03 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
* Build host-based tests using OpensslLib instance with all services
enabled.
* Build host-based tests using performance optimized OpensslLib instance
with all services enabled.
* Remove unused PCD gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
* Remove redundant and unnecessary [BuildOptions]
* Limit host-based unit tests to only IA32/X64
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
.../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 22 ++------
CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 17 ++----
.../TestBaseCryptLibHostAccel.inf | 55 +++++++++++++++++++
3 files changed, 67 insertions(+), 27 deletions(-)
create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.inf
diff --git a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
index 168e24e4c041..80261794470f 100644
--- a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
@@ -18,7 +18,7 @@ [Defines]
#
# The following information is for reference only and not required by the build tools.
#
-# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
+# VALID_ARCHITECTURES = IA32 X64
#
[Sources]
@@ -28,6 +28,7 @@ [Sources]
Hash/CryptSha256.c
Hash/CryptSha512.c
Hash/CryptSm3.c
+ Hash/CryptParallelHashNull.c
Hmac/CryptHmac.c
Kdf/CryptHkdf.c
Cipher/CryptAes.c
@@ -48,8 +49,7 @@ [Sources]
Pk/CryptRsaPss.c
Pk/CryptRsaPssSign.c
Bn/CryptBn.c
- Pk/CryptEcNull.c |*|*|*|!gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- Pk/CryptEc.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ Pk/CryptEc.c
SysCall/UnitTestHostCrtWrapper.c
@@ -59,12 +59,6 @@ [Sources.Ia32]
[Sources.X64]
Rand/CryptRandTsc.c
-[Sources.ARM]
- Rand/CryptRand.c
-
-[Sources.AARCH64]
- Rand/CryptRand.c
-
[Packages]
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec
@@ -75,9 +69,7 @@ [LibraryClasses]
MemoryAllocationLib
DebugLib
OpensslLib
-
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ PrintLib
#
# Remove these [BuildOptions] after this library is cleaned up
@@ -85,11 +77,9 @@ [FixedPcd]
[BuildOptions]
#
# suppress the following warnings so we do not break the build with warnings-as-errors:
- # C4090: 'function' : different 'const' qualifiers
- # C4018: '>': signed/unsigned mismatch
- MSFT:*_*_*_CC_FLAGS = /wd4090 /wd4018
-
+ #
GCC:*_CLANG35_*_CC_FLAGS = -std=c99
GCC:*_CLANG38_*_CC_FLAGS = -std=c99
+ GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
XCODE:*_*_*_CC_FLAGS = -std=c99
diff --git a/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc b/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc
index b6e1a6619844..369a1cb69939 100644
--- a/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc
+++ b/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc
@@ -19,19 +19,13 @@ [Defines]
!include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc
-[PcdsFixedAtBuild]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled|TRUE
-
[LibraryClasses]
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf
SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
-[LibraryClasses.AARCH64, LibraryClasses.ARM]
- RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf
-
[LibraryClasses.X64, LibraryClasses.IA32]
RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
@@ -40,9 +34,10 @@ [Components]
# Build HOST_APPLICATION that tests the SampleUnitTest
#
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
+ CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.inf {
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+ }
[BuildOptions]
- *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
- MSFT:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
- INTEL:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
- GCC:*_*_*_CC_FLAGS = -D ENABLE_MD5_DEPRECATED_INTERFACES
+ *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.inf
new file mode 100644
index 000000000000..1157542c2a14
--- /dev/null
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.inf
@@ -0,0 +1,55 @@
+## @file
+# Host-based UnitTest for BaseCryptLib
+#
+# Copyright (c) Microsoft Corporation.<BR>
+# Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = BaseCryptLibUnitTestHostAccel
+ FILE_GUID = B1AED64E-B53A-4D69-B0BA-60EEDAC47A6B
+ MODULE_TYPE = HOST_APPLICATION
+ VERSION_STRING = 1.0
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ UnitTestMain.c
+ BaseCryptLibUnitTests.c
+ TestBaseCryptLib.h
+ HashTests.c
+ HmacTests.c
+ BlockCipherTests.c
+ RsaTests.c
+ RsaPkcs7Tests.c
+ Pkcs5Pbkdf2Tests.c
+ AuthenticodeTests.c
+ TSTests.c
+ DhTests.c
+ RandTests.c
+ Pkcs7EkuTests.c
+ OaepEncryptTests.c
+ RsaPssTests.c
+ ParallelhashTests.c
+ HkdfTests.c
+ AeadAesGcmTests.c
+ BnTests.c
+ EcTests.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ DebugLib
+ BaseCryptLib
+ UnitTestLib
+ MmServicesTableLib
+ SynchronizationLib
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [Patch 12/12] CryptoPkg: Add Readme.md
2022-10-11 15:03 [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (10 preceding siblings ...)
2022-10-11 15:03 ` [Patch 11/12] CryptoPkg: Fixed host-based unit tests Michael D Kinney
@ 2022-10-11 15:03 ` Michael D Kinney
2022-10-12 1:08 ` [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Yao, Jiewen
12 siblings, 0 replies; 23+ messages in thread
From: Michael D Kinney @ 2022-10-11 15:03 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
Add Readme.md that provides an overview of the CryptoPkg
and how to configure the use of cryptographic services in
a platform.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/Readme.md | 498 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 498 insertions(+)
create mode 100644 CryptoPkg/Readme.md
diff --git a/CryptoPkg/Readme.md b/CryptoPkg/Readme.md
new file mode 100644
index 000000000000..a6f7531170ef
--- /dev/null
+++ b/CryptoPkg/Readme.md
@@ -0,0 +1,498 @@
+# Crypto Package
+
+This package provides cryptographic services that are used to implement firmware
+features such as UEFI Secure Boot, Measured Boot, firmware image authentication,
+and network boot. The cryptographic service implementation in this package uses
+services from the [OpenSSL](https://www.openssl.org/) project.
+
+EDK II firmware modules/libraries that requires the use of cryptographic
+services can either statically link all the required services, or the EDK II
+firmware module/library can use a dynamic Protocol/PPI service to call
+cryptographic services. The dynamic Protocol/PPI services are only available to
+PEIMs, DXE Drivers, UEFI Drivers, and SMM Drivers, and only if the cryptographic
+modules are included in the platform firmware image.
+
+There may be firmware image size differences between the static and dynamic
+options. Some experimentation may be required to find the solution that
+provides the smallest overall firmware overhead.
+
+# Public Library Classes
+
+* **BaseCryptLib** - Provides library functions for cryptographic primitives.
+* **TlsLib** - Provides TLS library functions for EFI TLS protocol.
+* **HashApiLib** - Provides Unified API for different hash implementations.
+
+# Private Library Classes
+
+* **OpensslLib** - Provides library functions from the openssl project.
+* **IntrinsicLib** - Provides C runtime library (CRT) required by openssl.
+
+# Private Protocols and PPIs
+
+* **EDK II Crypto PPI** - PPI that provides all the services from
+ the BaseCryptLib and TlsLib library classes.
+* **EDK II Crypto Protocol** - Protocol that provides all the services from
+ the BaseCryptLib and TlsLib library classes.
+* **EDK II SMM Crypto Protocol** - SMM Protocol that provides all the services
+ from the BaseCryptLib and TlsLib library
+ classes.
+
+## Statically Linking Cryptographic Services
+
+The figure below shows an example of a firmware modules that requires the use of
+cryptographic services. The cryptographic services are provided by three library
+classes called BaseCryptLib, TlsLib, and HashApiLib. These library classes are
+implemented using APIs from the OpenSSL project that are abstracted by the
+private library class called OpensslLib. The OpenSSL project implementation
+depends on C runtime library services. The EDK II project does not provide a
+full C runtime library for firmware components. Instead, the CryptoPkg includes
+the smallest subset of services required to build the OpenSSL project in the
+private library class called IntrinsicLib.
+
+The CryptoPkg provides several instances if the BaseCryptLib and OpensslLib with
+different cryptographic service features and performance optimizations. The
+platform developer must select the correct instances based on cryptographic
+service requirements in each UEFI/PI firmware phase (SEC, PEI, DXE, UEFI,
+UEFI RT, and SMM), firmware image size requirements, and firmware boot
+performance requirements.
+
+```
++================================+
+| EDK II Firmware Module/Library |
++================================+
+ ^ ^ ^
+ | | |
+ | | v
+ | | +============+
+ | | | HashApiLib |
+ | | +============+
+ | | ^
+ | | |
+ v v v
++========+ +====================+
+| TlsLib | | BaseCryptLib |
++========+ +====================+
+ ^ ^
+ | |
+ v v
++================================+
+| OpensslLib (Private) |
++================================+
+ ^
+ |
+ v
++================================+
+| IntrinsicLib (Private) |
++================================+
+```
+
+## Dynamically Linking Cryptographic Services
+
+The figure below shows the entire stack when dynamic linking is used with
+cryptographic services produced by the CryptoPei, CryptoDxe, or CryptoSmm module
+through a PPI/Protocol. This solution requires the CryptoPei, CryptoDxe, and
+CryptoSmm modules to be configured with the set of cryptographic services
+required by all the PEIMs, DXE Drivers, UEFI Drivers, and SMM Drivers. Dynamic
+linking is not available for SEC or UEFI RT modules.
+
+The EDK II modules/libraries that require cryptographic services use the same
+BaseCryptLib/TlsLib/HashApiLib APIs. This means no source changes are required
+to use static linking or dynamic linking. It is a platform configuration options
+to select static linking or dynamic linking. This choice can be make globally,
+per firmware module type, or individual modules.
+
+```
++===================+ +===================+ +===================+
+| EDK II PEI | | EDK II DXE/UEFI | | EDK II SMM |
+| Module/Library | | Module/Library | | Module/Library |
++===================+ +===================+ +===================+
+ ^ ^ ^ ^ ^ ^ ^ ^ ^
+ | | | | | | | | |
+ | | v | | v | | v
+ | | +==========+ | | +==========+ | | +==========+
+ | | |HashApiLib| | | |HashApiLib| | | |HashApiLib|
+ | | +==========+ | | +==========+ | | +==========+
+ | | ^ | | ^ | | ^
+ | | | | | | | | |
+ v v v v v v v v v
++===================+ +===================+ +===================+
+|TlsLib|BaseCryptLib| |TlsLib|BaseCryptLib| |TlsLib|BaseCryptLib|
++-------------------+ +-------------------+ +-------------------+
+| BaseCryptLib | | BaseCryptLib | | BaseCryptLib |
+| OnPpiProtocol/ | | OnPpiProtocol/ | | OnPpiProtocol/ |
+| PeiCryptLib.inf | | DxeCryptLib.inf | | SmmCryptLib.inf |
++===================+ +===================+ +===================+
+ ^ ^ ^
+ ||| (Dynamic) ||| (Dynamic) ||| (Dynamic)
+ v v v
++===================+ +===================+ +=====================+
+| Crypto PPI | | Crypto Protocol | | Crypto SMM Protocol |
++-------------------| |-------------------| |---------------------|
+| CryptoPei | | CryptoDxe | | CryptoSmm |
++===================+ +===================+ +=====================+
+ ^ ^ ^ ^ ^ ^
+ | | | | | |
+ v | v | v |
++========+ | +========+ | +========+ |
+| TlsLib | | | TlsLib | | | TlsLib | |
++========+ v +========+ v +========+ v
+ ^ +==============+ ^ +==============+ ^ +==============+
+ | | BaseCryptLib | | | BaseCryptLib | | | BaseCryptLib |
+ | +==============+ | +==============+ | +==============+
+ | ^ | ^ | ^
+ | | | | | |
+ v v v v v v
++===================+ +===================+ +===================+
+| OpensslLib | | OpensslLib | | OpensslLib |
++===================+ +===================+ +===================+
+ ^ ^ ^
+ | | |
+ v v v
++===================+ +===================+ +===================+
+| IntrinsicLib | | IntrinsicLib | | IntrinsicLib |
++===================+ +===================+ +===================+
+```
+
+## Supported Cryptographic Families and Services
+
+The table below provides a summary of the supported cryptographic services. It
+indicates if the family or service is deprecated or recommended to not be used.
+It also shows which *CryptLib library instances support the family or service.
+If a cell is blank then the service or family is always disabled and the
+`PcdCryptoServiceFamilyEnable` settings for that family or service is ignored.
+If the cell is not blank, then the service or family is configurable using
+`PcdCryptoServiceFamilyEnable` as long as the correct OpensslLib or TlsLib is
+also configured.
+
+|Key | Description |
+|---------|--------------------------------------------------------------------------------|
+| <blank> | Family or service is always disabled. |
+| C | Configurable using PcdCryptoServiceFamilyEnable. |
+| C-Tls | Configurable using PcdCryptoServiceFamilyEnable. Requires TlsLib.inf. |
+| C-Full | Configurable using PcdCryptoServiceFamilyEnable. Requires OpensslLibFull*.inf. |
+
+|Family/Service | Deprecated | Don't Use | SecCryptLib | PeiCryptLib | BaseCryptLib | SmmCryptLib | RuntimeCryptLib |
+|:--------------------------------|:----------:|:---------:|:-----------:|:-----------:|:------------:|:-----------:|:---------------:|
+| HmacMd5 | Y | Y | | | | | |
+| HmacSha1 | Y | Y | | | | | |
+| HmacSha256 | N | N | | C | C | C | C |
+| HmacSha384 | N | N | | C | C | C | C |
+| Md4 | Y | Y | | | | | |
+| Md5 | Y | Y | | C | C | C | C |
+| Pkcs.Pkcs1v2Encrypt | N | N | | | C | C | |
+| Pkcs.Pkcs5HashPassword | N | N | | | C | C | |
+| Pkcs.Pkcs7Verify | N | N | | C | C | C | C |
+| Pkcs.VerifyEKUsInPkcs7Signature | N | N | | C | C | C | |
+| Pkcs.Pkcs7GetSigners | N | N | | C | C | C | C |
+| Pkcs.Pkcs7FreeSigners | N | N | | C | C | C | C |
+| Pkcs.Pkcs7Sign | N | N | | | C | | |
+| Pkcs.Pkcs7GetAttachedContent | N | N | | C | C | C | |
+| Pkcs.Pkcs7GetCertificatesList | N | N | | C | C | C | C |
+| Pkcs.AuthenticodeVerify | N | N | | | C | | |
+| Pkcs.ImageTimestampVerify | N | N | | | C | | |
+| Dh | N | N | | | C | | |
+| Random | N | N | | | C | C | C |
+| Rsa.VerifyPkcs1 | Y | Y | | | | | |
+| Rsa.New | N | N | | C | C | C | C |
+| Rsa.Free | N | N | | C | C | C | C |
+| Rsa.SetKey | N | N | | C | C | C | C |
+| Rsa.GetKey | N | N | | | C | | |
+| Rsa.GenerateKey | N | N | | | C | | |
+| Rsa.CheckKey | N | N | | | C | | |
+| Rsa.Pkcs1Sign | N | N | | | C | | |
+| Rsa.Pkcs1Verify | N | N | | C | C | C | C |
+| Sha1 | N | Y | | C | C | C | C |
+| Sha256 | N | N | | C | C | C | C |
+| Sha384 | N | N | C | C | C | C | C |
+| Sha512 | N | N | C | C | C | C | C |
+| X509 | N | N | | | C | C | C |
+| Tdes | Y | N | | | | | |
+| Aes.GetContextSize | N | N | | | C | C | C |
+| Aes.Init | N | N | | | C | C | C |
+| Aes.EcbEncrypt | Y | N | | | | | |
+| Aes.EcbDecrypt | Y | N | | | | | |
+| Aes.CbcEncrypt | N | N | | | C | C | C |
+| Aes.CbcDecrypt | N | N | | | C | C | C |
+| Arc4 | Y | N | | | | | |
+| Sm3 | N | N | | C | C | C | C |
+| Hkdf | N | N | | C | C | | C |
+| Tls | N | N | | | C-Tls | | |
+| TlsSet | N | N | | | C-Tls | | |
+| TlsGet | N | N | | | C-Tls | | |
+| RsaPss.Sign | N | N | | | C | | |
+| RsaPss.Verify | N | N | | C | C | C | |
+| ParallelHash | N | N | | | | C | |
+| AeadAesGcm | N | N | | | C | | |
+| Bn | N | N | | | C | | |
+| Ec | N | N | | | C-Full | | |
+
+## Platform Configuration of Cryptographic Services
+
+Configuring the cryptographic services requires library mappings and PCD
+settings in a platform DSC file. This must be done for each of the firmware
+phases (SEC, PEI, DXE, UEFI, SMM, UEFI RT).
+
+The following table can be used to help select the best OpensslLib instance for
+each phase. The Size column only shows the estimated size increase for a
+compressed IA32/X64 modules that uses the cryptographic services with
+`OpensslLib.inf` as the baseline size. The actual size increase depends on the
+specific set of enabled cryptographic services. If ECC services are not
+required, then size can be reduced by using OpensslLib.inf instead of
+`OpensslLibFull.inf`. Performance optimization requires a size increase.
+
+| OpensslLib Instance | SSL | ECC | Perf Opt | CPU Arch | Size |
+|:------------------------|:---:|:---:|:--------:|:--------:|:-----:|
+| OpensslLibCrypto.inf | N | N | N | All | +0K |
+| OpensslLib.inf | Y | N | N | All | +0K |
+| OpensslLibAccel.inf | Y | N | Y | IA32/X64 | +20K |
+| OpensslLibFull.inf | Y | Y | N | All | +115K |
+| OpensslLibFullAccel.inf | Y | Y | Y | IA32/X64 | +135K |
+
+### SEC Phase Library Mappings
+
+The SEC Phase only supports static linking of cryptographic services. The
+following library mappings are recommended for the SEC Phase. It uses the SEC
+specific version of the BaseCryptLib and the null version of the TlsLib because
+TLS services are not typically used in SEC.
+
+```
+[LibraryClasses.common.SEC]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+```
+
+### PEI Phase Library Mappings
+
+The PEI Phase supports either static or dynamic linking of cryptographic
+services. The following library mappings are recommended for the PEI Phase. It
+uses the PEI specific version of the BaseCryptLib and the null version of the
+TlsLib because TLS services are not typically used in PEI.
+
+```
+[LibraryClasses.common.PEIM]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+```
+
+If dynamic linking is used, then all PEIMs except CryptoPei use the following
+library mappings. The CryptoPei module uses the static linking settings.
+
+```
+[LibraryClasses.common.PEIM]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
+
+[Components]
+ CryptoPkg/Driver/CryptoPei.inf {
+ <LibraryClasses>
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ }
+```
+
+### DXE Phase, UEFI Driver, UEFI Application Library Mappings
+
+The DXE/UEFI Phase supports either static or dynamic linking of cryptographic
+services. The following library mappings are recommended for the DXE/UEFI Phase.
+It uses the DXE specific version of the BaseCryptLib and the full version of the
+OpensslLib and TlsLib. If ECC services are not required then a smaller
+OpensslLib instance can be used.
+
+```
+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+```
+
+If dynamic linking is used, then all DXE Drivers except CryptoDxe use the
+following library mappings. The CryptoDxe module uses the static linking
+settings.
+
+```
+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
+
+[Components]
+ CryptoPkg/Driver/CryptoDxe.inf {
+ <LibraryClasses>
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ }
+```
+
+### SMM Phase Library Mappings
+
+The SMM Phase supports either static or dynamic linking of cryptographic
+services. The following library mappings are recommended for the SMM Phase. It
+uses the SMM specific version of the BaseCryptLib and the null version of the
+TlsLib.
+
+```
+[LibraryClasses.common.DXE_SMM_DRIVER]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+```
+
+If dynamic linking is used, then all SMM Drivers except CryptoSmm use the
+following library mappings. The CryptoDxe module uses the static linking
+settings.
+
+```
+[LibraryClasses.common.DXE_SMM_DRIVER]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+
+[Components]
+ CryptoPkg/Driver/CryptoSmm.inf {
+ <LibraryClasses>
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ }
+```
+
+### UEFI Runtime Driver Library Mappings
+
+UEFI Runtime Drivers only supports static linking of cryptographic services.
+The following library mappings are recommended for UEFI Runtime Drivers. It uses
+the runtime specific version of the BaseCryptLib and the null version of the
+TlsLib because TLS services are not typically used in runtime.
+
+```
+[LibraryClasses.common.DXE_RUNTIME_DRIVER]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+```
+
+### PCD Configuration Settings
+
+There are 2 PCD settings that are used to configure cryptographic services.
+`PcdHashApiLibPolicy` is used to configure the hash algorithm provided by the
+BaseHashApiLib library instance. `PcdCryptoServiceFamilyEnable` is used to
+configure the cryptographic services supported by the CryptoPei, CryptoDxe,
+and CryptoSmm modules.
+
+* `gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy` - This PCD indicates the
+ HASH algorithm to to use in the BaseHashApiLib to calculate hash of data. The
+ default hashing algorithm for BaseHashApiLib is set to HASH_ALG_SHA256.
+ | Setting | Algorithm |
+ |------------|------------------|
+ | 0x00000001 | HASH_ALG_SHA1 |
+ | 0x00000002 | HASH_ALG_SHA256 |
+ | 0x00000004 | HASH_ALG_SHA384 |
+ | 0x00000008 | HASH_ALG_SHA512 |
+ | 0x00000010 | HASH_ALG_SM3_256 |
+
+* `gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable` - Enable/Disable
+ the families and individual services produced by the EDK II Crypto
+ Protocols/PPIs. The default is all services disabled. This Structured PCD is
+ associated with `PCD_CRYPTO_SERVICE_FAMILY_ENABLE` structure that defined in
+ `Include/Pcd/PcdCryptoServiceFamilyEnable.h`.
+
+ There are three layers of priority that determine if a specific family or
+ individual cryptographic service is actually enabled in the CryptoPei,
+ CryptoDxe, and CryptoSmm modules.
+
+ 1) OpensslLib instance selection. When the CryptoPei, CryptoDxe, or CryptoSmm
+ drivers are built, they are statically linked to an OpensslLib library
+ instance. If the required cryptographic service is not enabled in the
+ OpensslLib instance linked, then the service is always disabled.
+ 2) BaseCryptLib instance selection.
+ * CryptoPei is always linked with the PeiCryptLib instance of the
+ BaseCryptLib library class. The table above have a column for the
+ PeiCryptLib. If the family or service is blank, then that family or
+ service is always disabled.
+ * CryptoDxe is always linked with the BaseCryptLib instance of the
+ BaseCryptLib library class. The table above have a column for the
+ BaseCryptLib. If the family or service is blank, then that family or
+ service is always disabled.
+ * CryptoSmm is always linked with the SmmCryptLib instance of the
+ BaseCryptLib library class. The table above have a column for the
+ SmmCryptLib. If the family or service is blank, then that family or
+ service is always disabled.
+ 3) If a family or service is enabled in the OpensslLib instance and it is
+ enabled in the BaseCryptLib instance, then it can be enabled/disabled
+ using `PcdCryptoServiceFamilyEnable`. This structured PCD is associated
+ with the `PCD_CRYPTO_SERVICE_FAMILY_ENABLE` data structure that contains
+ bit fields for each family of services. All of the families are disabled
+ by default. An entire family of services can be enabled by setting the
+ family field to the value `PCD_CRYPTO_SERVICE_ENABLE_FAMILY`. Individual
+ services can be enabled by setting a single service name to `TRUE`.
+ Settings listed later in the DSC file have priority over settings earlier
+ in the DSC file, so it is legal for an entire family to be enabled first
+ and then a few individual services disabled by setting the service name to
+ `FALSE`.
+
+#### Common PEI PcdCryptoServiceFamilyEnable Settings
+
+```
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
+```
+
+#### Common DXE and SMM PcdCryptoServiceFamilyEnable Settings
+
+```
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7Verify | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.VerifyEKUsInPkcs7Signature | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7GetSigners | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7FreeSigners | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.AuthenticodeVerify | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509 | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll | FALSE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetTBSCert | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Encrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Decrypt | TRUE
+```
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* Re: [edk2-devel] [Patch 06/12] CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs
2022-10-11 15:03 ` [Patch 06/12] CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs Michael D Kinney
@ 2022-10-11 23:20 ` Christopher Zurcher
2022-10-11 23:58 ` Michael D Kinney
0 siblings, 1 reply; 23+ messages in thread
From: Christopher Zurcher @ 2022-10-11 23:20 UTC (permalink / raw)
To: devel@edk2.groups.io, michael.d.kinney@intel.com
Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher, yi1 li
I would generally object to this change being made without the corresponding updates to process_files.pl, as all the manual changes to the .inf files here would have to be re-implemented for every update to the openssl submodule, and the updates to the perl script will result in their own set of architectural changes to these .inf files as well.
Thanks,
Christopher Zurcher
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael D
> Kinney
> Sent: Tuesday, October 11, 2022 08:04
> To: devel@edk2.groups.io
> Cc: Jiewen Yao <jiewen.yao@intel.com>; Jian J Wang <jian.j.wang@intel.com>;
> Xiaoyu Lu <xiaoyu1.lu@intel.com>; Guomin Jiang <guomin.jiang@intel.com>;
> Christopher Zurcher <christopher.zurcher@microsoft.com>
> Subject: [edk2-devel] [Patch 06/12] CryptoPkg/Library/OpensslLib: Combine all
> performance optimized INFs
>
> * Remove IA32/X64 specific INF files for performance
> optimized OpensslLib and combine into OpensslLibAccel.inf
> and OpensslLibFullAccel.inf.
> * Remove use of PcdOpensslEcEnabled and let the platform
> select the EC feature by using either OpensslLibFull.inf
> or OpensslLibFullAccel.inf.
> * With PcdOpensslEcEnabled removed, roll back style of opensslconf.h
> and remove opensslconf_generated.h. Move the choice to disable
> EC/SM2 into OpensslLib INF files using OPENSSL_FLAGS define.
> * Update OpensslLibContructor() API to be compatible with all
> FW phases by using types from Base.h and using RETURN_STATUS
> type and values instead of EFI_STATUS type and values.
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> ---
> CryptoPkg/CryptoPkg.ci.yaml | 8 +-
> .../Library/Include/openssl/opensslconf.h | 328 +++++++-
> .../Include/openssl/opensslconf_generated.h | 333 ---------
> CryptoPkg/Library/OpensslLib/OpensslLib.inf | 130 ++--
> CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +-
> ...OpensslLibIa32.inf => OpensslLibAccel.inf} | 186 +++--
> .../Library/OpensslLib/OpensslLibAccel.uni | 14 +
> .../OpensslLib/OpensslLibConstructor.c | 6 +-
> .../Library/OpensslLib/OpensslLibCrypto.inf | 182 +++--
> .../Library/OpensslLib/OpensslLibCrypto.uni | 11 +-
> .../{OpensslLib.inf => OpensslLibFull.inf} | 140 ++--
> .../{OpensslLib.uni => OpensslLibFull.uni} | 10 +-
> ...LibIa32Gcc.inf => OpensslLibFullAccel.inf} | 189 +++--
> .../OpensslLib/OpensslLibFullAccel.uni | 14 +
> .../Library/OpensslLib/OpensslLibX64.inf | 706 ------------------
> .../Library/OpensslLib/OpensslLibX64Gcc.inf | 706 ------------------
> 16 files changed, 848 insertions(+), 2125 deletions(-)
> delete mode 100644 CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =>
> OpensslLibAccel.inf} (79%)
> create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> copy CryptoPkg/Library/OpensslLib/{OpensslLib.inf => OpensslLibFull.inf}
> (80%)
> copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni => OpensslLibFull.uni}
> (56%)
> rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =>
> OpensslLibFullAccel.inf} (79%)
> create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
>
> diff --git a/CryptoPkg/CryptoPkg.ci.yaml b/CryptoPkg/CryptoPkg.ci.yaml
> index ca129d6ae56c..47f29759676d 100644
> --- a/CryptoPkg/CryptoPkg.ci.yaml
> +++ b/CryptoPkg/CryptoPkg.ci.yaml
> @@ -73,13 +73,7 @@
> },
> "DscCompleteCheck": {
> "DscPath": "CryptoPkg.dsc",
> - "IgnoreInf": [
> - # These are alternatives to OpensslLib.inf
> - "CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf",
> - "CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf",
> - "CryptoPkg/Library/OpensslLib/OpensslLibX64.inf",
> - "CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf"
> - ]
> + "IgnoreInf": []
> },
> "GuidCheck": {
> "IgnoreGuidName": [],
> diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> b/CryptoPkg/Library/Include/openssl/opensslconf.h
> index 53dd8c3efbe6..b98b068b3d3b 100644
> --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> @@ -9,32 +9,324 @@
> * in the file LICENSE in the source distribution or at
> * https://www.openssl.org/source/license.html
> */
> -#include <Library/PcdLib.h>
> -#include <openssl/opensslconf_generated.h>
> +
> +#include <openssl/opensslv.h>
>
> #ifdef __cplusplus
> extern "C" {
> #endif
>
> -/* Autogenerated conditional openssl feature list starts here */
> -#if !FixedPcdGetBool (PcdOpensslEcEnabled)
> -# ifndef OPENSSL_NO_EC
> -# define OPENSSL_NO_EC
> -# endif
> -# ifndef OPENSSL_NO_ECDH
> -# define OPENSSL_NO_ECDH
> -# endif
> -# ifndef OPENSSL_NO_ECDSA
> -# define OPENSSL_NO_ECDSA
> -# endif
> -# ifndef OPENSSL_NO_TLS1_3
> -# define OPENSSL_NO_TLS1_3
> +#ifdef OPENSSL_ALGORITHM_DEFINES
> +# error OPENSSL_ALGORITHM_DEFINES no longer supported
> +#endif
> +
> +/*
> + * OpenSSL was configured with the following options:
> + */
> +
> +#ifndef OPENSSL_SYS_UEFI
> +# define OPENSSL_SYS_UEFI 1
> +#endif
> +#define OPENSSL_MIN_API 0x10100000L
> +#ifndef OPENSSL_NO_BF
> +# define OPENSSL_NO_BF
> +#endif
> +#ifndef OPENSSL_NO_BLAKE2
> +# define OPENSSL_NO_BLAKE2
> +#endif
> +#ifndef OPENSSL_NO_CAMELLIA
> +# define OPENSSL_NO_CAMELLIA
> +#endif
> +#ifndef OPENSSL_NO_CAST
> +# define OPENSSL_NO_CAST
> +#endif
> +#ifndef OPENSSL_NO_CHACHA
> +# define OPENSSL_NO_CHACHA
> +#endif
> +#ifndef OPENSSL_NO_CMS
> +# define OPENSSL_NO_CMS
> +#endif
> +#ifndef OPENSSL_NO_CT
> +# define OPENSSL_NO_CT
> +#endif
> +#ifndef OPENSSL_NO_DES
> +# define OPENSSL_NO_DES
> +#endif
> +#ifndef OPENSSL_NO_DSA
> +# define OPENSSL_NO_DSA
> +#endif
> +#ifndef OPENSSL_NO_IDEA
> +# define OPENSSL_NO_IDEA
> +#endif
> +#ifndef OPENSSL_NO_MD2
> +# define OPENSSL_NO_MD2
> +#endif
> +#ifndef OPENSSL_NO_MD4
> +# define OPENSSL_NO_MD4
> +#endif
> +#ifndef OPENSSL_NO_MDC2
> +# define OPENSSL_NO_MDC2
> +#endif
> +#ifndef OPENSSL_NO_POLY1305
> +# define OPENSSL_NO_POLY1305
> +#endif
> +#ifndef OPENSSL_NO_RC2
> +# define OPENSSL_NO_RC2
> +#endif
> +#ifndef OPENSSL_NO_RC4
> +# define OPENSSL_NO_RC4
> +#endif
> +#ifndef OPENSSL_NO_RC5
> +# define OPENSSL_NO_RC5
> +#endif
> +#ifndef OPENSSL_NO_RMD160
> +# define OPENSSL_NO_RMD160
> +#endif
> +#ifndef OPENSSL_NO_SEED
> +# define OPENSSL_NO_SEED
> +#endif
> +#ifndef OPENSSL_NO_SRP
> +# define OPENSSL_NO_SRP
> +#endif
> +#ifndef OPENSSL_NO_TS
> +# define OPENSSL_NO_TS
> +#endif
> +#ifndef OPENSSL_NO_WHIRLPOOL
> +# define OPENSSL_NO_WHIRLPOOL
> +#endif
> +#ifndef OPENSSL_RAND_SEED_NONE
> +# define OPENSSL_RAND_SEED_NONE
> +#endif
> +#ifndef OPENSSL_NO_AFALGENG
> +# define OPENSSL_NO_AFALGENG
> +#endif
> +#ifndef OPENSSL_NO_APPS
> +# define OPENSSL_NO_APPS
> +#endif
> +#ifndef OPENSSL_NO_ASAN
> +# define OPENSSL_NO_ASAN
> +#endif
> +#ifndef OPENSSL_NO_ASYNC
> +# define OPENSSL_NO_ASYNC
> +#endif
> +#ifndef OPENSSL_NO_AUTOERRINIT
> +# define OPENSSL_NO_AUTOERRINIT
> +#endif
> +#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
> +# define OPENSSL_NO_AUTOLOAD_CONFIG
> +#endif
> +#ifndef OPENSSL_NO_CAPIENG
> +# define OPENSSL_NO_CAPIENG
> +#endif
> +#ifndef OPENSSL_NO_CRYPTO_MDEBUG
> +# define OPENSSL_NO_CRYPTO_MDEBUG
> +#endif
> +#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> +# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> +#endif
> +#ifndef OPENSSL_NO_DEPRECATED
> +# define OPENSSL_NO_DEPRECATED
> +#endif
> +#ifndef OPENSSL_NO_DEVCRYPTOENG
> +# define OPENSSL_NO_DEVCRYPTOENG
> +#endif
> +#ifndef OPENSSL_NO_DGRAM
> +# define OPENSSL_NO_DGRAM
> +#endif
> +#ifndef OPENSSL_NO_DTLS
> +# define OPENSSL_NO_DTLS
> +#endif
> +#ifndef OPENSSL_NO_DTLS1
> +# define OPENSSL_NO_DTLS1
> +#endif
> +#ifndef OPENSSL_NO_DTLS1_2
> +# define OPENSSL_NO_DTLS1_2
> +#endif
> +#ifndef OPENSSL_NO_EC2M
> +# define OPENSSL_NO_EC2M
> +#endif
> +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
> +# define OPENSSL_NO_EC_NISTP_64_GCC_128
> +#endif
> +#ifndef OPENSSL_NO_EGD
> +# define OPENSSL_NO_EGD
> +#endif
> +#ifndef OPENSSL_NO_ENGINE
> +# define OPENSSL_NO_ENGINE
> +#endif
> +#ifndef OPENSSL_NO_ERR
> +# define OPENSSL_NO_ERR
> +#endif
> +#ifndef OPENSSL_NO_EXTERNAL_TESTS
> +# define OPENSSL_NO_EXTERNAL_TESTS
> +#endif
> +#ifndef OPENSSL_NO_FILENAMES
> +# define OPENSSL_NO_FILENAMES
> +#endif
> +#ifndef OPENSSL_NO_FUZZ_AFL
> +# define OPENSSL_NO_FUZZ_AFL
> +#endif
> +#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
> +# define OPENSSL_NO_FUZZ_LIBFUZZER
> +#endif
> +#ifndef OPENSSL_NO_GOST
> +# define OPENSSL_NO_GOST
> +#endif
> +#ifndef OPENSSL_NO_HEARTBEATS
> +# define OPENSSL_NO_HEARTBEATS
> +#endif
> +#ifndef OPENSSL_NO_HW
> +# define OPENSSL_NO_HW
> +#endif
> +#ifndef OPENSSL_NO_MSAN
> +# define OPENSSL_NO_MSAN
> +#endif
> +#ifndef OPENSSL_NO_OCB
> +# define OPENSSL_NO_OCB
> +#endif
> +#ifndef OPENSSL_NO_POSIX_IO
> +# define OPENSSL_NO_POSIX_IO
> +#endif
> +#ifndef OPENSSL_NO_RFC3779
> +# define OPENSSL_NO_RFC3779
> +#endif
> +#ifndef OPENSSL_NO_SCRYPT
> +# define OPENSSL_NO_SCRYPT
> +#endif
> +#ifndef OPENSSL_NO_SCTP
> +# define OPENSSL_NO_SCTP
> +#endif
> +#ifndef OPENSSL_NO_SOCK
> +# define OPENSSL_NO_SOCK
> +#endif
> +#ifndef OPENSSL_NO_SSL_TRACE
> +# define OPENSSL_NO_SSL_TRACE
> +#endif
> +#ifndef OPENSSL_NO_SSL3
> +# define OPENSSL_NO_SSL3
> +#endif
> +#ifndef OPENSSL_NO_SSL3_METHOD
> +# define OPENSSL_NO_SSL3_METHOD
> +#endif
> +#ifndef OPENSSL_NO_STDIO
> +# define OPENSSL_NO_STDIO
> +#endif
> +#ifndef OPENSSL_NO_TESTS
> +# define OPENSSL_NO_TESTS
> +#endif
> +#ifndef OPENSSL_NO_UBSAN
> +# define OPENSSL_NO_UBSAN
> +#endif
> +#ifndef OPENSSL_NO_UI_CONSOLE
> +# define OPENSSL_NO_UI_CONSOLE
> +#endif
> +#ifndef OPENSSL_NO_UNIT_TEST
> +# define OPENSSL_NO_UNIT_TEST
> +#endif
> +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +# define OPENSSL_NO_WEAK_SSL_CIPHERS
> +#endif
> +#ifndef OPENSSL_NO_DYNAMIC_ENGINE
> +# define OPENSSL_NO_DYNAMIC_ENGINE
> +#endif
> +
> +
> +/*
> + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
> + * don't like that. This will hopefully silence them.
> + */
> +#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
> +
> +/*
> + * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
> + * declarations of functions deprecated in or before <version>. Otherwise,
> they
> + * still won't see them if the library has been built to disable deprecated
> + * functions.
> + */
> +#ifndef DECLARE_DEPRECATED
> +# define DECLARE_DEPRECATED(f) f;
> +# ifdef __GNUC__
> +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> +# undef DECLARE_DEPRECATED
> +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> +# endif
> +#elif defined(__SUNPRO_C)
> +#if (__SUNPRO_C >= 0x5130)
> +#undef DECLARE_DEPRECATED
> +#define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> +#endif
> # endif
> -# ifndef OPENSSL_NO_SM2
> -# define OPENSSL_NO_SM2
> +#endif
> +
> +#ifndef OPENSSL_FILE
> +# ifdef OPENSSL_NO_FILENAMES
> +# define OPENSSL_FILE ""
> +# define OPENSSL_LINE 0
> +# else
> +# define OPENSSL_FILE __FILE__
> +# define OPENSSL_LINE __LINE__
> # endif
> #endif
> -/* Autogenerated conditional openssl feature list ends here */
> +
> +#ifndef OPENSSL_MIN_API
> +# define OPENSSL_MIN_API 0
> +#endif
> +
> +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
> +# undef OPENSSL_API_COMPAT
> +# define OPENSSL_API_COMPAT OPENSSL_MIN_API
> +#endif
> +
> +/*
> + * Do not deprecate things to be deprecated in version 1.2.0 before the
> + * OpenSSL version number matches.
> + */
> +#if OPENSSL_VERSION_NUMBER < 0x10200000L
> +# define DEPRECATEDIN_1_2_0(f) f;
> +#elif OPENSSL_API_COMPAT < 0x10200000L
> +# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f)
> +#else
> +# define DEPRECATEDIN_1_2_0(f)
> +#endif
> +
> +#if OPENSSL_API_COMPAT < 0x10100000L
> +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
> +#else
> +# define DEPRECATEDIN_1_1_0(f)
> +#endif
> +
> +#if OPENSSL_API_COMPAT < 0x10000000L
> +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
> +#else
> +# define DEPRECATEDIN_1_0_0(f)
> +#endif
> +
> +#if OPENSSL_API_COMPAT < 0x00908000L
> +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
> +#else
> +# define DEPRECATEDIN_0_9_8(f)
> +#endif
> +
> +/* Generate 80386 code? */
> +#undef I386_ONLY
> +
> +#undef OPENSSL_UNISTD
> +#define OPENSSL_UNISTD <unistd.h>
> +
> +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
> +
> +/*
> + * The following are cipher-specific, but are part of the public API.
> + */
> +#if !defined(OPENSSL_SYS_UEFI)
> +# undef BN_LLONG
> +/* Only one for the following should be defined */
> +# undef SIXTY_FOUR_BIT_LONG
> +# undef SIXTY_FOUR_BIT
> +# define THIRTY_TWO_BIT
> +#endif
> +
> +#define RC4_INT unsigned int
>
> #ifdef __cplusplus
> }
> diff --git a/CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> b/CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> deleted file mode 100644
> index 09a6641ffcf9..000000000000
> --- a/CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> +++ /dev/null
> @@ -1,333 +0,0 @@
> -/*
> - * WARNING: do not edit!
> - * Generated from include/openssl/opensslconf.h.in
> - *
> - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
> - *
> - * Licensed under the OpenSSL license (the "License"). You may not use
> - * this file except in compliance with the License. You can obtain a copy
> - * in the file LICENSE in the source distribution or at
> - * https://www.openssl.org/source/license.html
> - */
> -
> -#include <openssl/opensslv.h>
> -
> -#ifdef __cplusplus
> -extern "C" {
> -#endif
> -
> -#ifdef OPENSSL_ALGORITHM_DEFINES
> -# error OPENSSL_ALGORITHM_DEFINES no longer supported
> -#endif
> -
> -/*
> - * OpenSSL was configured with the following options:
> - */
> -
> -#ifndef OPENSSL_SYS_UEFI
> -# define OPENSSL_SYS_UEFI 1
> -#endif
> -#define OPENSSL_MIN_API 0x10100000L
> -#ifndef OPENSSL_NO_BF
> -# define OPENSSL_NO_BF
> -#endif
> -#ifndef OPENSSL_NO_BLAKE2
> -# define OPENSSL_NO_BLAKE2
> -#endif
> -#ifndef OPENSSL_NO_CAMELLIA
> -# define OPENSSL_NO_CAMELLIA
> -#endif
> -#ifndef OPENSSL_NO_CAST
> -# define OPENSSL_NO_CAST
> -#endif
> -#ifndef OPENSSL_NO_CHACHA
> -# define OPENSSL_NO_CHACHA
> -#endif
> -#ifndef OPENSSL_NO_CMS
> -# define OPENSSL_NO_CMS
> -#endif
> -#ifndef OPENSSL_NO_CT
> -# define OPENSSL_NO_CT
> -#endif
> -#ifndef OPENSSL_NO_DES
> -# define OPENSSL_NO_DES
> -#endif
> -#ifndef OPENSSL_NO_DSA
> -# define OPENSSL_NO_DSA
> -#endif
> -#ifndef OPENSSL_NO_IDEA
> -# define OPENSSL_NO_IDEA
> -#endif
> -#ifndef OPENSSL_NO_MD2
> -# define OPENSSL_NO_MD2
> -#endif
> -#ifndef OPENSSL_NO_MD4
> -# define OPENSSL_NO_MD4
> -#endif
> -#ifndef OPENSSL_NO_MDC2
> -# define OPENSSL_NO_MDC2
> -#endif
> -#ifndef OPENSSL_NO_POLY1305
> -# define OPENSSL_NO_POLY1305
> -#endif
> -#ifndef OPENSSL_NO_RC2
> -# define OPENSSL_NO_RC2
> -#endif
> -#ifndef OPENSSL_NO_RC4
> -# define OPENSSL_NO_RC4
> -#endif
> -#ifndef OPENSSL_NO_RC5
> -# define OPENSSL_NO_RC5
> -#endif
> -#ifndef OPENSSL_NO_RMD160
> -# define OPENSSL_NO_RMD160
> -#endif
> -#ifndef OPENSSL_NO_SEED
> -# define OPENSSL_NO_SEED
> -#endif
> -#ifndef OPENSSL_NO_SRP
> -# define OPENSSL_NO_SRP
> -#endif
> -#ifndef OPENSSL_NO_TS
> -# define OPENSSL_NO_TS
> -#endif
> -#ifndef OPENSSL_NO_WHIRLPOOL
> -# define OPENSSL_NO_WHIRLPOOL
> -#endif
> -#ifndef OPENSSL_RAND_SEED_NONE
> -# define OPENSSL_RAND_SEED_NONE
> -#endif
> -#ifndef OPENSSL_NO_AFALGENG
> -# define OPENSSL_NO_AFALGENG
> -#endif
> -#ifndef OPENSSL_NO_APPS
> -# define OPENSSL_NO_APPS
> -#endif
> -#ifndef OPENSSL_NO_ASAN
> -# define OPENSSL_NO_ASAN
> -#endif
> -#ifndef OPENSSL_NO_ASYNC
> -# define OPENSSL_NO_ASYNC
> -#endif
> -#ifndef OPENSSL_NO_AUTOERRINIT
> -# define OPENSSL_NO_AUTOERRINIT
> -#endif
> -#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
> -# define OPENSSL_NO_AUTOLOAD_CONFIG
> -#endif
> -#ifndef OPENSSL_NO_CAPIENG
> -# define OPENSSL_NO_CAPIENG
> -#endif
> -#ifndef OPENSSL_NO_CRYPTO_MDEBUG
> -# define OPENSSL_NO_CRYPTO_MDEBUG
> -#endif
> -#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> -# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> -#endif
> -#ifndef OPENSSL_NO_DEPRECATED
> -# define OPENSSL_NO_DEPRECATED
> -#endif
> -#ifndef OPENSSL_NO_DEVCRYPTOENG
> -# define OPENSSL_NO_DEVCRYPTOENG
> -#endif
> -#ifndef OPENSSL_NO_DGRAM
> -# define OPENSSL_NO_DGRAM
> -#endif
> -#ifndef OPENSSL_NO_DTLS
> -# define OPENSSL_NO_DTLS
> -#endif
> -#ifndef OPENSSL_NO_DTLS1
> -# define OPENSSL_NO_DTLS1
> -#endif
> -#ifndef OPENSSL_NO_DTLS1_2
> -# define OPENSSL_NO_DTLS1_2
> -#endif
> -#ifndef OPENSSL_NO_EC2M
> -# define OPENSSL_NO_EC2M
> -#endif
> -#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
> -# define OPENSSL_NO_EC_NISTP_64_GCC_128
> -#endif
> -#ifndef OPENSSL_NO_EGD
> -# define OPENSSL_NO_EGD
> -#endif
> -#ifndef OPENSSL_NO_ENGINE
> -# define OPENSSL_NO_ENGINE
> -#endif
> -#ifndef OPENSSL_NO_ERR
> -# define OPENSSL_NO_ERR
> -#endif
> -#ifndef OPENSSL_NO_EXTERNAL_TESTS
> -# define OPENSSL_NO_EXTERNAL_TESTS
> -#endif
> -#ifndef OPENSSL_NO_FILENAMES
> -# define OPENSSL_NO_FILENAMES
> -#endif
> -#ifndef OPENSSL_NO_FUZZ_AFL
> -# define OPENSSL_NO_FUZZ_AFL
> -#endif
> -#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
> -# define OPENSSL_NO_FUZZ_LIBFUZZER
> -#endif
> -#ifndef OPENSSL_NO_GOST
> -# define OPENSSL_NO_GOST
> -#endif
> -#ifndef OPENSSL_NO_HEARTBEATS
> -# define OPENSSL_NO_HEARTBEATS
> -#endif
> -#ifndef OPENSSL_NO_HW
> -# define OPENSSL_NO_HW
> -#endif
> -#ifndef OPENSSL_NO_MSAN
> -# define OPENSSL_NO_MSAN
> -#endif
> -#ifndef OPENSSL_NO_OCB
> -# define OPENSSL_NO_OCB
> -#endif
> -#ifndef OPENSSL_NO_POSIX_IO
> -# define OPENSSL_NO_POSIX_IO
> -#endif
> -#ifndef OPENSSL_NO_RFC3779
> -# define OPENSSL_NO_RFC3779
> -#endif
> -#ifndef OPENSSL_NO_SCRYPT
> -# define OPENSSL_NO_SCRYPT
> -#endif
> -#ifndef OPENSSL_NO_SCTP
> -# define OPENSSL_NO_SCTP
> -#endif
> -#ifndef OPENSSL_NO_SOCK
> -# define OPENSSL_NO_SOCK
> -#endif
> -#ifndef OPENSSL_NO_SSL_TRACE
> -# define OPENSSL_NO_SSL_TRACE
> -#endif
> -#ifndef OPENSSL_NO_SSL3
> -# define OPENSSL_NO_SSL3
> -#endif
> -#ifndef OPENSSL_NO_SSL3_METHOD
> -# define OPENSSL_NO_SSL3_METHOD
> -#endif
> -#ifndef OPENSSL_NO_STDIO
> -# define OPENSSL_NO_STDIO
> -#endif
> -#ifndef OPENSSL_NO_TESTS
> -# define OPENSSL_NO_TESTS
> -#endif
> -#ifndef OPENSSL_NO_UBSAN
> -# define OPENSSL_NO_UBSAN
> -#endif
> -#ifndef OPENSSL_NO_UI_CONSOLE
> -# define OPENSSL_NO_UI_CONSOLE
> -#endif
> -#ifndef OPENSSL_NO_UNIT_TEST
> -# define OPENSSL_NO_UNIT_TEST
> -#endif
> -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> -# define OPENSSL_NO_WEAK_SSL_CIPHERS
> -#endif
> -#ifndef OPENSSL_NO_DYNAMIC_ENGINE
> -# define OPENSSL_NO_DYNAMIC_ENGINE
> -#endif
> -
> -
> -/*
> - * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
> - * don't like that. This will hopefully silence them.
> - */
> -#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
> -
> -/*
> - * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
> - * declarations of functions deprecated in or before <version>. Otherwise,
> they
> - * still won't see them if the library has been built to disable deprecated
> - * functions.
> - */
> -#ifndef DECLARE_DEPRECATED
> -# define DECLARE_DEPRECATED(f) f;
> -# ifdef __GNUC__
> -# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> -# undef DECLARE_DEPRECATED
> -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> -# endif
> -# elif defined(__SUNPRO_C)
> -# if (__SUNPRO_C >= 0x5130)
> -# undef DECLARE_DEPRECATED
> -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> -# endif
> -# endif
> -#endif
> -
> -#ifndef OPENSSL_FILE
> -# ifdef OPENSSL_NO_FILENAMES
> -# define OPENSSL_FILE ""
> -# define OPENSSL_LINE 0
> -# else
> -# define OPENSSL_FILE __FILE__
> -# define OPENSSL_LINE __LINE__
> -# endif
> -#endif
> -
> -#ifndef OPENSSL_MIN_API
> -# define OPENSSL_MIN_API 0
> -#endif
> -
> -#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
> -# undef OPENSSL_API_COMPAT
> -# define OPENSSL_API_COMPAT OPENSSL_MIN_API
> -#endif
> -
> -/*
> - * Do not deprecate things to be deprecated in version 1.2.0 before the
> - * OpenSSL version number matches.
> - */
> -#if OPENSSL_VERSION_NUMBER < 0x10200000L
> -# define DEPRECATEDIN_1_2_0(f) f;
> -#elif OPENSSL_API_COMPAT < 0x10200000L
> -# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f)
> -#else
> -# define DEPRECATEDIN_1_2_0(f)
> -#endif
> -
> -#if OPENSSL_API_COMPAT < 0x10100000L
> -# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
> -#else
> -# define DEPRECATEDIN_1_1_0(f)
> -#endif
> -
> -#if OPENSSL_API_COMPAT < 0x10000000L
> -# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
> -#else
> -# define DEPRECATEDIN_1_0_0(f)
> -#endif
> -
> -#if OPENSSL_API_COMPAT < 0x00908000L
> -# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
> -#else
> -# define DEPRECATEDIN_0_9_8(f)
> -#endif
> -
> -/* Generate 80386 code? */
> -#undef I386_ONLY
> -
> -#undef OPENSSL_UNISTD
> -#define OPENSSL_UNISTD <unistd.h>
> -
> -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
> -
> -/*
> - * The following are cipher-specific, but are part of the public API.
> - */
> -#if !defined(OPENSSL_SYS_UEFI)
> -# undef BN_LLONG
> -/* Only one for the following should be defined */
> -# undef SIXTY_FOUR_BIT_LONG
> -# undef SIXTY_FOUR_BIT
> -# define THIRTY_TWO_BIT
> -#endif
> -
> -#define RC4_INT unsigned int
> -
> -#ifdef __cplusplus
> -}
> -#endif
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> index c899b811b149..7d4b729bf7c7 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> @@ -1,5 +1,5 @@
> ## @file
> -# This module provides OpenSSL Library implementation.
> +# This module provides OpenSSL Library implementation with TLS features.
> #
> # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
> # (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> @@ -15,14 +15,18 @@ [Defines]
> MODULE_TYPE = BASE
> VERSION_STRING = 1.0
> LIBRARY_CLASS = OpensslLib
> + CONSTRUCTOR = OpensslLibConstructor
> +
> DEFINE OPENSSL_PATH = openssl
> - DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM
> + DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_EC -
> DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_TLS1_3 -DOPENSSL_NO_SM2 -
> DOPENSSL_NO_ASM
> + DEFINE OPENSSL_FLAGS_CONFIG =
>
> #
> # VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
> #
>
> [Sources]
> + OpensslLibConstructor.c
> $(OPENSSL_PATH)/e_os.h
> $(OPENSSL_PATH)/ms/uplink.h
> # Autogenerated files list starts here
> @@ -199,43 +203,43 @@ [Sources]
> $(OPENSSL_PATH)/crypto/dso/dso_vms.c
> $(OPENSSL_PATH)/crypto/dso/dso_win32.c
> $(OPENSSL_PATH)/crypto/ebcdic.c
> - $(OPENSSL_PATH)/crypto/ec/curve25519.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_check.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_err.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_key.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_print.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> +# $(OPENSSL_PATH)/crypto/ec/curve25519.c
> +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> +# $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> +# $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> +# $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> +# $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> +# $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_check.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_err.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_key.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_print.c
> +# $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> +# $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> +# $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> +# $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> +# $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> +# $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> +# $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> $(OPENSSL_PATH)/crypto/err/err.c
> $(OPENSSL_PATH)/crypto/err/err_prn.c
> $(OPENSSL_PATH)/crypto/evp/bio_b64.c
> @@ -421,10 +425,10 @@ [Sources]
> $(OPENSSL_PATH)/crypto/siphash/siphash.c
> $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
> $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
> - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> +# $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> +# $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> +# $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> +# $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
> $(OPENSSL_PATH)/crypto/sm3/sm3.c
> $(OPENSSL_PATH)/crypto/sm4/sm4.c
> @@ -537,15 +541,15 @@ [Sources]
> $(OPENSSL_PATH)/crypto/conf/conf_local.h
> $(OPENSSL_PATH)/crypto/dh/dh_local.h
> $(OPENSSL_PATH)/crypto/dso/dso_local.h
> - $(OPENSSL_PATH)/crypto/ec/ec_local.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> +# $(OPENSSL_PATH)/crypto/ec/ec_local.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> $(OPENSSL_PATH)/crypto/evp/evp_local.h
> $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> @@ -637,15 +641,13 @@ [LibraryClasses]
> [LibraryClasses.ARM]
> ArmSoftFloatLib
>
> -[FixedPcd]
> - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
> -
> [BuildOptions]
> #
> # Disables the following Visual Studio compiler warnings brought by
> openssl source,
> # so we do not break the build with /WX option:
> # C4090: 'function' : different 'const' qualifiers
> # C4132: 'object' : const object should be initialized (tls13_enc.c)
> + # C4210: nonstandard extension used: function given file scope
> # C4244: conversion from type1 to type2, possible loss of data
> # C4245: conversion from type1 to type2, signed/unsigned mismatch
> # C4267: conversion from size_t to type, possible loss of data
> @@ -657,11 +659,11 @@ [BuildOptions]
> # C4706: assignment within conditional expression
> # C4819: The file contains a character that cannot be represented in the
> current code page
> #
> - MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702
> /wd4706 /wd4819
> - MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389
> /wd4702 /wd4706 /wd4819
> + MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
> + MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
>
> - INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> $(OPENSSL_FLAGS) /w
> - INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> $(OPENSSL_FLAGS) /w
> + INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> + INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
>
> #
> # Suppress the following build warnings in openssl so we don't break the
> build with -Werror
> @@ -670,10 +672,10 @@ [BuildOptions]
> # types appropriate to the format string specified.
> # -Werror=unused-but-set-variable: Warn whenever a local variable is
> assigned to, but otherwise unused (aside from its declaration).
> #
> - GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-
> error=maybe-uninitialized -Wno-error=unused-but-set-variable
> - GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-
> error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-
> but-set-variable -DNO_MSABI_VA_FUNCS
> + GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-
> set-variable
> + GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -
> Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
> GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> -Wno-error=unused-but-set-variable
> - GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> -Wno-format -Wno-error=unused-but-set-variable
> + GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> -Wno-format -Wno-error=unused-but-set-variable -Wno-error=format
> GCC:*_*_RISCV64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> -Wno-format -Wno-error=unused-but-set-variable
> GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> @@ -698,8 +700,8 @@ [BuildOptions]
> # 1: ignore "#1-D: last line of file ends without a newline"
> # 3017: <entity> may be used before being set (NOTE: This was fixed in
> OpenSSL 1.1 HEAD with
> # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be
> dropped then.)
> - XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> -w -std=c99 -Wno-error=uninitialized
> - XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> -w -std=c99 -Wno-error=uninitialized
> + XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> + XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
>
> #
> # AARCH64 uses strict alignment and avoids SIMD registers for code that
> may execute
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.uni
> b/CryptoPkg/Library/OpensslLib/OpensslLib.uni
> index abaff8a3c37f..6b62c46040f9 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.uni
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.uni
> @@ -1,7 +1,5 @@
> // /** @file
> -// This module provides openSSL Library implementation.
> -//
> -// This module provides OpenSSL Library implementation.
> +// This module provides OpenSSL Library implementation with TLS features.
> //
> // Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
> //
> @@ -9,8 +7,6 @@
> //
> // **/
>
> +#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library
> implementation with TLS features."
>
> -#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library
> implementation"
> -
> -#string STR_MODULE_DESCRIPTION #language en-US "This module
> provides OpenSSL Library implementation."
> -
> +#string STR_MODULE_DESCRIPTION #language en-US "This module
> provides OpenSSL Library implementation with TLS features."
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
> similarity index 79%
> rename from CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf
> rename to CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
> index b6ee718edeff..b552b011e2bf 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
> @@ -1,5 +1,7 @@
> ## @file
> -# This module provides OpenSSL Library implementation.
> +# This module provides OpenSSL Library implementation with TLS features
> +# along with performance optimized implementations of SHA1, SHA256, SHA512,
> +# AESNI, VPAED, and GHASH for IA32 and X64.
> #
> # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
> # (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> @@ -9,33 +11,27 @@
>
> [Defines]
> INF_VERSION = 0x00010005
> - BASE_NAME = OpensslLibIa32
> - MODULE_UNI_FILE = OpensslLib.uni
> - FILE_GUID = 5805D1D4-F8EE-4FBA-BDD8-74465F16A534
> + BASE_NAME = OpensslLibAccel
> + MODULE_UNI_FILE = OpensslLibAccel.uni
> + FILE_GUID = 96A34760-B04A-44EB-9680-AC7606E9776B
> MODULE_TYPE = BASE
> VERSION_STRING = 1.0
> LIBRARY_CLASS = OpensslLib
> + CONSTRUCTOR = OpensslLibConstructor
> +
> DEFINE OPENSSL_PATH = openssl
> - DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
> + DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_EC -
> DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_TLS1_3 -DOPENSSL_NO_SM2
> DEFINE OPENSSL_FLAGS_CONFIG = -DOPENSSL_CPUID_OBJ -DSHA1_ASM -
> DSHA256_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
> - CONSTRUCTOR = OpensslLibConstructor
>
> #
> -# VALID_ARCHITECTURES = IA32
> +# VALID_ARCHITECTURES = IA32 X64
> #
>
> -[Sources.IA32]
> +[Sources]
> OpensslLibConstructor.c
> $(OPENSSL_PATH)/e_os.h
> $(OPENSSL_PATH)/ms/uplink.h
> # Autogenerated files list starts here
> - IA32/crypto/aes/aesni-x86.nasm
> - IA32/crypto/aes/vpaes-x86.nasm
> - IA32/crypto/modes/ghash-x86.nasm
> - IA32/crypto/sha/sha1-586.nasm
> - IA32/crypto/sha/sha256-586.nasm
> - IA32/crypto/sha/sha512-586.nasm
> - IA32/crypto/x86cpuid.nasm
> $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
> $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
> $(OPENSSL_PATH)/crypto/aes/aes_core.c
> @@ -209,43 +205,43 @@ [Sources.IA32]
> $(OPENSSL_PATH)/crypto/dso/dso_vms.c
> $(OPENSSL_PATH)/crypto/dso/dso_win32.c
> $(OPENSSL_PATH)/crypto/ebcdic.c
> - $(OPENSSL_PATH)/crypto/ec/curve25519.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_check.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_err.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_key.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_print.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> +# $(OPENSSL_PATH)/crypto/ec/curve25519.c
> +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> +# $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> +# $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> +# $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> +# $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> +# $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_check.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_err.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_key.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_print.c
> +# $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> +# $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> +# $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> +# $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> +# $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> +# $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> +# $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> $(OPENSSL_PATH)/crypto/err/err.c
> $(OPENSSL_PATH)/crypto/err/err_prn.c
> $(OPENSSL_PATH)/crypto/evp/bio_b64.c
> @@ -324,6 +320,7 @@ [Sources.IA32]
> $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
> $(OPENSSL_PATH)/crypto/md5/md5_one.c
> $(OPENSSL_PATH)/crypto/mem.c
> +# $(OPENSSL_PATH)/crypto/mem_clr.c # Replaced by assembly optimized
> NASM/S files
> $(OPENSSL_PATH)/crypto/mem_dbg.c
> $(OPENSSL_PATH)/crypto/mem_sec.c
> $(OPENSSL_PATH)/crypto/modes/cbc128.c
> @@ -430,10 +427,10 @@ [Sources.IA32]
> $(OPENSSL_PATH)/crypto/siphash/siphash.c
> $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
> $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
> - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> +# $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> +# $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> +# $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> +# $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
> $(OPENSSL_PATH)/crypto/sm3/sm3.c
> $(OPENSSL_PATH)/crypto/sm4/sm4.c
> @@ -546,15 +543,15 @@ [Sources.IA32]
> $(OPENSSL_PATH)/crypto/conf/conf_local.h
> $(OPENSSL_PATH)/crypto/dh/dh_local.h
> $(OPENSSL_PATH)/crypto/dso/dso_local.h
> - $(OPENSSL_PATH)/crypto/ec/ec_local.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> +# $(OPENSSL_PATH)/crypto/ec/ec_local.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> $(OPENSSL_PATH)/crypto/evp/evp_local.h
> $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> @@ -633,6 +630,53 @@ [Sources.IA32]
> ossl_store.c
> rand_pool.c
>
> +[Sources.IA32]
> + IA32/crypto/aes/aesni-x86.nasm | MSFT
> + IA32/crypto/aes/vpaes-x86.nasm | MSFT
> + IA32/crypto/modes/ghash-x86.nasm | MSFT
> + IA32/crypto/sha/sha1-586.nasm | MSFT
> + IA32/crypto/sha/sha256-586.nasm | MSFT
> + IA32/crypto/sha/sha512-586.nasm | MSFT
> + IA32/crypto/x86cpuid.nasm | MSFT
> +
> + IA32Gcc/crypto/aes/aesni-x86.S | GCC
> + IA32Gcc/crypto/aes/vpaes-x86.S | GCC
> + IA32Gcc/crypto/modes/ghash-x86.S | GCC
> + IA32Gcc/crypto/sha/sha1-586.S | GCC
> + IA32Gcc/crypto/sha/sha256-586.S | GCC
> + IA32Gcc/crypto/sha/sha512-586.S | GCC
> + IA32Gcc/crypto/x86cpuid.S | GCC
> +
> +[Sources.X64]
> + X64/ApiHooks.c
> + X64/crypto/aes/aesni-mb-x86_64.nasm | MSFT
> + X64/crypto/aes/aesni-sha1-x86_64.nasm | MSFT
> + X64/crypto/aes/aesni-sha256-x86_64.nasm | MSFT
> + X64/crypto/aes/aesni-x86_64.nasm | MSFT
> + X64/crypto/aes/vpaes-x86_64.nasm | MSFT
> + X64/crypto/modes/aesni-gcm-x86_64.nasm | MSFT
> + X64/crypto/modes/ghash-x86_64.nasm | MSFT
> + X64/crypto/sha/sha1-mb-x86_64.nasm | MSFT
> + X64/crypto/sha/sha1-x86_64.nasm | MSFT
> + X64/crypto/sha/sha256-mb-x86_64.nasm | MSFT
> + X64/crypto/sha/sha256-x86_64.nasm | MSFT
> + X64/crypto/sha/sha512-x86_64.nasm | MSFT
> + X64/crypto/x86_64cpuid.nasm | MSFT
> +
> + X64Gcc/crypto/aes/aesni-mb-x86_64.S | GCC
> + X64Gcc/crypto/aes/aesni-sha1-x86_64.S | GCC
> + X64Gcc/crypto/aes/aesni-sha256-x86_64.S | GCC
> + X64Gcc/crypto/aes/aesni-x86_64.S | GCC
> + X64Gcc/crypto/aes/vpaes-x86_64.S | GCC
> + X64Gcc/crypto/modes/aesni-gcm-x86_64.S | GCC
> + X64Gcc/crypto/modes/ghash-x86_64.S | GCC
> + X64Gcc/crypto/sha/sha1-mb-x86_64.S | GCC
> + X64Gcc/crypto/sha/sha1-x86_64.S | GCC
> + X64Gcc/crypto/sha/sha256-mb-x86_64.S | GCC
> + X64Gcc/crypto/sha/sha256-x86_64.S | GCC
> + X64Gcc/crypto/sha/sha512-x86_64.S | GCC
> + X64Gcc/crypto/x86_64cpuid.S | GCC
> +
> [Packages]
> MdePkg/MdePkg.dec
> CryptoPkg/CryptoPkg.dec
> @@ -643,9 +687,6 @@ [LibraryClasses]
> RngLib
> PrintLib
>
> -[FixedPcd]
> - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
> -
> [BuildOptions]
> #
> # Disables the following Visual Studio compiler warnings brought by
> openssl source,
> @@ -665,8 +706,10 @@ [BuildOptions]
> # C4819: The file contains a character that cannot be represented in the
> current code page
> #
> MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
> + MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
>
> INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> + INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
>
> #
> # Suppress the following build warnings in openssl so we don't break the
> build with -Werror
> @@ -675,7 +718,11 @@ [BuildOptions]
> # types appropriate to the format string specified.
> # -Werror=unused-but-set-variable: Warn whenever a local variable is
> assigned to, but otherwise unused (aside from its declaration).
> #
> - GCC:*_*_IA32_CC_FLAGS = -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-
> set-variable
> + GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-
> set-variable
> + GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -
> Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
> + GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> + GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> + GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized -Wno-
> error=incompatible-pointer-types -Wno-error=pointer-sign -Wno-error=implicit-
> function-declaration -Wno-error=ignored-pragma-optimize
>
> # suppress the following warnings in openssl so we don't break the build
> with warnings-as-errors:
> # 1295: Deprecated declaration <entity> - give arg types
> @@ -697,3 +744,4 @@ [BuildOptions]
> # 3017: <entity> may be used before being set (NOTE: This was fixed in
> OpenSSL 1.1 HEAD with
> # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be
> dropped then.)
> XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> + XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> new file mode 100644
> index 000000000000..e547a0c1e816
> --- /dev/null
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> @@ -0,0 +1,14 @@
> +// /** @file
> +// This module provides OpenSSL Library implementation with TLS features
> +// along with performance optimized implementations of SHA1, SHA256, SHA512,
> +// AESNI, VPAED, and GHASH for IA32 and X64.
> +//
> +// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
> +//
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
> +//
> +// **/
> +
> +#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library
> implementation with TLS features and performance optimizations"
> +
> +#string STR_MODULE_DESCRIPTION #language en-US "This module
> provides OpenSSL Library implementation with TLS features along with
> performance optimized implementations of SHA1, SHA256, SHA512, AESNI, VPAED,
> and GHASH for IA32 and X64."
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
> b/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
> index 18d8a5612808..5daf73a54710 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
> @@ -6,7 +6,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
>
> -#include <Uefi.h>
> +#include <Base.h>
>
> /**
> An internal OpenSSL function which fetches a local copy of the hardware
> @@ -30,7 +30,7 @@ OPENSSL_cpuid_setup (
> @retval EFI_SUCCESS The construction succeeded.
>
> **/
> -EFI_STATUS
> +RETURN_STATUS
> EFIAPI
> OpensslLibConstructor (
> VOID
> @@ -38,5 +38,5 @@ OpensslLibConstructor (
> {
> OPENSSL_cpuid_setup ();
>
> - return EFI_SUCCESS;
> + return RETURN_SUCCESS;
> }
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> index 0ec372454119..5492865ddb2d 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> @@ -1,5 +1,6 @@
> ## @file
> -# This module provides OpenSSL Library implementation.
> +# This module provides OpenSSL Library implementation with ECC and TLS
> +# features removed and features have performance optimizations enabled.
> #
> # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
> # (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> @@ -15,14 +16,18 @@ [Defines]
> MODULE_TYPE = BASE
> VERSION_STRING = 1.0
> LIBRARY_CLASS = OpensslLib
> + CONSTRUCTOR = OpensslLibConstructor
> +
> DEFINE OPENSSL_PATH = openssl
> - DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM
> + DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_EC -
> DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_TLS1_3 -DOPENSSL_NO_SM2 -
> DOPENSSL_NO_ASM
> + DEFINE OPENSSL_FLAGS_CONFIG =
>
> #
> # VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
> #
>
> [Sources]
> + OpensslLibConstructor.c
> $(OPENSSL_PATH)/e_os.h
> $(OPENSSL_PATH)/ms/uplink.h
> # Autogenerated files list starts here
> @@ -199,43 +204,43 @@ [Sources]
> $(OPENSSL_PATH)/crypto/dso/dso_vms.c
> $(OPENSSL_PATH)/crypto/dso/dso_win32.c
> $(OPENSSL_PATH)/crypto/ebcdic.c
> - $(OPENSSL_PATH)/crypto/ec/curve25519.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_check.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_err.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_key.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_print.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> +# $(OPENSSL_PATH)/crypto/ec/curve25519.c
> +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> +# $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> +# $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> +# $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> +# $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> +# $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_check.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_err.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_key.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> +# $(OPENSSL_PATH)/crypto/ec/ec_print.c
> +# $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> +# $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> +# $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> +# $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> +# $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> +# $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> +# $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> +# $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> $(OPENSSL_PATH)/crypto/err/err.c
> $(OPENSSL_PATH)/crypto/err/err_prn.c
> $(OPENSSL_PATH)/crypto/evp/bio_b64.c
> @@ -421,10 +426,10 @@ [Sources]
> $(OPENSSL_PATH)/crypto/siphash/siphash.c
> $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
> $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
> - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> +# $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> +# $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> +# $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> +# $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
> $(OPENSSL_PATH)/crypto/sm3/sm3.c
> $(OPENSSL_PATH)/crypto/sm4/sm4.c
> @@ -537,15 +542,15 @@ [Sources]
> $(OPENSSL_PATH)/crypto/conf/conf_local.h
> $(OPENSSL_PATH)/crypto/dh/dh_local.h
> $(OPENSSL_PATH)/crypto/dso/dso_local.h
> - $(OPENSSL_PATH)/crypto/ec/ec_local.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> +# $(OPENSSL_PATH)/crypto/ec/ec_local.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> $(OPENSSL_PATH)/crypto/evp/evp_local.h
> $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> @@ -568,6 +573,57 @@ [Sources]
> $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
> $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
> $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
> +# $(OPENSSL_PATH)/ssl/bio_ssl.c
> +# $(OPENSSL_PATH)/ssl/d1_lib.c
> +# $(OPENSSL_PATH)/ssl/d1_msg.c
> +# $(OPENSSL_PATH)/ssl/d1_srtp.c
> +# $(OPENSSL_PATH)/ssl/methods.c
> +# $(OPENSSL_PATH)/ssl/packet.c
> +# $(OPENSSL_PATH)/ssl/pqueue.c
> +# $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c
> +# $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c
> +# $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c
> +# $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c
> +# $(OPENSSL_PATH)/ssl/record/ssl3_record.c
> +# $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c
> +# $(OPENSSL_PATH)/ssl/s3_cbc.c
> +# $(OPENSSL_PATH)/ssl/s3_enc.c
> +# $(OPENSSL_PATH)/ssl/s3_lib.c
> +# $(OPENSSL_PATH)/ssl/s3_msg.c
> +# $(OPENSSL_PATH)/ssl/ssl_asn1.c
> +# $(OPENSSL_PATH)/ssl/ssl_cert.c
> +# $(OPENSSL_PATH)/ssl/ssl_ciph.c
> +# $(OPENSSL_PATH)/ssl/ssl_conf.c
> +# $(OPENSSL_PATH)/ssl/ssl_err.c
> +# $(OPENSSL_PATH)/ssl/ssl_init.c
> +# $(OPENSSL_PATH)/ssl/ssl_lib.c
> +# $(OPENSSL_PATH)/ssl/ssl_mcnf.c
> +# $(OPENSSL_PATH)/ssl/ssl_rsa.c
> +# $(OPENSSL_PATH)/ssl/ssl_sess.c
> +# $(OPENSSL_PATH)/ssl/ssl_stat.c
> +# $(OPENSSL_PATH)/ssl/ssl_txt.c
> +# $(OPENSSL_PATH)/ssl/ssl_utst.c
> +# $(OPENSSL_PATH)/ssl/statem/extensions.c
> +# $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c
> +# $(OPENSSL_PATH)/ssl/statem/extensions_cust.c
> +# $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c
> +# $(OPENSSL_PATH)/ssl/statem/statem.c
> +# $(OPENSSL_PATH)/ssl/statem/statem_clnt.c
> +# $(OPENSSL_PATH)/ssl/statem/statem_dtls.c
> +# $(OPENSSL_PATH)/ssl/statem/statem_lib.c
> +# $(OPENSSL_PATH)/ssl/statem/statem_srvr.c
> +# $(OPENSSL_PATH)/ssl/t1_enc.c
> +# $(OPENSSL_PATH)/ssl/t1_lib.c
> +# $(OPENSSL_PATH)/ssl/t1_trce.c
> +# $(OPENSSL_PATH)/ssl/tls13_enc.c
> +# $(OPENSSL_PATH)/ssl/tls_srp.c
> +# $(OPENSSL_PATH)/ssl/packet_local.h
> +# $(OPENSSL_PATH)/ssl/ssl_cert_table.h
> +# $(OPENSSL_PATH)/ssl/ssl_local.h
> +# $(OPENSSL_PATH)/ssl/record/record.h
> +# $(OPENSSL_PATH)/ssl/record/record_local.h
> +# $(OPENSSL_PATH)/ssl/statem/statem.h
> +# $(OPENSSL_PATH)/ssl/statem/statem_local.h
> # Autogenerated files list ends here
> buildinf.h
> ossl_store.c
> @@ -586,15 +642,13 @@ [LibraryClasses]
> [LibraryClasses.ARM]
> ArmSoftFloatLib
>
> -[FixedPcd]
> - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
> -
> [BuildOptions]
> #
> # Disables the following Visual Studio compiler warnings brought by
> openssl source,
> # so we do not break the build with /WX option:
> # C4090: 'function' : different 'const' qualifiers
> # C4132: 'object' : const object should be initialized (tls13_enc.c)
> + # C4210: nonstandard extension used: function given file scope
> # C4244: conversion from type1 to type2, possible loss of data
> # C4245: conversion from type1 to type2, signed/unsigned mismatch
> # C4267: conversion from size_t to type, possible loss of data
> @@ -606,11 +660,11 @@ [BuildOptions]
> # C4706: assignment within conditional expression
> # C4819: The file contains a character that cannot be represented in the
> current code page
> #
> - MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702
> /wd4706 /wd4819
> - MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389
> /wd4702 /wd4706 /wd4819
> + MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
> + MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
>
> - INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> $(OPENSSL_FLAGS) /w
> - INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> $(OPENSSL_FLAGS) /w
> + INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> + INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
>
> #
> # Suppress the following build warnings in openssl so we don't break the
> build with -Werror
> @@ -619,10 +673,10 @@ [BuildOptions]
> # types appropriate to the format string specified.
> # -Werror=unused-but-set-variable: Warn whenever a local variable is
> assigned to, but otherwise unused (aside from its declaration).
> #
> - GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-
> error=maybe-uninitialized -Wno-error=unused-but-set-variable
> - GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-
> error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-
> but-set-variable -DNO_MSABI_VA_FUNCS
> + GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-
> set-variable
> + GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -
> Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
> GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> -Wno-error=unused-but-set-variable
> - GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> -Wno-format -Wno-error=unused-but-set-variable
> + GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> -Wno-format -Wno-error=unused-but-set-variable -Wno-error=format
> GCC:*_*_RISCV64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> -Wno-format -Wno-error=unused-but-set-variable
> GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> @@ -647,8 +701,8 @@ [BuildOptions]
> # 1: ignore "#1-D: last line of file ends without a newline"
> # 3017: <entity> may be used before being set (NOTE: This was fixed in
> OpenSSL 1.1 HEAD with
> # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be
> dropped then.)
> - XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> -w -std=c99 -Wno-error=uninitialized
> - XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> -w -std=c99 -Wno-error=uninitialized
> + XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> + XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
>
> #
> # AARCH64 uses strict alignment and avoids SIMD registers for code that
> may execute
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni
> b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni
> index d3f12e178cae..462ccf4355f7 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni
> @@ -1,7 +1,6 @@
> // /** @file
> -// This module provides openSSL Library implementation (libcrypto only, no
> libssl).
> -//
> -// This module provides OpenSSL Library implementation (libcrypto only, no
> libssl).
> +// This module provides OpenSSL Library implementation (libcrypto only, no
> +// libssl or ecc).
> //
> // Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
> //
> @@ -9,8 +8,6 @@
> //
> // **/
>
> +#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library
> implementation (libcrypto only, no libssl or ecc)"
>
> -#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library
> implementation (libcrypto only, no libssl)"
> -
> -#string STR_MODULE_DESCRIPTION #language en-US "This module
> provides OpenSSL Library implementation (libcrypto only, no libssl)."
> -
> +#string STR_MODULE_DESCRIPTION #language en-US "This module
> provides OpenSSL Library implementation (libcrypto only, no libssl or ecc)."
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
> similarity index 80%
> copy from CryptoPkg/Library/OpensslLib/OpensslLib.inf
> copy to CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
> index c899b811b149..1b5d9fa42405 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
> @@ -1,5 +1,11 @@
> ## @file
> -# This module provides OpenSSL Library implementation.
> +# This module provides OpenSSL Library implementation with ECC and TLS
> +# features.
> +#
> +# This library should be used if a module module needs ECC in TLS, or
> +# asymmetric cryptography services such as X509 certificate or PEM format
> +# data processing. This library increases the size overhead up to ~115 KB
> +# compared to OpensslLib.inf library instance.
> #
> # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
> # (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> @@ -9,20 +15,24 @@
>
> [Defines]
> INF_VERSION = 0x00010005
> - BASE_NAME = OpensslLib
> - MODULE_UNI_FILE = OpensslLib.uni
> - FILE_GUID = C873A7D0-9824-409f-9B42-2C158B992E69
> + BASE_NAME = OpensslLibFull
> + MODULE_UNI_FILE = OpensslLibFull.uni
> + FILE_GUID = AB9E2231-D8FC-433F-9F27-FA293B64FB2C
> MODULE_TYPE = BASE
> VERSION_STRING = 1.0
> LIBRARY_CLASS = OpensslLib
> + CONSTRUCTOR = OpensslLibConstructor
> +
> DEFINE OPENSSL_PATH = openssl
> DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM
> + DEFINE OPENSSL_FLAGS_CONFIG =
>
> #
> # VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
> #
>
> [Sources]
> + OpensslLibConstructor.c
> $(OPENSSL_PATH)/e_os.h
> $(OPENSSL_PATH)/ms/uplink.h
> # Autogenerated files list starts here
> @@ -199,43 +209,43 @@ [Sources]
> $(OPENSSL_PATH)/crypto/dso/dso_vms.c
> $(OPENSSL_PATH)/crypto/dso/dso_win32.c
> $(OPENSSL_PATH)/crypto/ebcdic.c
> - $(OPENSSL_PATH)/crypto/ec/curve25519.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_check.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_err.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_key.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_print.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> + $(OPENSSL_PATH)/crypto/ec/curve25519.c
> + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> + $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> + $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> + $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> + $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> + $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> + $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> + $(OPENSSL_PATH)/crypto/ec/ec_check.c
> + $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> + $(OPENSSL_PATH)/crypto/ec/ec_err.c
> + $(OPENSSL_PATH)/crypto/ec/ec_key.c
> + $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> + $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> + $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> + $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> + $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> + $(OPENSSL_PATH)/crypto/ec/ec_print.c
> + $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> + $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> + $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> + $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> + $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> + $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> + $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> + $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> + $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> + $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> + $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> + $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> $(OPENSSL_PATH)/crypto/err/err.c
> $(OPENSSL_PATH)/crypto/err/err_prn.c
> $(OPENSSL_PATH)/crypto/evp/bio_b64.c
> @@ -421,10 +431,10 @@ [Sources]
> $(OPENSSL_PATH)/crypto/siphash/siphash.c
> $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
> $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
> - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> + $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> + $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> + $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> + $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
> $(OPENSSL_PATH)/crypto/sm3/sm3.c
> $(OPENSSL_PATH)/crypto/sm4/sm4.c
> @@ -537,15 +547,15 @@ [Sources]
> $(OPENSSL_PATH)/crypto/conf/conf_local.h
> $(OPENSSL_PATH)/crypto/dh/dh_local.h
> $(OPENSSL_PATH)/crypto/dso/dso_local.h
> - $(OPENSSL_PATH)/crypto/ec/ec_local.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> + $(OPENSSL_PATH)/crypto/ec/ec_local.h
> + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> + $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> + $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> + $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> + $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> + $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> $(OPENSSL_PATH)/crypto/evp/evp_local.h
> $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> @@ -637,15 +647,13 @@ [LibraryClasses]
> [LibraryClasses.ARM]
> ArmSoftFloatLib
>
> -[FixedPcd]
> - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
> -
> [BuildOptions]
> #
> # Disables the following Visual Studio compiler warnings brought by
> openssl source,
> # so we do not break the build with /WX option:
> # C4090: 'function' : different 'const' qualifiers
> # C4132: 'object' : const object should be initialized (tls13_enc.c)
> + # C4210: nonstandard extension used: function given file scope
> # C4244: conversion from type1 to type2, possible loss of data
> # C4245: conversion from type1 to type2, signed/unsigned mismatch
> # C4267: conversion from size_t to type, possible loss of data
> @@ -657,11 +665,11 @@ [BuildOptions]
> # C4706: assignment within conditional expression
> # C4819: The file contains a character that cannot be represented in the
> current code page
> #
> - MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702
> /wd4706 /wd4819
> - MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389
> /wd4702 /wd4706 /wd4819
> + MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
> + MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
>
> - INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> $(OPENSSL_FLAGS) /w
> - INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> $(OPENSSL_FLAGS) /w
> + INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> + INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
>
> #
> # Suppress the following build warnings in openssl so we don't break the
> build with -Werror
> @@ -670,10 +678,10 @@ [BuildOptions]
> # types appropriate to the format string specified.
> # -Werror=unused-but-set-variable: Warn whenever a local variable is
> assigned to, but otherwise unused (aside from its declaration).
> #
> - GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-
> error=maybe-uninitialized -Wno-error=unused-but-set-variable
> - GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-
> error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-
> but-set-variable -DNO_MSABI_VA_FUNCS
> + GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-
> set-variable
> + GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -
> Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
> GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> -Wno-error=unused-but-set-variable
> - GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> -Wno-format -Wno-error=unused-but-set-variable
> + GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> -Wno-format -Wno-error=unused-but-set-variable -Wno-error=format
> GCC:*_*_RISCV64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> -Wno-format -Wno-error=unused-but-set-variable
> GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> @@ -698,8 +706,8 @@ [BuildOptions]
> # 1: ignore "#1-D: last line of file ends without a newline"
> # 3017: <entity> may be used before being set (NOTE: This was fixed in
> OpenSSL 1.1 HEAD with
> # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be
> dropped then.)
> - XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> -w -std=c99 -Wno-error=uninitialized
> - XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> -w -std=c99 -Wno-error=uninitialized
> + XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> + XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
>
> #
> # AARCH64 uses strict alignment and avoids SIMD registers for code that
> may execute
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.uni
> b/CryptoPkg/Library/OpensslLib/OpensslLibFull.uni
> similarity index 56%
> copy from CryptoPkg/Library/OpensslLib/OpensslLib.uni
> copy to CryptoPkg/Library/OpensslLib/OpensslLibFull.uni
> index abaff8a3c37f..ec50adba9f83 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.uni
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.uni
> @@ -1,7 +1,5 @@
> // /** @file
> -// This module provides openSSL Library implementation.
> -//
> -// This module provides OpenSSL Library implementation.
> +// This module provides OpenSSL Library implementation with TLS and ECC
> features.
> //
> // Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
> //
> @@ -9,8 +7,6 @@
> //
> // **/
>
> +#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library
> implementation with TLS and ECC features"
>
> -#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library
> implementation"
> -
> -#string STR_MODULE_DESCRIPTION #language en-US "This module
> provides OpenSSL Library implementation."
> -
> +#string STR_MODULE_DESCRIPTION #language en-US "This module
> provides OpenSSL Library implementation with TLS and ECC features."
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
> similarity index 79%
> rename from CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf
> rename to CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
> index 150a82ec7af1..3c7b33f1e512 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
> @@ -1,5 +1,12 @@
> ## @file
> -# This module provides OpenSSL Library implementation.
> +# This module provides OpenSSL Library implementation with ECC and TLS
> +# features along with performance optimized implementations of SHA1,
> +# SHA256, SHA512 AESNI, VPAED, and GHASH for IA32 and X64.
> +#
> +# This library should be used if a module module needs ECC in TLS, or
> +# asymmetric cryptography services such as X509 certificate or PEM format
> +# data processing. This library increases the size overhead up to ~115 KB
> +# compared to OpensslLibAccel.inf library instance.
> #
> # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
> # (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> @@ -9,33 +16,27 @@
>
> [Defines]
> INF_VERSION = 0x00010005
> - BASE_NAME = OpensslLibIa32Gcc
> - MODULE_UNI_FILE = OpensslLib.uni
> - FILE_GUID = B1B32F26-A4E1-4D38-9E34-53A148B8EB11
> + BASE_NAME = OpensslLibFullAccel
> + MODULE_UNI_FILE = OpensslLibFullAccel.uni
> + FILE_GUID = AC649FB2-ADCF-450A-9C61-ED3CAFF12864
> MODULE_TYPE = BASE
> VERSION_STRING = 1.0
> LIBRARY_CLASS = OpensslLib
> + CONSTRUCTOR = OpensslLibConstructor
> +
> DEFINE OPENSSL_PATH = openssl
> DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
> DEFINE OPENSSL_FLAGS_CONFIG = -DOPENSSL_CPUID_OBJ -DSHA1_ASM -
> DSHA256_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
> - CONSTRUCTOR = OpensslLibConstructor
>
> #
> -# VALID_ARCHITECTURES = IA32
> +# VALID_ARCHITECTURES = IA32 X64
> #
>
> -[Sources.IA32]
> +[Sources]
> OpensslLibConstructor.c
> $(OPENSSL_PATH)/e_os.h
> $(OPENSSL_PATH)/ms/uplink.h
> # Autogenerated files list starts here
> - IA32Gcc/crypto/aes/aesni-x86.S
> - IA32Gcc/crypto/aes/vpaes-x86.S
> - IA32Gcc/crypto/modes/ghash-x86.S
> - IA32Gcc/crypto/sha/sha1-586.S
> - IA32Gcc/crypto/sha/sha256-586.S
> - IA32Gcc/crypto/sha/sha512-586.S
> - IA32Gcc/crypto/x86cpuid.S
> $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
> $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
> $(OPENSSL_PATH)/crypto/aes/aes_core.c
> @@ -209,43 +210,43 @@ [Sources.IA32]
> $(OPENSSL_PATH)/crypto/dso/dso_vms.c
> $(OPENSSL_PATH)/crypto/dso/dso_win32.c
> $(OPENSSL_PATH)/crypto/ebcdic.c
> - $(OPENSSL_PATH)/crypto/ec/curve25519.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_check.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_err.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_key.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_print.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> + $(OPENSSL_PATH)/crypto/ec/curve25519.c
> + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> + $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> + $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> + $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> + $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> + $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> + $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> + $(OPENSSL_PATH)/crypto/ec/ec_check.c
> + $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> + $(OPENSSL_PATH)/crypto/ec/ec_err.c
> + $(OPENSSL_PATH)/crypto/ec/ec_key.c
> + $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> + $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> + $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> + $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> + $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> + $(OPENSSL_PATH)/crypto/ec/ec_print.c
> + $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> + $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> + $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> + $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> + $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> + $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> + $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> + $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> + $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> + $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> + $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> + $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> $(OPENSSL_PATH)/crypto/err/err.c
> $(OPENSSL_PATH)/crypto/err/err_prn.c
> $(OPENSSL_PATH)/crypto/evp/bio_b64.c
> @@ -324,6 +325,7 @@ [Sources.IA32]
> $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
> $(OPENSSL_PATH)/crypto/md5/md5_one.c
> $(OPENSSL_PATH)/crypto/mem.c
> +# $(OPENSSL_PATH)/crypto/mem_clr.c # Replaced by assembly optimized
> NASM/S files
> $(OPENSSL_PATH)/crypto/mem_dbg.c
> $(OPENSSL_PATH)/crypto/mem_sec.c
> $(OPENSSL_PATH)/crypto/modes/cbc128.c
> @@ -430,10 +432,10 @@ [Sources.IA32]
> $(OPENSSL_PATH)/crypto/siphash/siphash.c
> $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
> $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
> - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> + $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> + $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> + $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> + $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
> $(OPENSSL_PATH)/crypto/sm3/sm3.c
> $(OPENSSL_PATH)/crypto/sm4/sm4.c
> @@ -546,15 +548,15 @@ [Sources.IA32]
> $(OPENSSL_PATH)/crypto/conf/conf_local.h
> $(OPENSSL_PATH)/crypto/dh/dh_local.h
> $(OPENSSL_PATH)/crypto/dso/dso_local.h
> - $(OPENSSL_PATH)/crypto/ec/ec_local.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> + $(OPENSSL_PATH)/crypto/ec/ec_local.h
> + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> + $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> + $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> + $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> + $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> + $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> $(OPENSSL_PATH)/crypto/evp/evp_local.h
> $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> @@ -633,6 +635,53 @@ [Sources.IA32]
> ossl_store.c
> rand_pool.c
>
> +[Sources.IA32]
> + IA32/crypto/aes/aesni-x86.nasm | MSFT
> + IA32/crypto/aes/vpaes-x86.nasm | MSFT
> + IA32/crypto/modes/ghash-x86.nasm | MSFT
> + IA32/crypto/sha/sha1-586.nasm | MSFT
> + IA32/crypto/sha/sha256-586.nasm | MSFT
> + IA32/crypto/sha/sha512-586.nasm | MSFT
> + IA32/crypto/x86cpuid.nasm | MSFT
> +
> + IA32Gcc/crypto/aes/aesni-x86.S | GCC
> + IA32Gcc/crypto/aes/vpaes-x86.S | GCC
> + IA32Gcc/crypto/modes/ghash-x86.S | GCC
> + IA32Gcc/crypto/sha/sha1-586.S | GCC
> + IA32Gcc/crypto/sha/sha256-586.S | GCC
> + IA32Gcc/crypto/sha/sha512-586.S | GCC
> + IA32Gcc/crypto/x86cpuid.S | GCC
> +
> +[Sources.X64]
> + X64/ApiHooks.c
> + X64/crypto/aes/aesni-mb-x86_64.nasm | MSFT
> + X64/crypto/aes/aesni-sha1-x86_64.nasm | MSFT
> + X64/crypto/aes/aesni-sha256-x86_64.nasm | MSFT
> + X64/crypto/aes/aesni-x86_64.nasm | MSFT
> + X64/crypto/aes/vpaes-x86_64.nasm | MSFT
> + X64/crypto/modes/aesni-gcm-x86_64.nasm | MSFT
> + X64/crypto/modes/ghash-x86_64.nasm | MSFT
> + X64/crypto/sha/sha1-mb-x86_64.nasm | MSFT
> + X64/crypto/sha/sha1-x86_64.nasm | MSFT
> + X64/crypto/sha/sha256-mb-x86_64.nasm | MSFT
> + X64/crypto/sha/sha256-x86_64.nasm | MSFT
> + X64/crypto/sha/sha512-x86_64.nasm | MSFT
> + X64/crypto/x86_64cpuid.nasm | MSFT
> +
> + X64Gcc/crypto/aes/aesni-mb-x86_64.S | GCC
> + X64Gcc/crypto/aes/aesni-sha1-x86_64.S | GCC
> + X64Gcc/crypto/aes/aesni-sha256-x86_64.S | GCC
> + X64Gcc/crypto/aes/aesni-x86_64.S | GCC
> + X64Gcc/crypto/aes/vpaes-x86_64.S | GCC
> + X64Gcc/crypto/modes/aesni-gcm-x86_64.S | GCC
> + X64Gcc/crypto/modes/ghash-x86_64.S | GCC
> + X64Gcc/crypto/sha/sha1-mb-x86_64.S | GCC
> + X64Gcc/crypto/sha/sha1-x86_64.S | GCC
> + X64Gcc/crypto/sha/sha256-mb-x86_64.S | GCC
> + X64Gcc/crypto/sha/sha256-x86_64.S | GCC
> + X64Gcc/crypto/sha/sha512-x86_64.S | GCC
> + X64Gcc/crypto/x86_64cpuid.S | GCC
> +
> [Packages]
> MdePkg/MdePkg.dec
> CryptoPkg/CryptoPkg.dec
> @@ -643,9 +692,6 @@ [LibraryClasses]
> RngLib
> PrintLib
>
> -[FixedPcd]
> - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
> -
> [BuildOptions]
> #
> # Disables the following Visual Studio compiler warnings brought by
> openssl source,
> @@ -665,8 +711,10 @@ [BuildOptions]
> # C4819: The file contains a character that cannot be represented in the
> current code page
> #
> MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
> + MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
>
> INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> + INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
>
> #
> # Suppress the following build warnings in openssl so we don't break the
> build with -Werror
> @@ -675,7 +723,11 @@ [BuildOptions]
> # types appropriate to the format string specified.
> # -Werror=unused-but-set-variable: Warn whenever a local variable is
> assigned to, but otherwise unused (aside from its declaration).
> #
> - GCC:*_*_IA32_CC_FLAGS = -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-
> set-variable
> + GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-
> set-variable
> + GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -
> Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
> + GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> + GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> + GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized -Wno-
> error=incompatible-pointer-types -Wno-error=pointer-sign -Wno-error=implicit-
> function-declaration -Wno-error=ignored-pragma-optimize
>
> # suppress the following warnings in openssl so we don't break the build
> with warnings-as-errors:
> # 1295: Deprecated declaration <entity> - give arg types
> @@ -697,3 +749,4 @@ [BuildOptions]
> # 3017: <entity> may be used before being set (NOTE: This was fixed in
> OpenSSL 1.1 HEAD with
> # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be
> dropped then.)
> XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> + XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> new file mode 100644
> index 000000000000..b8453b6c902e
> --- /dev/null
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> @@ -0,0 +1,14 @@
> +// /** @file
> +// This module provides openSSL Library implementation with ECC and TLS
> +// features along with performance optimized implementations of SHA1,
> +// SHA256, SHA512 AESNI, VPAED, and GHASH for IA32 and X64.
> +//
> +// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
> +//
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
> +//
> +// **/
> +
> +#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library
> implementation with TLS and ECC features and performance optimizations"
> +
> +#string STR_MODULE_DESCRIPTION #language en-US "This module
> provides OpenSSL Library implementation with TLS and ECC features and
> performance optimizations."
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> deleted file mode 100644
> index 5e92ba0844d5..000000000000
> --- a/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> +++ /dev/null
> @@ -1,706 +0,0 @@
> -## @file
> -# This module provides OpenSSL Library implementation.
> -#
> -# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
> -# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> -# SPDX-License-Identifier: BSD-2-Clause-Patent
> -#
> -##
> -
> -[Defines]
> - INF_VERSION = 0x00010005
> - BASE_NAME = OpensslLibX64
> - MODULE_UNI_FILE = OpensslLib.uni
> - FILE_GUID = 18125E50-0117-4DD0-BE54-4784AD995FEF
> - MODULE_TYPE = BASE
> - VERSION_STRING = 1.0
> - LIBRARY_CLASS = OpensslLib
> - DEFINE OPENSSL_PATH = openssl
> - DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
> - DEFINE OPENSSL_FLAGS_CONFIG = -DOPENSSL_CPUID_OBJ -DSHA1_ASM -
> DSHA256_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
> - CONSTRUCTOR = OpensslLibConstructor
> -
> -#
> -# VALID_ARCHITECTURES = X64
> -#
> -
> -[Sources.X64]
> - OpensslLibConstructor.c
> - $(OPENSSL_PATH)/e_os.h
> - $(OPENSSL_PATH)/ms/uplink.h
> -# Autogenerated files list starts here
> - X64/crypto/aes/aesni-mb-x86_64.nasm
> - X64/crypto/aes/aesni-sha1-x86_64.nasm
> - X64/crypto/aes/aesni-sha256-x86_64.nasm
> - X64/crypto/aes/aesni-x86_64.nasm
> - X64/crypto/aes/vpaes-x86_64.nasm
> - X64/crypto/modes/aesni-gcm-x86_64.nasm
> - X64/crypto/modes/ghash-x86_64.nasm
> - X64/crypto/sha/sha1-mb-x86_64.nasm
> - X64/crypto/sha/sha1-x86_64.nasm
> - X64/crypto/sha/sha256-mb-x86_64.nasm
> - X64/crypto/sha/sha256-x86_64.nasm
> - X64/crypto/sha/sha512-x86_64.nasm
> - X64/crypto/x86_64cpuid.nasm
> - $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
> - $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
> - $(OPENSSL_PATH)/crypto/aes/aes_core.c
> - $(OPENSSL_PATH)/crypto/aes/aes_ige.c
> - $(OPENSSL_PATH)/crypto/aes/aes_misc.c
> - $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
> - $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
> - $(OPENSSL_PATH)/crypto/aria/aria.c
> - $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
> - $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
> - $(OPENSSL_PATH)/crypto/asn1/a_digest.c
> - $(OPENSSL_PATH)/crypto/asn1/a_dup.c
> - $(OPENSSL_PATH)/crypto/asn1/a_gentm.c
> - $(OPENSSL_PATH)/crypto/asn1/a_i2d_fp.c
> - $(OPENSSL_PATH)/crypto/asn1/a_int.c
> - $(OPENSSL_PATH)/crypto/asn1/a_mbstr.c
> - $(OPENSSL_PATH)/crypto/asn1/a_object.c
> - $(OPENSSL_PATH)/crypto/asn1/a_octet.c
> - $(OPENSSL_PATH)/crypto/asn1/a_print.c
> - $(OPENSSL_PATH)/crypto/asn1/a_sign.c
> - $(OPENSSL_PATH)/crypto/asn1/a_strex.c
> - $(OPENSSL_PATH)/crypto/asn1/a_strnid.c
> - $(OPENSSL_PATH)/crypto/asn1/a_time.c
> - $(OPENSSL_PATH)/crypto/asn1/a_type.c
> - $(OPENSSL_PATH)/crypto/asn1/a_utctm.c
> - $(OPENSSL_PATH)/crypto/asn1/a_utf8.c
> - $(OPENSSL_PATH)/crypto/asn1/a_verify.c
> - $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c
> - $(OPENSSL_PATH)/crypto/asn1/asn1_err.c
> - $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c
> - $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.c
> - $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c
> - $(OPENSSL_PATH)/crypto/asn1/asn1_par.c
> - $(OPENSSL_PATH)/crypto/asn1/asn_mime.c
> - $(OPENSSL_PATH)/crypto/asn1/asn_moid.c
> - $(OPENSSL_PATH)/crypto/asn1/asn_mstbl.c
> - $(OPENSSL_PATH)/crypto/asn1/asn_pack.c
> - $(OPENSSL_PATH)/crypto/asn1/bio_asn1.c
> - $(OPENSSL_PATH)/crypto/asn1/bio_ndef.c
> - $(OPENSSL_PATH)/crypto/asn1/d2i_pr.c
> - $(OPENSSL_PATH)/crypto/asn1/d2i_pu.c
> - $(OPENSSL_PATH)/crypto/asn1/evp_asn1.c
> - $(OPENSSL_PATH)/crypto/asn1/f_int.c
> - $(OPENSSL_PATH)/crypto/asn1/f_string.c
> - $(OPENSSL_PATH)/crypto/asn1/i2d_pr.c
> - $(OPENSSL_PATH)/crypto/asn1/i2d_pu.c
> - $(OPENSSL_PATH)/crypto/asn1/n_pkey.c
> - $(OPENSSL_PATH)/crypto/asn1/nsseq.c
> - $(OPENSSL_PATH)/crypto/asn1/p5_pbe.c
> - $(OPENSSL_PATH)/crypto/asn1/p5_pbev2.c
> - $(OPENSSL_PATH)/crypto/asn1/p5_scrypt.c
> - $(OPENSSL_PATH)/crypto/asn1/p8_pkey.c
> - $(OPENSSL_PATH)/crypto/asn1/t_bitst.c
> - $(OPENSSL_PATH)/crypto/asn1/t_pkey.c
> - $(OPENSSL_PATH)/crypto/asn1/t_spki.c
> - $(OPENSSL_PATH)/crypto/asn1/tasn_dec.c
> - $(OPENSSL_PATH)/crypto/asn1/tasn_enc.c
> - $(OPENSSL_PATH)/crypto/asn1/tasn_fre.c
> - $(OPENSSL_PATH)/crypto/asn1/tasn_new.c
> - $(OPENSSL_PATH)/crypto/asn1/tasn_prn.c
> - $(OPENSSL_PATH)/crypto/asn1/tasn_scn.c
> - $(OPENSSL_PATH)/crypto/asn1/tasn_typ.c
> - $(OPENSSL_PATH)/crypto/asn1/tasn_utl.c
> - $(OPENSSL_PATH)/crypto/asn1/x_algor.c
> - $(OPENSSL_PATH)/crypto/asn1/x_bignum.c
> - $(OPENSSL_PATH)/crypto/asn1/x_info.c
> - $(OPENSSL_PATH)/crypto/asn1/x_int64.c
> - $(OPENSSL_PATH)/crypto/asn1/x_long.c
> - $(OPENSSL_PATH)/crypto/asn1/x_pkey.c
> - $(OPENSSL_PATH)/crypto/asn1/x_sig.c
> - $(OPENSSL_PATH)/crypto/asn1/x_spki.c
> - $(OPENSSL_PATH)/crypto/asn1/x_val.c
> - $(OPENSSL_PATH)/crypto/async/arch/async_null.c
> - $(OPENSSL_PATH)/crypto/async/arch/async_posix.c
> - $(OPENSSL_PATH)/crypto/async/arch/async_win.c
> - $(OPENSSL_PATH)/crypto/async/async.c
> - $(OPENSSL_PATH)/crypto/async/async_err.c
> - $(OPENSSL_PATH)/crypto/async/async_wait.c
> - $(OPENSSL_PATH)/crypto/bio/b_addr.c
> - $(OPENSSL_PATH)/crypto/bio/b_dump.c
> - $(OPENSSL_PATH)/crypto/bio/b_sock.c
> - $(OPENSSL_PATH)/crypto/bio/b_sock2.c
> - $(OPENSSL_PATH)/crypto/bio/bf_buff.c
> - $(OPENSSL_PATH)/crypto/bio/bf_lbuf.c
> - $(OPENSSL_PATH)/crypto/bio/bf_nbio.c
> - $(OPENSSL_PATH)/crypto/bio/bf_null.c
> - $(OPENSSL_PATH)/crypto/bio/bio_cb.c
> - $(OPENSSL_PATH)/crypto/bio/bio_err.c
> - $(OPENSSL_PATH)/crypto/bio/bio_lib.c
> - $(OPENSSL_PATH)/crypto/bio/bio_meth.c
> - $(OPENSSL_PATH)/crypto/bio/bss_acpt.c
> - $(OPENSSL_PATH)/crypto/bio/bss_bio.c
> - $(OPENSSL_PATH)/crypto/bio/bss_conn.c
> - $(OPENSSL_PATH)/crypto/bio/bss_dgram.c
> - $(OPENSSL_PATH)/crypto/bio/bss_fd.c
> - $(OPENSSL_PATH)/crypto/bio/bss_file.c
> - $(OPENSSL_PATH)/crypto/bio/bss_log.c
> - $(OPENSSL_PATH)/crypto/bio/bss_mem.c
> - $(OPENSSL_PATH)/crypto/bio/bss_null.c
> - $(OPENSSL_PATH)/crypto/bio/bss_sock.c
> - $(OPENSSL_PATH)/crypto/bn/bn_add.c
> - $(OPENSSL_PATH)/crypto/bn/bn_asm.c
> - $(OPENSSL_PATH)/crypto/bn/bn_blind.c
> - $(OPENSSL_PATH)/crypto/bn/bn_const.c
> - $(OPENSSL_PATH)/crypto/bn/bn_ctx.c
> - $(OPENSSL_PATH)/crypto/bn/bn_depr.c
> - $(OPENSSL_PATH)/crypto/bn/bn_dh.c
> - $(OPENSSL_PATH)/crypto/bn/bn_div.c
> - $(OPENSSL_PATH)/crypto/bn/bn_err.c
> - $(OPENSSL_PATH)/crypto/bn/bn_exp.c
> - $(OPENSSL_PATH)/crypto/bn/bn_exp2.c
> - $(OPENSSL_PATH)/crypto/bn/bn_gcd.c
> - $(OPENSSL_PATH)/crypto/bn/bn_gf2m.c
> - $(OPENSSL_PATH)/crypto/bn/bn_intern.c
> - $(OPENSSL_PATH)/crypto/bn/bn_kron.c
> - $(OPENSSL_PATH)/crypto/bn/bn_lib.c
> - $(OPENSSL_PATH)/crypto/bn/bn_mod.c
> - $(OPENSSL_PATH)/crypto/bn/bn_mont.c
> - $(OPENSSL_PATH)/crypto/bn/bn_mpi.c
> - $(OPENSSL_PATH)/crypto/bn/bn_mul.c
> - $(OPENSSL_PATH)/crypto/bn/bn_nist.c
> - $(OPENSSL_PATH)/crypto/bn/bn_prime.c
> - $(OPENSSL_PATH)/crypto/bn/bn_print.c
> - $(OPENSSL_PATH)/crypto/bn/bn_rand.c
> - $(OPENSSL_PATH)/crypto/bn/bn_recp.c
> - $(OPENSSL_PATH)/crypto/bn/bn_shift.c
> - $(OPENSSL_PATH)/crypto/bn/bn_sqr.c
> - $(OPENSSL_PATH)/crypto/bn/bn_sqrt.c
> - $(OPENSSL_PATH)/crypto/bn/bn_srp.c
> - $(OPENSSL_PATH)/crypto/bn/bn_word.c
> - $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
> - $(OPENSSL_PATH)/crypto/buffer/buf_err.c
> - $(OPENSSL_PATH)/crypto/buffer/buffer.c
> - $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
> - $(OPENSSL_PATH)/crypto/cmac/cm_pmeth.c
> - $(OPENSSL_PATH)/crypto/cmac/cmac.c
> - $(OPENSSL_PATH)/crypto/comp/c_zlib.c
> - $(OPENSSL_PATH)/crypto/comp/comp_err.c
> - $(OPENSSL_PATH)/crypto/comp/comp_lib.c
> - $(OPENSSL_PATH)/crypto/conf/conf_api.c
> - $(OPENSSL_PATH)/crypto/conf/conf_def.c
> - $(OPENSSL_PATH)/crypto/conf/conf_err.c
> - $(OPENSSL_PATH)/crypto/conf/conf_lib.c
> - $(OPENSSL_PATH)/crypto/conf/conf_mall.c
> - $(OPENSSL_PATH)/crypto/conf/conf_mod.c
> - $(OPENSSL_PATH)/crypto/conf/conf_sap.c
> - $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
> - $(OPENSSL_PATH)/crypto/cpt_err.c
> - $(OPENSSL_PATH)/crypto/cryptlib.c
> - $(OPENSSL_PATH)/crypto/ctype.c
> - $(OPENSSL_PATH)/crypto/cversion.c
> - $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
> - $(OPENSSL_PATH)/crypto/dh/dh_asn1.c
> - $(OPENSSL_PATH)/crypto/dh/dh_check.c
> - $(OPENSSL_PATH)/crypto/dh/dh_depr.c
> - $(OPENSSL_PATH)/crypto/dh/dh_err.c
> - $(OPENSSL_PATH)/crypto/dh/dh_gen.c
> - $(OPENSSL_PATH)/crypto/dh/dh_kdf.c
> - $(OPENSSL_PATH)/crypto/dh/dh_key.c
> - $(OPENSSL_PATH)/crypto/dh/dh_lib.c
> - $(OPENSSL_PATH)/crypto/dh/dh_meth.c
> - $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c
> - $(OPENSSL_PATH)/crypto/dh/dh_prn.c
> - $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
> - $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
> - $(OPENSSL_PATH)/crypto/dso/dso_dl.c
> - $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
> - $(OPENSSL_PATH)/crypto/dso/dso_err.c
> - $(OPENSSL_PATH)/crypto/dso/dso_lib.c
> - $(OPENSSL_PATH)/crypto/dso/dso_openssl.c
> - $(OPENSSL_PATH)/crypto/dso/dso_vms.c
> - $(OPENSSL_PATH)/crypto/dso/dso_win32.c
> - $(OPENSSL_PATH)/crypto/ebcdic.c
> - $(OPENSSL_PATH)/crypto/ec/curve25519.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_check.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_err.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_key.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_print.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/err/err.c
> - $(OPENSSL_PATH)/crypto/err/err_prn.c
> - $(OPENSSL_PATH)/crypto/evp/bio_b64.c
> - $(OPENSSL_PATH)/crypto/evp/bio_enc.c
> - $(OPENSSL_PATH)/crypto/evp/bio_md.c
> - $(OPENSSL_PATH)/crypto/evp/bio_ok.c
> - $(OPENSSL_PATH)/crypto/evp/c_allc.c
> - $(OPENSSL_PATH)/crypto/evp/c_alld.c
> - $(OPENSSL_PATH)/crypto/evp/cmeth_lib.c
> - $(OPENSSL_PATH)/crypto/evp/digest.c
> - $(OPENSSL_PATH)/crypto/evp/e_aes.c
> - $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c
> - $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c
> - $(OPENSSL_PATH)/crypto/evp/e_aria.c
> - $(OPENSSL_PATH)/crypto/evp/e_bf.c
> - $(OPENSSL_PATH)/crypto/evp/e_camellia.c
> - $(OPENSSL_PATH)/crypto/evp/e_cast.c
> - $(OPENSSL_PATH)/crypto/evp/e_chacha20_poly1305.c
> - $(OPENSSL_PATH)/crypto/evp/e_des.c
> - $(OPENSSL_PATH)/crypto/evp/e_des3.c
> - $(OPENSSL_PATH)/crypto/evp/e_idea.c
> - $(OPENSSL_PATH)/crypto/evp/e_null.c
> - $(OPENSSL_PATH)/crypto/evp/e_old.c
> - $(OPENSSL_PATH)/crypto/evp/e_rc2.c
> - $(OPENSSL_PATH)/crypto/evp/e_rc4.c
> - $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c
> - $(OPENSSL_PATH)/crypto/evp/e_rc5.c
> - $(OPENSSL_PATH)/crypto/evp/e_seed.c
> - $(OPENSSL_PATH)/crypto/evp/e_sm4.c
> - $(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c
> - $(OPENSSL_PATH)/crypto/evp/encode.c
> - $(OPENSSL_PATH)/crypto/evp/evp_cnf.c
> - $(OPENSSL_PATH)/crypto/evp/evp_enc.c
> - $(OPENSSL_PATH)/crypto/evp/evp_err.c
> - $(OPENSSL_PATH)/crypto/evp/evp_key.c
> - $(OPENSSL_PATH)/crypto/evp/evp_lib.c
> - $(OPENSSL_PATH)/crypto/evp/evp_pbe.c
> - $(OPENSSL_PATH)/crypto/evp/evp_pkey.c
> - $(OPENSSL_PATH)/crypto/evp/m_md2.c
> - $(OPENSSL_PATH)/crypto/evp/m_md4.c
> - $(OPENSSL_PATH)/crypto/evp/m_md5.c
> - $(OPENSSL_PATH)/crypto/evp/m_md5_sha1.c
> - $(OPENSSL_PATH)/crypto/evp/m_mdc2.c
> - $(OPENSSL_PATH)/crypto/evp/m_null.c
> - $(OPENSSL_PATH)/crypto/evp/m_ripemd.c
> - $(OPENSSL_PATH)/crypto/evp/m_sha1.c
> - $(OPENSSL_PATH)/crypto/evp/m_sha3.c
> - $(OPENSSL_PATH)/crypto/evp/m_sigver.c
> - $(OPENSSL_PATH)/crypto/evp/m_wp.c
> - $(OPENSSL_PATH)/crypto/evp/names.c
> - $(OPENSSL_PATH)/crypto/evp/p5_crpt.c
> - $(OPENSSL_PATH)/crypto/evp/p5_crpt2.c
> - $(OPENSSL_PATH)/crypto/evp/p_dec.c
> - $(OPENSSL_PATH)/crypto/evp/p_enc.c
> - $(OPENSSL_PATH)/crypto/evp/p_lib.c
> - $(OPENSSL_PATH)/crypto/evp/p_open.c
> - $(OPENSSL_PATH)/crypto/evp/p_seal.c
> - $(OPENSSL_PATH)/crypto/evp/p_sign.c
> - $(OPENSSL_PATH)/crypto/evp/p_verify.c
> - $(OPENSSL_PATH)/crypto/evp/pbe_scrypt.c
> - $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
> - $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
> - $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
> - $(OPENSSL_PATH)/crypto/ex_data.c
> - $(OPENSSL_PATH)/crypto/getenv.c
> - $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
> - $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
> - $(OPENSSL_PATH)/crypto/hmac/hmac.c
> - $(OPENSSL_PATH)/crypto/init.c
> - $(OPENSSL_PATH)/crypto/kdf/hkdf.c
> - $(OPENSSL_PATH)/crypto/kdf/kdf_err.c
> - $(OPENSSL_PATH)/crypto/kdf/scrypt.c
> - $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
> - $(OPENSSL_PATH)/crypto/lhash/lh_stats.c
> - $(OPENSSL_PATH)/crypto/lhash/lhash.c
> - $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
> - $(OPENSSL_PATH)/crypto/md5/md5_one.c
> - $(OPENSSL_PATH)/crypto/mem.c
> - $(OPENSSL_PATH)/crypto/mem_dbg.c
> - $(OPENSSL_PATH)/crypto/mem_sec.c
> - $(OPENSSL_PATH)/crypto/modes/cbc128.c
> - $(OPENSSL_PATH)/crypto/modes/ccm128.c
> - $(OPENSSL_PATH)/crypto/modes/cfb128.c
> - $(OPENSSL_PATH)/crypto/modes/ctr128.c
> - $(OPENSSL_PATH)/crypto/modes/cts128.c
> - $(OPENSSL_PATH)/crypto/modes/gcm128.c
> - $(OPENSSL_PATH)/crypto/modes/ocb128.c
> - $(OPENSSL_PATH)/crypto/modes/ofb128.c
> - $(OPENSSL_PATH)/crypto/modes/wrap128.c
> - $(OPENSSL_PATH)/crypto/modes/xts128.c
> - $(OPENSSL_PATH)/crypto/o_dir.c
> - $(OPENSSL_PATH)/crypto/o_fips.c
> - $(OPENSSL_PATH)/crypto/o_fopen.c
> - $(OPENSSL_PATH)/crypto/o_init.c
> - $(OPENSSL_PATH)/crypto/o_str.c
> - $(OPENSSL_PATH)/crypto/o_time.c
> - $(OPENSSL_PATH)/crypto/objects/o_names.c
> - $(OPENSSL_PATH)/crypto/objects/obj_dat.c
> - $(OPENSSL_PATH)/crypto/objects/obj_err.c
> - $(OPENSSL_PATH)/crypto/objects/obj_lib.c
> - $(OPENSSL_PATH)/crypto/objects/obj_xref.c
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
> - $(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
> - $(OPENSSL_PATH)/crypto/pem/pem_all.c
> - $(OPENSSL_PATH)/crypto/pem/pem_err.c
> - $(OPENSSL_PATH)/crypto/pem/pem_info.c
> - $(OPENSSL_PATH)/crypto/pem/pem_lib.c
> - $(OPENSSL_PATH)/crypto/pem/pem_oth.c
> - $(OPENSSL_PATH)/crypto/pem/pem_pk8.c
> - $(OPENSSL_PATH)/crypto/pem/pem_pkey.c
> - $(OPENSSL_PATH)/crypto/pem/pem_sign.c
> - $(OPENSSL_PATH)/crypto/pem/pem_x509.c
> - $(OPENSSL_PATH)/crypto/pem/pem_xaux.c
> - $(OPENSSL_PATH)/crypto/pem/pvkfmt.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_add.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_attr.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_crpt.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_crt.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_decr.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_init.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_key.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_kiss.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_mutl.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_npas.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_sbag.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c
> - $(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
> - $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
> - $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
> - $(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
> - $(OPENSSL_PATH)/crypto/pkcs7/pk7_doit.c
> - $(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c
> - $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
> - $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
> - $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
> - $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
> - $(OPENSSL_PATH)/crypto/rand/drbg_lib.c
> - $(OPENSSL_PATH)/crypto/rand/rand_egd.c
> - $(OPENSSL_PATH)/crypto/rand/rand_err.c
> - $(OPENSSL_PATH)/crypto/rand/rand_lib.c
> - $(OPENSSL_PATH)/crypto/rand/rand_unix.c
> - $(OPENSSL_PATH)/crypto/rand/rand_vms.c
> - $(OPENSSL_PATH)/crypto/rand/rand_win.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_crpt.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_depr.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_err.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_meth.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_mp.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_none.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_ossl.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_pmeth.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_prn.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_pss.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_saos.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_sign.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
> - $(OPENSSL_PATH)/crypto/sha/keccak1600.c
> - $(OPENSSL_PATH)/crypto/sha/sha1_one.c
> - $(OPENSSL_PATH)/crypto/sha/sha1dgst.c
> - $(OPENSSL_PATH)/crypto/sha/sha256.c
> - $(OPENSSL_PATH)/crypto/sha/sha512.c
> - $(OPENSSL_PATH)/crypto/siphash/siphash.c
> - $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
> - $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
> - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
> - $(OPENSSL_PATH)/crypto/sm3/sm3.c
> - $(OPENSSL_PATH)/crypto/sm4/sm4.c
> - $(OPENSSL_PATH)/crypto/stack/stack.c
> - $(OPENSSL_PATH)/crypto/threads_none.c
> - $(OPENSSL_PATH)/crypto/threads_pthread.c
> - $(OPENSSL_PATH)/crypto/threads_win.c
> - $(OPENSSL_PATH)/crypto/txt_db/txt_db.c
> - $(OPENSSL_PATH)/crypto/ui/ui_err.c
> - $(OPENSSL_PATH)/crypto/ui/ui_lib.c
> - $(OPENSSL_PATH)/crypto/ui/ui_null.c
> - $(OPENSSL_PATH)/crypto/ui/ui_openssl.c
> - $(OPENSSL_PATH)/crypto/ui/ui_util.c
> - $(OPENSSL_PATH)/crypto/uid.c
> - $(OPENSSL_PATH)/crypto/x509/by_dir.c
> - $(OPENSSL_PATH)/crypto/x509/by_file.c
> - $(OPENSSL_PATH)/crypto/x509/t_crl.c
> - $(OPENSSL_PATH)/crypto/x509/t_req.c
> - $(OPENSSL_PATH)/crypto/x509/t_x509.c
> - $(OPENSSL_PATH)/crypto/x509/x509_att.c
> - $(OPENSSL_PATH)/crypto/x509/x509_cmp.c
> - $(OPENSSL_PATH)/crypto/x509/x509_d2.c
> - $(OPENSSL_PATH)/crypto/x509/x509_def.c
> - $(OPENSSL_PATH)/crypto/x509/x509_err.c
> - $(OPENSSL_PATH)/crypto/x509/x509_ext.c
> - $(OPENSSL_PATH)/crypto/x509/x509_lu.c
> - $(OPENSSL_PATH)/crypto/x509/x509_meth.c
> - $(OPENSSL_PATH)/crypto/x509/x509_obj.c
> - $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
> - $(OPENSSL_PATH)/crypto/x509/x509_req.c
> - $(OPENSSL_PATH)/crypto/x509/x509_set.c
> - $(OPENSSL_PATH)/crypto/x509/x509_trs.c
> - $(OPENSSL_PATH)/crypto/x509/x509_txt.c
> - $(OPENSSL_PATH)/crypto/x509/x509_v3.c
> - $(OPENSSL_PATH)/crypto/x509/x509_vfy.c
> - $(OPENSSL_PATH)/crypto/x509/x509_vpm.c
> - $(OPENSSL_PATH)/crypto/x509/x509cset.c
> - $(OPENSSL_PATH)/crypto/x509/x509name.c
> - $(OPENSSL_PATH)/crypto/x509/x509rset.c
> - $(OPENSSL_PATH)/crypto/x509/x509spki.c
> - $(OPENSSL_PATH)/crypto/x509/x509type.c
> - $(OPENSSL_PATH)/crypto/x509/x_all.c
> - $(OPENSSL_PATH)/crypto/x509/x_attrib.c
> - $(OPENSSL_PATH)/crypto/x509/x_crl.c
> - $(OPENSSL_PATH)/crypto/x509/x_exten.c
> - $(OPENSSL_PATH)/crypto/x509/x_name.c
> - $(OPENSSL_PATH)/crypto/x509/x_pubkey.c
> - $(OPENSSL_PATH)/crypto/x509/x_req.c
> - $(OPENSSL_PATH)/crypto/x509/x_x509.c
> - $(OPENSSL_PATH)/crypto/x509/x_x509a.c
> - $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
> - $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
> - $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
> - $(OPENSSL_PATH)/crypto/x509v3/pcy_map.c
> - $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c
> - $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_admis.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_asid.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_bcons.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_bitst.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_conf.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_cpols.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_crld.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_enum.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_extku.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_genn.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_ia5.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_info.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_int.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_lib.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_ncons.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_pci.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_pcia.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_pcons.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_pku.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_pmaps.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_prn.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_purp.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_skey.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_sxnet.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3err.c
> - $(OPENSSL_PATH)/crypto/arm_arch.h
> - $(OPENSSL_PATH)/crypto/mips_arch.h
> - $(OPENSSL_PATH)/crypto/ppc_arch.h
> - $(OPENSSL_PATH)/crypto/s390x_arch.h
> - $(OPENSSL_PATH)/crypto/sparc_arch.h
> - $(OPENSSL_PATH)/crypto/vms_rms.h
> - $(OPENSSL_PATH)/crypto/aes/aes_local.h
> - $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
> - $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
> - $(OPENSSL_PATH)/crypto/asn1/charmap.h
> - $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
> - $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
> - $(OPENSSL_PATH)/crypto/async/async_local.h
> - $(OPENSSL_PATH)/crypto/async/arch/async_null.h
> - $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
> - $(OPENSSL_PATH)/crypto/async/arch/async_win.h
> - $(OPENSSL_PATH)/crypto/bio/bio_local.h
> - $(OPENSSL_PATH)/crypto/bn/bn_local.h
> - $(OPENSSL_PATH)/crypto/bn/bn_prime.h
> - $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
> - $(OPENSSL_PATH)/crypto/comp/comp_local.h
> - $(OPENSSL_PATH)/crypto/conf/conf_def.h
> - $(OPENSSL_PATH)/crypto/conf/conf_local.h
> - $(OPENSSL_PATH)/crypto/dh/dh_local.h
> - $(OPENSSL_PATH)/crypto/dso/dso_local.h
> - $(OPENSSL_PATH)/crypto/ec/ec_local.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/evp/evp_local.h
> - $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> - $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> - $(OPENSSL_PATH)/crypto/md5/md5_local.h
> - $(OPENSSL_PATH)/crypto/modes/modes_local.h
> - $(OPENSSL_PATH)/crypto/objects/obj_dat.h
> - $(OPENSSL_PATH)/crypto/objects/obj_local.h
> - $(OPENSSL_PATH)/crypto/objects/obj_xref.h
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
> - $(OPENSSL_PATH)/crypto/rand/rand_local.h
> - $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
> - $(OPENSSL_PATH)/crypto/sha/sha_local.h
> - $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
> - $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
> - $(OPENSSL_PATH)/crypto/store/store_local.h
> - $(OPENSSL_PATH)/crypto/ui/ui_local.h
> - $(OPENSSL_PATH)/crypto/x509/x509_local.h
> - $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
> - $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
> - $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
> - $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
> - $(OPENSSL_PATH)/ssl/bio_ssl.c
> - $(OPENSSL_PATH)/ssl/d1_lib.c
> - $(OPENSSL_PATH)/ssl/d1_msg.c
> - $(OPENSSL_PATH)/ssl/d1_srtp.c
> - $(OPENSSL_PATH)/ssl/methods.c
> - $(OPENSSL_PATH)/ssl/packet.c
> - $(OPENSSL_PATH)/ssl/pqueue.c
> - $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c
> - $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c
> - $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c
> - $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c
> - $(OPENSSL_PATH)/ssl/record/ssl3_record.c
> - $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c
> - $(OPENSSL_PATH)/ssl/s3_cbc.c
> - $(OPENSSL_PATH)/ssl/s3_enc.c
> - $(OPENSSL_PATH)/ssl/s3_lib.c
> - $(OPENSSL_PATH)/ssl/s3_msg.c
> - $(OPENSSL_PATH)/ssl/ssl_asn1.c
> - $(OPENSSL_PATH)/ssl/ssl_cert.c
> - $(OPENSSL_PATH)/ssl/ssl_ciph.c
> - $(OPENSSL_PATH)/ssl/ssl_conf.c
> - $(OPENSSL_PATH)/ssl/ssl_err.c
> - $(OPENSSL_PATH)/ssl/ssl_init.c
> - $(OPENSSL_PATH)/ssl/ssl_lib.c
> - $(OPENSSL_PATH)/ssl/ssl_mcnf.c
> - $(OPENSSL_PATH)/ssl/ssl_rsa.c
> - $(OPENSSL_PATH)/ssl/ssl_sess.c
> - $(OPENSSL_PATH)/ssl/ssl_stat.c
> - $(OPENSSL_PATH)/ssl/ssl_txt.c
> - $(OPENSSL_PATH)/ssl/ssl_utst.c
> - $(OPENSSL_PATH)/ssl/statem/extensions.c
> - $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c
> - $(OPENSSL_PATH)/ssl/statem/extensions_cust.c
> - $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c
> - $(OPENSSL_PATH)/ssl/statem/statem.c
> - $(OPENSSL_PATH)/ssl/statem/statem_clnt.c
> - $(OPENSSL_PATH)/ssl/statem/statem_dtls.c
> - $(OPENSSL_PATH)/ssl/statem/statem_lib.c
> - $(OPENSSL_PATH)/ssl/statem/statem_srvr.c
> - $(OPENSSL_PATH)/ssl/t1_enc.c
> - $(OPENSSL_PATH)/ssl/t1_lib.c
> - $(OPENSSL_PATH)/ssl/t1_trce.c
> - $(OPENSSL_PATH)/ssl/tls13_enc.c
> - $(OPENSSL_PATH)/ssl/tls_srp.c
> - $(OPENSSL_PATH)/ssl/packet_local.h
> - $(OPENSSL_PATH)/ssl/ssl_cert_table.h
> - $(OPENSSL_PATH)/ssl/ssl_local.h
> - $(OPENSSL_PATH)/ssl/record/record.h
> - $(OPENSSL_PATH)/ssl/record/record_local.h
> - $(OPENSSL_PATH)/ssl/statem/statem.h
> - $(OPENSSL_PATH)/ssl/statem/statem_local.h
> -# Autogenerated files list ends here
> - buildinf.h
> - ossl_store.c
> - rand_pool.c
> - X64/ApiHooks.c
> -
> -[Packages]
> - MdePkg/MdePkg.dec
> - CryptoPkg/CryptoPkg.dec
> -
> -[LibraryClasses]
> - BaseLib
> - DebugLib
> - RngLib
> - PrintLib
> -
> -[FixedPcd]
> - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
> -
> -[BuildOptions]
> - #
> - # Disables the following Visual Studio compiler warnings brought by
> openssl source,
> - # so we do not break the build with /WX option:
> - # C4090: 'function' : different 'const' qualifiers
> - # C4132: 'object' : const object should be initialized (tls13_enc.c)
> - # C4210: nonstandard extension used: function given file scope
> - # C4244: conversion from type1 to type2, possible loss of data
> - # C4245: conversion from type1 to type2, signed/unsigned mismatch
> - # C4267: conversion from size_t to type, possible loss of data
> - # C4306: 'identifier' : conversion from 'type1' to 'type2' of greater
> size
> - # C4310: cast truncates constant value
> - # C4389: 'operator' : signed/unsigned mismatch (xxxx)
> - # C4700: uninitialized local variable 'name' used. (conf_sap.c(71))
> - # C4702: unreachable code
> - # C4706: assignment within conditional expression
> - # C4819: The file contains a character that cannot be represented in the
> current code page
> - #
> - MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
> -
> - INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> -
> - #
> - # Suppress the following build warnings in openssl so we don't break the
> build with -Werror
> - # -Werror=maybe-uninitialized: there exist some other paths for which
> the variable is not initialized.
> - # -Werror=format: Check calls to printf and scanf, etc., to make sure
> that the arguments supplied have
> - # types appropriate to the format string specified.
> - # -Werror=unused-but-set-variable: Warn whenever a local variable is
> assigned to, but otherwise unused (aside from its declaration).
> - #
> - GCC:*_*_X64_CC_FLAGS = -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -
> Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
> -
> - # suppress the following warnings in openssl so we don't break the build
> with warnings-as-errors:
> - # 1295: Deprecated declaration <entity> - give arg types
> - # 550: <entity> was set but never used
> - # 1293: assignment in condition
> - # 111: statement is unreachable (invariably "break;" after "return X;" in
> case statement)
> - # 68: integer conversion resulted in a change of sign ("if (Status == -
> 1)")
> - # 177: <entity> was declared but never referenced
> - # 223: function <entity> declared implicitly
> - # 144: a value of type <type> cannot be used to initialize an entity of
> type <type>
> - # 513: a value of type <type> cannot be assigned to an entity of type
> <type>
> - # 188: enumerated type mixed with another type (i.e. passing an integer
> as an enum without a cast)
> - # 1296: Extended constant initialiser used
> - # 128: loop is not reachable - may be emitted inappropriately if code
> follows a conditional return
> - # from the function that evaluates to true at compile time
> - # 546: transfer of control bypasses initialization - may be emitted
> inappropriately if the uninitialized
> - # variable is never referenced after the jump
> - # 1: ignore "#1-D: last line of file ends without a newline"
> - # 3017: <entity> may be used before being set (NOTE: This was fixed in
> OpenSSL 1.1 HEAD with
> - # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be
> dropped then.)
> - XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
> deleted file mode 100644
> index 0f1b4b16f8b1..000000000000
> --- a/CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
> +++ /dev/null
> @@ -1,706 +0,0 @@
> -## @file
> -# This module provides OpenSSL Library implementation.
> -#
> -# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
> -# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> -# SPDX-License-Identifier: BSD-2-Clause-Patent
> -#
> -##
> -
> -[Defines]
> - INF_VERSION = 0x00010005
> - BASE_NAME = OpensslLibX64Gcc
> - MODULE_UNI_FILE = OpensslLib.uni
> - FILE_GUID = DD90DB9D-6A3F-4F2B-87BF-A8F2BBEF982F
> - MODULE_TYPE = BASE
> - VERSION_STRING = 1.0
> - LIBRARY_CLASS = OpensslLib
> - DEFINE OPENSSL_PATH = openssl
> - DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
> - DEFINE OPENSSL_FLAGS_CONFIG = -DOPENSSL_CPUID_OBJ -DSHA1_ASM -
> DSHA256_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
> - CONSTRUCTOR = OpensslLibConstructor
> -
> -#
> -# VALID_ARCHITECTURES = X64
> -#
> -
> -[Sources.X64]
> - OpensslLibConstructor.c
> - $(OPENSSL_PATH)/e_os.h
> - $(OPENSSL_PATH)/ms/uplink.h
> -# Autogenerated files list starts here
> - X64Gcc/crypto/aes/aesni-mb-x86_64.S
> - X64Gcc/crypto/aes/aesni-sha1-x86_64.S
> - X64Gcc/crypto/aes/aesni-sha256-x86_64.S
> - X64Gcc/crypto/aes/aesni-x86_64.S
> - X64Gcc/crypto/aes/vpaes-x86_64.S
> - X64Gcc/crypto/modes/aesni-gcm-x86_64.S
> - X64Gcc/crypto/modes/ghash-x86_64.S
> - X64Gcc/crypto/sha/sha1-mb-x86_64.S
> - X64Gcc/crypto/sha/sha1-x86_64.S
> - X64Gcc/crypto/sha/sha256-mb-x86_64.S
> - X64Gcc/crypto/sha/sha256-x86_64.S
> - X64Gcc/crypto/sha/sha512-x86_64.S
> - X64Gcc/crypto/x86_64cpuid.S
> - $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
> - $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
> - $(OPENSSL_PATH)/crypto/aes/aes_core.c
> - $(OPENSSL_PATH)/crypto/aes/aes_ige.c
> - $(OPENSSL_PATH)/crypto/aes/aes_misc.c
> - $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
> - $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
> - $(OPENSSL_PATH)/crypto/aria/aria.c
> - $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
> - $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
> - $(OPENSSL_PATH)/crypto/asn1/a_digest.c
> - $(OPENSSL_PATH)/crypto/asn1/a_dup.c
> - $(OPENSSL_PATH)/crypto/asn1/a_gentm.c
> - $(OPENSSL_PATH)/crypto/asn1/a_i2d_fp.c
> - $(OPENSSL_PATH)/crypto/asn1/a_int.c
> - $(OPENSSL_PATH)/crypto/asn1/a_mbstr.c
> - $(OPENSSL_PATH)/crypto/asn1/a_object.c
> - $(OPENSSL_PATH)/crypto/asn1/a_octet.c
> - $(OPENSSL_PATH)/crypto/asn1/a_print.c
> - $(OPENSSL_PATH)/crypto/asn1/a_sign.c
> - $(OPENSSL_PATH)/crypto/asn1/a_strex.c
> - $(OPENSSL_PATH)/crypto/asn1/a_strnid.c
> - $(OPENSSL_PATH)/crypto/asn1/a_time.c
> - $(OPENSSL_PATH)/crypto/asn1/a_type.c
> - $(OPENSSL_PATH)/crypto/asn1/a_utctm.c
> - $(OPENSSL_PATH)/crypto/asn1/a_utf8.c
> - $(OPENSSL_PATH)/crypto/asn1/a_verify.c
> - $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c
> - $(OPENSSL_PATH)/crypto/asn1/asn1_err.c
> - $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c
> - $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.c
> - $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c
> - $(OPENSSL_PATH)/crypto/asn1/asn1_par.c
> - $(OPENSSL_PATH)/crypto/asn1/asn_mime.c
> - $(OPENSSL_PATH)/crypto/asn1/asn_moid.c
> - $(OPENSSL_PATH)/crypto/asn1/asn_mstbl.c
> - $(OPENSSL_PATH)/crypto/asn1/asn_pack.c
> - $(OPENSSL_PATH)/crypto/asn1/bio_asn1.c
> - $(OPENSSL_PATH)/crypto/asn1/bio_ndef.c
> - $(OPENSSL_PATH)/crypto/asn1/d2i_pr.c
> - $(OPENSSL_PATH)/crypto/asn1/d2i_pu.c
> - $(OPENSSL_PATH)/crypto/asn1/evp_asn1.c
> - $(OPENSSL_PATH)/crypto/asn1/f_int.c
> - $(OPENSSL_PATH)/crypto/asn1/f_string.c
> - $(OPENSSL_PATH)/crypto/asn1/i2d_pr.c
> - $(OPENSSL_PATH)/crypto/asn1/i2d_pu.c
> - $(OPENSSL_PATH)/crypto/asn1/n_pkey.c
> - $(OPENSSL_PATH)/crypto/asn1/nsseq.c
> - $(OPENSSL_PATH)/crypto/asn1/p5_pbe.c
> - $(OPENSSL_PATH)/crypto/asn1/p5_pbev2.c
> - $(OPENSSL_PATH)/crypto/asn1/p5_scrypt.c
> - $(OPENSSL_PATH)/crypto/asn1/p8_pkey.c
> - $(OPENSSL_PATH)/crypto/asn1/t_bitst.c
> - $(OPENSSL_PATH)/crypto/asn1/t_pkey.c
> - $(OPENSSL_PATH)/crypto/asn1/t_spki.c
> - $(OPENSSL_PATH)/crypto/asn1/tasn_dec.c
> - $(OPENSSL_PATH)/crypto/asn1/tasn_enc.c
> - $(OPENSSL_PATH)/crypto/asn1/tasn_fre.c
> - $(OPENSSL_PATH)/crypto/asn1/tasn_new.c
> - $(OPENSSL_PATH)/crypto/asn1/tasn_prn.c
> - $(OPENSSL_PATH)/crypto/asn1/tasn_scn.c
> - $(OPENSSL_PATH)/crypto/asn1/tasn_typ.c
> - $(OPENSSL_PATH)/crypto/asn1/tasn_utl.c
> - $(OPENSSL_PATH)/crypto/asn1/x_algor.c
> - $(OPENSSL_PATH)/crypto/asn1/x_bignum.c
> - $(OPENSSL_PATH)/crypto/asn1/x_info.c
> - $(OPENSSL_PATH)/crypto/asn1/x_int64.c
> - $(OPENSSL_PATH)/crypto/asn1/x_long.c
> - $(OPENSSL_PATH)/crypto/asn1/x_pkey.c
> - $(OPENSSL_PATH)/crypto/asn1/x_sig.c
> - $(OPENSSL_PATH)/crypto/asn1/x_spki.c
> - $(OPENSSL_PATH)/crypto/asn1/x_val.c
> - $(OPENSSL_PATH)/crypto/async/arch/async_null.c
> - $(OPENSSL_PATH)/crypto/async/arch/async_posix.c
> - $(OPENSSL_PATH)/crypto/async/arch/async_win.c
> - $(OPENSSL_PATH)/crypto/async/async.c
> - $(OPENSSL_PATH)/crypto/async/async_err.c
> - $(OPENSSL_PATH)/crypto/async/async_wait.c
> - $(OPENSSL_PATH)/crypto/bio/b_addr.c
> - $(OPENSSL_PATH)/crypto/bio/b_dump.c
> - $(OPENSSL_PATH)/crypto/bio/b_sock.c
> - $(OPENSSL_PATH)/crypto/bio/b_sock2.c
> - $(OPENSSL_PATH)/crypto/bio/bf_buff.c
> - $(OPENSSL_PATH)/crypto/bio/bf_lbuf.c
> - $(OPENSSL_PATH)/crypto/bio/bf_nbio.c
> - $(OPENSSL_PATH)/crypto/bio/bf_null.c
> - $(OPENSSL_PATH)/crypto/bio/bio_cb.c
> - $(OPENSSL_PATH)/crypto/bio/bio_err.c
> - $(OPENSSL_PATH)/crypto/bio/bio_lib.c
> - $(OPENSSL_PATH)/crypto/bio/bio_meth.c
> - $(OPENSSL_PATH)/crypto/bio/bss_acpt.c
> - $(OPENSSL_PATH)/crypto/bio/bss_bio.c
> - $(OPENSSL_PATH)/crypto/bio/bss_conn.c
> - $(OPENSSL_PATH)/crypto/bio/bss_dgram.c
> - $(OPENSSL_PATH)/crypto/bio/bss_fd.c
> - $(OPENSSL_PATH)/crypto/bio/bss_file.c
> - $(OPENSSL_PATH)/crypto/bio/bss_log.c
> - $(OPENSSL_PATH)/crypto/bio/bss_mem.c
> - $(OPENSSL_PATH)/crypto/bio/bss_null.c
> - $(OPENSSL_PATH)/crypto/bio/bss_sock.c
> - $(OPENSSL_PATH)/crypto/bn/bn_add.c
> - $(OPENSSL_PATH)/crypto/bn/bn_asm.c
> - $(OPENSSL_PATH)/crypto/bn/bn_blind.c
> - $(OPENSSL_PATH)/crypto/bn/bn_const.c
> - $(OPENSSL_PATH)/crypto/bn/bn_ctx.c
> - $(OPENSSL_PATH)/crypto/bn/bn_depr.c
> - $(OPENSSL_PATH)/crypto/bn/bn_dh.c
> - $(OPENSSL_PATH)/crypto/bn/bn_div.c
> - $(OPENSSL_PATH)/crypto/bn/bn_err.c
> - $(OPENSSL_PATH)/crypto/bn/bn_exp.c
> - $(OPENSSL_PATH)/crypto/bn/bn_exp2.c
> - $(OPENSSL_PATH)/crypto/bn/bn_gcd.c
> - $(OPENSSL_PATH)/crypto/bn/bn_gf2m.c
> - $(OPENSSL_PATH)/crypto/bn/bn_intern.c
> - $(OPENSSL_PATH)/crypto/bn/bn_kron.c
> - $(OPENSSL_PATH)/crypto/bn/bn_lib.c
> - $(OPENSSL_PATH)/crypto/bn/bn_mod.c
> - $(OPENSSL_PATH)/crypto/bn/bn_mont.c
> - $(OPENSSL_PATH)/crypto/bn/bn_mpi.c
> - $(OPENSSL_PATH)/crypto/bn/bn_mul.c
> - $(OPENSSL_PATH)/crypto/bn/bn_nist.c
> - $(OPENSSL_PATH)/crypto/bn/bn_prime.c
> - $(OPENSSL_PATH)/crypto/bn/bn_print.c
> - $(OPENSSL_PATH)/crypto/bn/bn_rand.c
> - $(OPENSSL_PATH)/crypto/bn/bn_recp.c
> - $(OPENSSL_PATH)/crypto/bn/bn_shift.c
> - $(OPENSSL_PATH)/crypto/bn/bn_sqr.c
> - $(OPENSSL_PATH)/crypto/bn/bn_sqrt.c
> - $(OPENSSL_PATH)/crypto/bn/bn_srp.c
> - $(OPENSSL_PATH)/crypto/bn/bn_word.c
> - $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
> - $(OPENSSL_PATH)/crypto/buffer/buf_err.c
> - $(OPENSSL_PATH)/crypto/buffer/buffer.c
> - $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
> - $(OPENSSL_PATH)/crypto/cmac/cm_pmeth.c
> - $(OPENSSL_PATH)/crypto/cmac/cmac.c
> - $(OPENSSL_PATH)/crypto/comp/c_zlib.c
> - $(OPENSSL_PATH)/crypto/comp/comp_err.c
> - $(OPENSSL_PATH)/crypto/comp/comp_lib.c
> - $(OPENSSL_PATH)/crypto/conf/conf_api.c
> - $(OPENSSL_PATH)/crypto/conf/conf_def.c
> - $(OPENSSL_PATH)/crypto/conf/conf_err.c
> - $(OPENSSL_PATH)/crypto/conf/conf_lib.c
> - $(OPENSSL_PATH)/crypto/conf/conf_mall.c
> - $(OPENSSL_PATH)/crypto/conf/conf_mod.c
> - $(OPENSSL_PATH)/crypto/conf/conf_sap.c
> - $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
> - $(OPENSSL_PATH)/crypto/cpt_err.c
> - $(OPENSSL_PATH)/crypto/cryptlib.c
> - $(OPENSSL_PATH)/crypto/ctype.c
> - $(OPENSSL_PATH)/crypto/cversion.c
> - $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
> - $(OPENSSL_PATH)/crypto/dh/dh_asn1.c
> - $(OPENSSL_PATH)/crypto/dh/dh_check.c
> - $(OPENSSL_PATH)/crypto/dh/dh_depr.c
> - $(OPENSSL_PATH)/crypto/dh/dh_err.c
> - $(OPENSSL_PATH)/crypto/dh/dh_gen.c
> - $(OPENSSL_PATH)/crypto/dh/dh_kdf.c
> - $(OPENSSL_PATH)/crypto/dh/dh_key.c
> - $(OPENSSL_PATH)/crypto/dh/dh_lib.c
> - $(OPENSSL_PATH)/crypto/dh/dh_meth.c
> - $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c
> - $(OPENSSL_PATH)/crypto/dh/dh_prn.c
> - $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
> - $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
> - $(OPENSSL_PATH)/crypto/dso/dso_dl.c
> - $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
> - $(OPENSSL_PATH)/crypto/dso/dso_err.c
> - $(OPENSSL_PATH)/crypto/dso/dso_lib.c
> - $(OPENSSL_PATH)/crypto/dso/dso_openssl.c
> - $(OPENSSL_PATH)/crypto/dso/dso_vms.c
> - $(OPENSSL_PATH)/crypto/dso/dso_win32.c
> - $(OPENSSL_PATH)/crypto/ebcdic.c
> - $(OPENSSL_PATH)/crypto/ec/curve25519.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_check.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_err.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_key.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ec_print.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/err/err.c
> - $(OPENSSL_PATH)/crypto/err/err_prn.c
> - $(OPENSSL_PATH)/crypto/evp/bio_b64.c
> - $(OPENSSL_PATH)/crypto/evp/bio_enc.c
> - $(OPENSSL_PATH)/crypto/evp/bio_md.c
> - $(OPENSSL_PATH)/crypto/evp/bio_ok.c
> - $(OPENSSL_PATH)/crypto/evp/c_allc.c
> - $(OPENSSL_PATH)/crypto/evp/c_alld.c
> - $(OPENSSL_PATH)/crypto/evp/cmeth_lib.c
> - $(OPENSSL_PATH)/crypto/evp/digest.c
> - $(OPENSSL_PATH)/crypto/evp/e_aes.c
> - $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c
> - $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c
> - $(OPENSSL_PATH)/crypto/evp/e_aria.c
> - $(OPENSSL_PATH)/crypto/evp/e_bf.c
> - $(OPENSSL_PATH)/crypto/evp/e_camellia.c
> - $(OPENSSL_PATH)/crypto/evp/e_cast.c
> - $(OPENSSL_PATH)/crypto/evp/e_chacha20_poly1305.c
> - $(OPENSSL_PATH)/crypto/evp/e_des.c
> - $(OPENSSL_PATH)/crypto/evp/e_des3.c
> - $(OPENSSL_PATH)/crypto/evp/e_idea.c
> - $(OPENSSL_PATH)/crypto/evp/e_null.c
> - $(OPENSSL_PATH)/crypto/evp/e_old.c
> - $(OPENSSL_PATH)/crypto/evp/e_rc2.c
> - $(OPENSSL_PATH)/crypto/evp/e_rc4.c
> - $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c
> - $(OPENSSL_PATH)/crypto/evp/e_rc5.c
> - $(OPENSSL_PATH)/crypto/evp/e_seed.c
> - $(OPENSSL_PATH)/crypto/evp/e_sm4.c
> - $(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c
> - $(OPENSSL_PATH)/crypto/evp/encode.c
> - $(OPENSSL_PATH)/crypto/evp/evp_cnf.c
> - $(OPENSSL_PATH)/crypto/evp/evp_enc.c
> - $(OPENSSL_PATH)/crypto/evp/evp_err.c
> - $(OPENSSL_PATH)/crypto/evp/evp_key.c
> - $(OPENSSL_PATH)/crypto/evp/evp_lib.c
> - $(OPENSSL_PATH)/crypto/evp/evp_pbe.c
> - $(OPENSSL_PATH)/crypto/evp/evp_pkey.c
> - $(OPENSSL_PATH)/crypto/evp/m_md2.c
> - $(OPENSSL_PATH)/crypto/evp/m_md4.c
> - $(OPENSSL_PATH)/crypto/evp/m_md5.c
> - $(OPENSSL_PATH)/crypto/evp/m_md5_sha1.c
> - $(OPENSSL_PATH)/crypto/evp/m_mdc2.c
> - $(OPENSSL_PATH)/crypto/evp/m_null.c
> - $(OPENSSL_PATH)/crypto/evp/m_ripemd.c
> - $(OPENSSL_PATH)/crypto/evp/m_sha1.c
> - $(OPENSSL_PATH)/crypto/evp/m_sha3.c
> - $(OPENSSL_PATH)/crypto/evp/m_sigver.c
> - $(OPENSSL_PATH)/crypto/evp/m_wp.c
> - $(OPENSSL_PATH)/crypto/evp/names.c
> - $(OPENSSL_PATH)/crypto/evp/p5_crpt.c
> - $(OPENSSL_PATH)/crypto/evp/p5_crpt2.c
> - $(OPENSSL_PATH)/crypto/evp/p_dec.c
> - $(OPENSSL_PATH)/crypto/evp/p_enc.c
> - $(OPENSSL_PATH)/crypto/evp/p_lib.c
> - $(OPENSSL_PATH)/crypto/evp/p_open.c
> - $(OPENSSL_PATH)/crypto/evp/p_seal.c
> - $(OPENSSL_PATH)/crypto/evp/p_sign.c
> - $(OPENSSL_PATH)/crypto/evp/p_verify.c
> - $(OPENSSL_PATH)/crypto/evp/pbe_scrypt.c
> - $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
> - $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
> - $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
> - $(OPENSSL_PATH)/crypto/ex_data.c
> - $(OPENSSL_PATH)/crypto/getenv.c
> - $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
> - $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
> - $(OPENSSL_PATH)/crypto/hmac/hmac.c
> - $(OPENSSL_PATH)/crypto/init.c
> - $(OPENSSL_PATH)/crypto/kdf/hkdf.c
> - $(OPENSSL_PATH)/crypto/kdf/kdf_err.c
> - $(OPENSSL_PATH)/crypto/kdf/scrypt.c
> - $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
> - $(OPENSSL_PATH)/crypto/lhash/lh_stats.c
> - $(OPENSSL_PATH)/crypto/lhash/lhash.c
> - $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
> - $(OPENSSL_PATH)/crypto/md5/md5_one.c
> - $(OPENSSL_PATH)/crypto/mem.c
> - $(OPENSSL_PATH)/crypto/mem_dbg.c
> - $(OPENSSL_PATH)/crypto/mem_sec.c
> - $(OPENSSL_PATH)/crypto/modes/cbc128.c
> - $(OPENSSL_PATH)/crypto/modes/ccm128.c
> - $(OPENSSL_PATH)/crypto/modes/cfb128.c
> - $(OPENSSL_PATH)/crypto/modes/ctr128.c
> - $(OPENSSL_PATH)/crypto/modes/cts128.c
> - $(OPENSSL_PATH)/crypto/modes/gcm128.c
> - $(OPENSSL_PATH)/crypto/modes/ocb128.c
> - $(OPENSSL_PATH)/crypto/modes/ofb128.c
> - $(OPENSSL_PATH)/crypto/modes/wrap128.c
> - $(OPENSSL_PATH)/crypto/modes/xts128.c
> - $(OPENSSL_PATH)/crypto/o_dir.c
> - $(OPENSSL_PATH)/crypto/o_fips.c
> - $(OPENSSL_PATH)/crypto/o_fopen.c
> - $(OPENSSL_PATH)/crypto/o_init.c
> - $(OPENSSL_PATH)/crypto/o_str.c
> - $(OPENSSL_PATH)/crypto/o_time.c
> - $(OPENSSL_PATH)/crypto/objects/o_names.c
> - $(OPENSSL_PATH)/crypto/objects/obj_dat.c
> - $(OPENSSL_PATH)/crypto/objects/obj_err.c
> - $(OPENSSL_PATH)/crypto/objects/obj_lib.c
> - $(OPENSSL_PATH)/crypto/objects/obj_xref.c
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
> - $(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
> - $(OPENSSL_PATH)/crypto/pem/pem_all.c
> - $(OPENSSL_PATH)/crypto/pem/pem_err.c
> - $(OPENSSL_PATH)/crypto/pem/pem_info.c
> - $(OPENSSL_PATH)/crypto/pem/pem_lib.c
> - $(OPENSSL_PATH)/crypto/pem/pem_oth.c
> - $(OPENSSL_PATH)/crypto/pem/pem_pk8.c
> - $(OPENSSL_PATH)/crypto/pem/pem_pkey.c
> - $(OPENSSL_PATH)/crypto/pem/pem_sign.c
> - $(OPENSSL_PATH)/crypto/pem/pem_x509.c
> - $(OPENSSL_PATH)/crypto/pem/pem_xaux.c
> - $(OPENSSL_PATH)/crypto/pem/pvkfmt.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_add.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_attr.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_crpt.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_crt.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_decr.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_init.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_key.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_kiss.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_mutl.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_npas.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_sbag.c
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c
> - $(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
> - $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
> - $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
> - $(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
> - $(OPENSSL_PATH)/crypto/pkcs7/pk7_doit.c
> - $(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c
> - $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
> - $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
> - $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
> - $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
> - $(OPENSSL_PATH)/crypto/rand/drbg_lib.c
> - $(OPENSSL_PATH)/crypto/rand/rand_egd.c
> - $(OPENSSL_PATH)/crypto/rand/rand_err.c
> - $(OPENSSL_PATH)/crypto/rand/rand_lib.c
> - $(OPENSSL_PATH)/crypto/rand/rand_unix.c
> - $(OPENSSL_PATH)/crypto/rand/rand_vms.c
> - $(OPENSSL_PATH)/crypto/rand/rand_win.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_crpt.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_depr.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_err.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_meth.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_mp.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_none.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_ossl.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_pmeth.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_prn.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_pss.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_saos.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_sign.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
> - $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
> - $(OPENSSL_PATH)/crypto/sha/keccak1600.c
> - $(OPENSSL_PATH)/crypto/sha/sha1_one.c
> - $(OPENSSL_PATH)/crypto/sha/sha1dgst.c
> - $(OPENSSL_PATH)/crypto/sha/sha256.c
> - $(OPENSSL_PATH)/crypto/sha/sha512.c
> - $(OPENSSL_PATH)/crypto/siphash/siphash.c
> - $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
> - $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
> - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
> - $(OPENSSL_PATH)/crypto/sm3/sm3.c
> - $(OPENSSL_PATH)/crypto/sm4/sm4.c
> - $(OPENSSL_PATH)/crypto/stack/stack.c
> - $(OPENSSL_PATH)/crypto/threads_none.c
> - $(OPENSSL_PATH)/crypto/threads_pthread.c
> - $(OPENSSL_PATH)/crypto/threads_win.c
> - $(OPENSSL_PATH)/crypto/txt_db/txt_db.c
> - $(OPENSSL_PATH)/crypto/ui/ui_err.c
> - $(OPENSSL_PATH)/crypto/ui/ui_lib.c
> - $(OPENSSL_PATH)/crypto/ui/ui_null.c
> - $(OPENSSL_PATH)/crypto/ui/ui_openssl.c
> - $(OPENSSL_PATH)/crypto/ui/ui_util.c
> - $(OPENSSL_PATH)/crypto/uid.c
> - $(OPENSSL_PATH)/crypto/x509/by_dir.c
> - $(OPENSSL_PATH)/crypto/x509/by_file.c
> - $(OPENSSL_PATH)/crypto/x509/t_crl.c
> - $(OPENSSL_PATH)/crypto/x509/t_req.c
> - $(OPENSSL_PATH)/crypto/x509/t_x509.c
> - $(OPENSSL_PATH)/crypto/x509/x509_att.c
> - $(OPENSSL_PATH)/crypto/x509/x509_cmp.c
> - $(OPENSSL_PATH)/crypto/x509/x509_d2.c
> - $(OPENSSL_PATH)/crypto/x509/x509_def.c
> - $(OPENSSL_PATH)/crypto/x509/x509_err.c
> - $(OPENSSL_PATH)/crypto/x509/x509_ext.c
> - $(OPENSSL_PATH)/crypto/x509/x509_lu.c
> - $(OPENSSL_PATH)/crypto/x509/x509_meth.c
> - $(OPENSSL_PATH)/crypto/x509/x509_obj.c
> - $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
> - $(OPENSSL_PATH)/crypto/x509/x509_req.c
> - $(OPENSSL_PATH)/crypto/x509/x509_set.c
> - $(OPENSSL_PATH)/crypto/x509/x509_trs.c
> - $(OPENSSL_PATH)/crypto/x509/x509_txt.c
> - $(OPENSSL_PATH)/crypto/x509/x509_v3.c
> - $(OPENSSL_PATH)/crypto/x509/x509_vfy.c
> - $(OPENSSL_PATH)/crypto/x509/x509_vpm.c
> - $(OPENSSL_PATH)/crypto/x509/x509cset.c
> - $(OPENSSL_PATH)/crypto/x509/x509name.c
> - $(OPENSSL_PATH)/crypto/x509/x509rset.c
> - $(OPENSSL_PATH)/crypto/x509/x509spki.c
> - $(OPENSSL_PATH)/crypto/x509/x509type.c
> - $(OPENSSL_PATH)/crypto/x509/x_all.c
> - $(OPENSSL_PATH)/crypto/x509/x_attrib.c
> - $(OPENSSL_PATH)/crypto/x509/x_crl.c
> - $(OPENSSL_PATH)/crypto/x509/x_exten.c
> - $(OPENSSL_PATH)/crypto/x509/x_name.c
> - $(OPENSSL_PATH)/crypto/x509/x_pubkey.c
> - $(OPENSSL_PATH)/crypto/x509/x_req.c
> - $(OPENSSL_PATH)/crypto/x509/x_x509.c
> - $(OPENSSL_PATH)/crypto/x509/x_x509a.c
> - $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
> - $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
> - $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
> - $(OPENSSL_PATH)/crypto/x509v3/pcy_map.c
> - $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c
> - $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_admis.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_asid.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_bcons.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_bitst.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_conf.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_cpols.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_crld.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_enum.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_extku.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_genn.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_ia5.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_info.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_int.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_lib.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_ncons.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_pci.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_pcia.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_pcons.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_pku.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_pmaps.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_prn.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_purp.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_skey.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_sxnet.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
> - $(OPENSSL_PATH)/crypto/x509v3/v3err.c
> - $(OPENSSL_PATH)/crypto/arm_arch.h
> - $(OPENSSL_PATH)/crypto/mips_arch.h
> - $(OPENSSL_PATH)/crypto/ppc_arch.h
> - $(OPENSSL_PATH)/crypto/s390x_arch.h
> - $(OPENSSL_PATH)/crypto/sparc_arch.h
> - $(OPENSSL_PATH)/crypto/vms_rms.h
> - $(OPENSSL_PATH)/crypto/aes/aes_local.h
> - $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
> - $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
> - $(OPENSSL_PATH)/crypto/asn1/charmap.h
> - $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
> - $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
> - $(OPENSSL_PATH)/crypto/async/async_local.h
> - $(OPENSSL_PATH)/crypto/async/arch/async_null.h
> - $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
> - $(OPENSSL_PATH)/crypto/async/arch/async_win.h
> - $(OPENSSL_PATH)/crypto/bio/bio_local.h
> - $(OPENSSL_PATH)/crypto/bn/bn_local.h
> - $(OPENSSL_PATH)/crypto/bn/bn_prime.h
> - $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
> - $(OPENSSL_PATH)/crypto/comp/comp_local.h
> - $(OPENSSL_PATH)/crypto/conf/conf_def.h
> - $(OPENSSL_PATH)/crypto/conf/conf_local.h
> - $(OPENSSL_PATH)/crypto/dh/dh_local.h
> - $(OPENSSL_PATH)/crypto/dso/dso_local.h
> - $(OPENSSL_PATH)/crypto/ec/ec_local.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> - $(OPENSSL_PATH)/crypto/evp/evp_local.h
> - $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> - $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> - $(OPENSSL_PATH)/crypto/md5/md5_local.h
> - $(OPENSSL_PATH)/crypto/modes/modes_local.h
> - $(OPENSSL_PATH)/crypto/objects/obj_dat.h
> - $(OPENSSL_PATH)/crypto/objects/obj_local.h
> - $(OPENSSL_PATH)/crypto/objects/obj_xref.h
> - $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
> - $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
> - $(OPENSSL_PATH)/crypto/rand/rand_local.h
> - $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
> - $(OPENSSL_PATH)/crypto/sha/sha_local.h
> - $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
> - $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
> - $(OPENSSL_PATH)/crypto/store/store_local.h
> - $(OPENSSL_PATH)/crypto/ui/ui_local.h
> - $(OPENSSL_PATH)/crypto/x509/x509_local.h
> - $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
> - $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
> - $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
> - $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
> - $(OPENSSL_PATH)/ssl/bio_ssl.c
> - $(OPENSSL_PATH)/ssl/d1_lib.c
> - $(OPENSSL_PATH)/ssl/d1_msg.c
> - $(OPENSSL_PATH)/ssl/d1_srtp.c
> - $(OPENSSL_PATH)/ssl/methods.c
> - $(OPENSSL_PATH)/ssl/packet.c
> - $(OPENSSL_PATH)/ssl/pqueue.c
> - $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c
> - $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c
> - $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c
> - $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c
> - $(OPENSSL_PATH)/ssl/record/ssl3_record.c
> - $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c
> - $(OPENSSL_PATH)/ssl/s3_cbc.c
> - $(OPENSSL_PATH)/ssl/s3_enc.c
> - $(OPENSSL_PATH)/ssl/s3_lib.c
> - $(OPENSSL_PATH)/ssl/s3_msg.c
> - $(OPENSSL_PATH)/ssl/ssl_asn1.c
> - $(OPENSSL_PATH)/ssl/ssl_cert.c
> - $(OPENSSL_PATH)/ssl/ssl_ciph.c
> - $(OPENSSL_PATH)/ssl/ssl_conf.c
> - $(OPENSSL_PATH)/ssl/ssl_err.c
> - $(OPENSSL_PATH)/ssl/ssl_init.c
> - $(OPENSSL_PATH)/ssl/ssl_lib.c
> - $(OPENSSL_PATH)/ssl/ssl_mcnf.c
> - $(OPENSSL_PATH)/ssl/ssl_rsa.c
> - $(OPENSSL_PATH)/ssl/ssl_sess.c
> - $(OPENSSL_PATH)/ssl/ssl_stat.c
> - $(OPENSSL_PATH)/ssl/ssl_txt.c
> - $(OPENSSL_PATH)/ssl/ssl_utst.c
> - $(OPENSSL_PATH)/ssl/statem/extensions.c
> - $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c
> - $(OPENSSL_PATH)/ssl/statem/extensions_cust.c
> - $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c
> - $(OPENSSL_PATH)/ssl/statem/statem.c
> - $(OPENSSL_PATH)/ssl/statem/statem_clnt.c
> - $(OPENSSL_PATH)/ssl/statem/statem_dtls.c
> - $(OPENSSL_PATH)/ssl/statem/statem_lib.c
> - $(OPENSSL_PATH)/ssl/statem/statem_srvr.c
> - $(OPENSSL_PATH)/ssl/t1_enc.c
> - $(OPENSSL_PATH)/ssl/t1_lib.c
> - $(OPENSSL_PATH)/ssl/t1_trce.c
> - $(OPENSSL_PATH)/ssl/tls13_enc.c
> - $(OPENSSL_PATH)/ssl/tls_srp.c
> - $(OPENSSL_PATH)/ssl/packet_local.h
> - $(OPENSSL_PATH)/ssl/ssl_cert_table.h
> - $(OPENSSL_PATH)/ssl/ssl_local.h
> - $(OPENSSL_PATH)/ssl/record/record.h
> - $(OPENSSL_PATH)/ssl/record/record_local.h
> - $(OPENSSL_PATH)/ssl/statem/statem.h
> - $(OPENSSL_PATH)/ssl/statem/statem_local.h
> -# Autogenerated files list ends here
> - buildinf.h
> - ossl_store.c
> - rand_pool.c
> - X64/ApiHooks.c
> -
> -[Packages]
> - MdePkg/MdePkg.dec
> - CryptoPkg/CryptoPkg.dec
> -
> -[LibraryClasses]
> - BaseLib
> - DebugLib
> - RngLib
> - PrintLib
> -
> -[FixedPcd]
> - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
> -
> -[BuildOptions]
> - #
> - # Disables the following Visual Studio compiler warnings brought by
> openssl source,
> - # so we do not break the build with /WX option:
> - # C4090: 'function' : different 'const' qualifiers
> - # C4132: 'object' : const object should be initialized (tls13_enc.c)
> - # C4210: nonstandard extension used: function given file scope
> - # C4244: conversion from type1 to type2, possible loss of data
> - # C4245: conversion from type1 to type2, signed/unsigned mismatch
> - # C4267: conversion from size_t to type, possible loss of data
> - # C4306: 'identifier' : conversion from 'type1' to 'type2' of greater
> size
> - # C4310: cast truncates constant value
> - # C4389: 'operator' : signed/unsigned mismatch (xxxx)
> - # C4700: uninitialized local variable 'name' used. (conf_sap.c(71))
> - # C4702: unreachable code
> - # C4706: assignment within conditional expression
> - # C4819: The file contains a character that cannot be represented in the
> current code page
> - #
> - MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
> -
> - INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> -
> - #
> - # Suppress the following build warnings in openssl so we don't break the
> build with -Werror
> - # -Werror=maybe-uninitialized: there exist some other paths for which
> the variable is not initialized.
> - # -Werror=format: Check calls to printf and scanf, etc., to make sure
> that the arguments supplied have
> - # types appropriate to the format string specified.
> - # -Werror=unused-but-set-variable: Warn whenever a local variable is
> assigned to, but otherwise unused (aside from its declaration).
> - #
> - GCC:*_*_X64_CC_FLAGS = -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -
> Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
> -
> - # suppress the following warnings in openssl so we don't break the build
> with warnings-as-errors:
> - # 1295: Deprecated declaration <entity> - give arg types
> - # 550: <entity> was set but never used
> - # 1293: assignment in condition
> - # 111: statement is unreachable (invariably "break;" after "return X;" in
> case statement)
> - # 68: integer conversion resulted in a change of sign ("if (Status == -
> 1)")
> - # 177: <entity> was declared but never referenced
> - # 223: function <entity> declared implicitly
> - # 144: a value of type <type> cannot be used to initialize an entity of
> type <type>
> - # 513: a value of type <type> cannot be assigned to an entity of type
> <type>
> - # 188: enumerated type mixed with another type (i.e. passing an integer
> as an enum without a cast)
> - # 1296: Extended constant initialiser used
> - # 128: loop is not reachable - may be emitted inappropriately if code
> follows a conditional return
> - # from the function that evaluates to true at compile time
> - # 546: transfer of control bypasses initialization - may be emitted
> inappropriately if the uninitialized
> - # variable is never referenced after the jump
> - # 1: ignore "#1-D: last line of file ends without a newline"
> - # 3017: <entity> may be used before being set (NOTE: This was fixed in
> OpenSSL 1.1 HEAD with
> - # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be
> dropped then.)
> - XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> --
> 2.37.1.windows.1
>
>
>
>
>
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [edk2-devel] [Patch 06/12] CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs
2022-10-11 23:20 ` [edk2-devel] " Christopher Zurcher
@ 2022-10-11 23:58 ` Michael D Kinney
0 siblings, 0 replies; 23+ messages in thread
From: Michael D Kinney @ 2022-10-11 23:58 UTC (permalink / raw)
To: Christopher Zurcher, devel@edk2.groups.io, Kinney, Michael D
Cc: Yao, Jiewen, Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin,
Zurcher, Christopher, Li, Yi1
Agree with need for perl script updates.
Would be good to know if there is feedback on the design changes
before investing in the perl script updates that may have to
change multiple times if there are design changes.
I will attempt to get the perl script update added to this PR
or shortly after.
Mike
> -----Original Message-----
> From: Christopher Zurcher <christopher.zurcher@outlook.com>
> Sent: Tuesday, October 11, 2022 4:20 PM
> To: devel@edk2.groups.io; Kinney, Michael D <michael.d.kinney@intel.com>
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang,
> Guomin <guomin.jiang@intel.com>; Zurcher, Christopher <christopher.zurcher@microsoft.com>; Li, Yi1 <yi1.li@intel.com>
> Subject: RE: [edk2-devel] [Patch 06/12] CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs
>
> I would generally object to this change being made without the corresponding updates to process_files.pl, as all the manual
> changes to the .inf files here would have to be re-implemented for every update to the openssl submodule, and the updates to
> the perl script will result in their own set of architectural changes to these .inf files as well.
>
> Thanks,
> Christopher Zurcher
>
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael D
> > Kinney
> > Sent: Tuesday, October 11, 2022 08:04
> > To: devel@edk2.groups.io
> > Cc: Jiewen Yao <jiewen.yao@intel.com>; Jian J Wang <jian.j.wang@intel.com>;
> > Xiaoyu Lu <xiaoyu1.lu@intel.com>; Guomin Jiang <guomin.jiang@intel.com>;
> > Christopher Zurcher <christopher.zurcher@microsoft.com>
> > Subject: [edk2-devel] [Patch 06/12] CryptoPkg/Library/OpensslLib: Combine all
> > performance optimized INFs
> >
> > * Remove IA32/X64 specific INF files for performance
> > optimized OpensslLib and combine into OpensslLibAccel.inf
> > and OpensslLibFullAccel.inf.
> > * Remove use of PcdOpensslEcEnabled and let the platform
> > select the EC feature by using either OpensslLibFull.inf
> > or OpensslLibFullAccel.inf.
> > * With PcdOpensslEcEnabled removed, roll back style of opensslconf.h
> > and remove opensslconf_generated.h. Move the choice to disable
> > EC/SM2 into OpensslLib INF files using OPENSSL_FLAGS define.
> > * Update OpensslLibContructor() API to be compatible with all
> > FW phases by using types from Base.h and using RETURN_STATUS
> > type and values instead of EFI_STATUS type and values.
> >
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
> > Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> > ---
> > CryptoPkg/CryptoPkg.ci.yaml | 8 +-
> > .../Library/Include/openssl/opensslconf.h | 328 +++++++-
> > .../Include/openssl/opensslconf_generated.h | 333 ---------
> > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 130 ++--
> > CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +-
> > ...OpensslLibIa32.inf => OpensslLibAccel.inf} | 186 +++--
> > .../Library/OpensslLib/OpensslLibAccel.uni | 14 +
> > .../OpensslLib/OpensslLibConstructor.c | 6 +-
> > .../Library/OpensslLib/OpensslLibCrypto.inf | 182 +++--
> > .../Library/OpensslLib/OpensslLibCrypto.uni | 11 +-
> > .../{OpensslLib.inf => OpensslLibFull.inf} | 140 ++--
> > .../{OpensslLib.uni => OpensslLibFull.uni} | 10 +-
> > ...LibIa32Gcc.inf => OpensslLibFullAccel.inf} | 189 +++--
> > .../OpensslLib/OpensslLibFullAccel.uni | 14 +
> > .../Library/OpensslLib/OpensslLibX64.inf | 706 ------------------
> > .../Library/OpensslLib/OpensslLibX64Gcc.inf | 706 ------------------
> > 16 files changed, 848 insertions(+), 2125 deletions(-)
> > delete mode 100644 CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =>
> > OpensslLibAccel.inf} (79%)
> > create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> > copy CryptoPkg/Library/OpensslLib/{OpensslLib.inf => OpensslLibFull.inf}
> > (80%)
> > copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni => OpensslLibFull.uni}
> > (56%)
> > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =>
> > OpensslLibFullAccel.inf} (79%)
> > create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> > delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> > delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
> >
> > diff --git a/CryptoPkg/CryptoPkg.ci.yaml b/CryptoPkg/CryptoPkg.ci.yaml
> > index ca129d6ae56c..47f29759676d 100644
> > --- a/CryptoPkg/CryptoPkg.ci.yaml
> > +++ b/CryptoPkg/CryptoPkg.ci.yaml
> > @@ -73,13 +73,7 @@
> > },
> > "DscCompleteCheck": {
> > "DscPath": "CryptoPkg.dsc",
> > - "IgnoreInf": [
> > - # These are alternatives to OpensslLib.inf
> > - "CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf",
> > - "CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf",
> > - "CryptoPkg/Library/OpensslLib/OpensslLibX64.inf",
> > - "CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf"
> > - ]
> > + "IgnoreInf": []
> > },
> > "GuidCheck": {
> > "IgnoreGuidName": [],
> > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> > b/CryptoPkg/Library/Include/openssl/opensslconf.h
> > index 53dd8c3efbe6..b98b068b3d3b 100644
> > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> > @@ -9,32 +9,324 @@
> > * in the file LICENSE in the source distribution or at
> > * https://www.openssl.org/source/license.html
> > */
> > -#include <Library/PcdLib.h>
> > -#include <openssl/opensslconf_generated.h>
> > +
> > +#include <openssl/opensslv.h>
> >
> > #ifdef __cplusplus
> > extern "C" {
> > #endif
> >
> > -/* Autogenerated conditional openssl feature list starts here */
> > -#if !FixedPcdGetBool (PcdOpensslEcEnabled)
> > -# ifndef OPENSSL_NO_EC
> > -# define OPENSSL_NO_EC
> > -# endif
> > -# ifndef OPENSSL_NO_ECDH
> > -# define OPENSSL_NO_ECDH
> > -# endif
> > -# ifndef OPENSSL_NO_ECDSA
> > -# define OPENSSL_NO_ECDSA
> > -# endif
> > -# ifndef OPENSSL_NO_TLS1_3
> > -# define OPENSSL_NO_TLS1_3
> > +#ifdef OPENSSL_ALGORITHM_DEFINES
> > +# error OPENSSL_ALGORITHM_DEFINES no longer supported
> > +#endif
> > +
> > +/*
> > + * OpenSSL was configured with the following options:
> > + */
> > +
> > +#ifndef OPENSSL_SYS_UEFI
> > +# define OPENSSL_SYS_UEFI 1
> > +#endif
> > +#define OPENSSL_MIN_API 0x10100000L
> > +#ifndef OPENSSL_NO_BF
> > +# define OPENSSL_NO_BF
> > +#endif
> > +#ifndef OPENSSL_NO_BLAKE2
> > +# define OPENSSL_NO_BLAKE2
> > +#endif
> > +#ifndef OPENSSL_NO_CAMELLIA
> > +# define OPENSSL_NO_CAMELLIA
> > +#endif
> > +#ifndef OPENSSL_NO_CAST
> > +# define OPENSSL_NO_CAST
> > +#endif
> > +#ifndef OPENSSL_NO_CHACHA
> > +# define OPENSSL_NO_CHACHA
> > +#endif
> > +#ifndef OPENSSL_NO_CMS
> > +# define OPENSSL_NO_CMS
> > +#endif
> > +#ifndef OPENSSL_NO_CT
> > +# define OPENSSL_NO_CT
> > +#endif
> > +#ifndef OPENSSL_NO_DES
> > +# define OPENSSL_NO_DES
> > +#endif
> > +#ifndef OPENSSL_NO_DSA
> > +# define OPENSSL_NO_DSA
> > +#endif
> > +#ifndef OPENSSL_NO_IDEA
> > +# define OPENSSL_NO_IDEA
> > +#endif
> > +#ifndef OPENSSL_NO_MD2
> > +# define OPENSSL_NO_MD2
> > +#endif
> > +#ifndef OPENSSL_NO_MD4
> > +# define OPENSSL_NO_MD4
> > +#endif
> > +#ifndef OPENSSL_NO_MDC2
> > +# define OPENSSL_NO_MDC2
> > +#endif
> > +#ifndef OPENSSL_NO_POLY1305
> > +# define OPENSSL_NO_POLY1305
> > +#endif
> > +#ifndef OPENSSL_NO_RC2
> > +# define OPENSSL_NO_RC2
> > +#endif
> > +#ifndef OPENSSL_NO_RC4
> > +# define OPENSSL_NO_RC4
> > +#endif
> > +#ifndef OPENSSL_NO_RC5
> > +# define OPENSSL_NO_RC5
> > +#endif
> > +#ifndef OPENSSL_NO_RMD160
> > +# define OPENSSL_NO_RMD160
> > +#endif
> > +#ifndef OPENSSL_NO_SEED
> > +# define OPENSSL_NO_SEED
> > +#endif
> > +#ifndef OPENSSL_NO_SRP
> > +# define OPENSSL_NO_SRP
> > +#endif
> > +#ifndef OPENSSL_NO_TS
> > +# define OPENSSL_NO_TS
> > +#endif
> > +#ifndef OPENSSL_NO_WHIRLPOOL
> > +# define OPENSSL_NO_WHIRLPOOL
> > +#endif
> > +#ifndef OPENSSL_RAND_SEED_NONE
> > +# define OPENSSL_RAND_SEED_NONE
> > +#endif
> > +#ifndef OPENSSL_NO_AFALGENG
> > +# define OPENSSL_NO_AFALGENG
> > +#endif
> > +#ifndef OPENSSL_NO_APPS
> > +# define OPENSSL_NO_APPS
> > +#endif
> > +#ifndef OPENSSL_NO_ASAN
> > +# define OPENSSL_NO_ASAN
> > +#endif
> > +#ifndef OPENSSL_NO_ASYNC
> > +# define OPENSSL_NO_ASYNC
> > +#endif
> > +#ifndef OPENSSL_NO_AUTOERRINIT
> > +# define OPENSSL_NO_AUTOERRINIT
> > +#endif
> > +#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
> > +# define OPENSSL_NO_AUTOLOAD_CONFIG
> > +#endif
> > +#ifndef OPENSSL_NO_CAPIENG
> > +# define OPENSSL_NO_CAPIENG
> > +#endif
> > +#ifndef OPENSSL_NO_CRYPTO_MDEBUG
> > +# define OPENSSL_NO_CRYPTO_MDEBUG
> > +#endif
> > +#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> > +# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> > +#endif
> > +#ifndef OPENSSL_NO_DEPRECATED
> > +# define OPENSSL_NO_DEPRECATED
> > +#endif
> > +#ifndef OPENSSL_NO_DEVCRYPTOENG
> > +# define OPENSSL_NO_DEVCRYPTOENG
> > +#endif
> > +#ifndef OPENSSL_NO_DGRAM
> > +# define OPENSSL_NO_DGRAM
> > +#endif
> > +#ifndef OPENSSL_NO_DTLS
> > +# define OPENSSL_NO_DTLS
> > +#endif
> > +#ifndef OPENSSL_NO_DTLS1
> > +# define OPENSSL_NO_DTLS1
> > +#endif
> > +#ifndef OPENSSL_NO_DTLS1_2
> > +# define OPENSSL_NO_DTLS1_2
> > +#endif
> > +#ifndef OPENSSL_NO_EC2M
> > +# define OPENSSL_NO_EC2M
> > +#endif
> > +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
> > +# define OPENSSL_NO_EC_NISTP_64_GCC_128
> > +#endif
> > +#ifndef OPENSSL_NO_EGD
> > +# define OPENSSL_NO_EGD
> > +#endif
> > +#ifndef OPENSSL_NO_ENGINE
> > +# define OPENSSL_NO_ENGINE
> > +#endif
> > +#ifndef OPENSSL_NO_ERR
> > +# define OPENSSL_NO_ERR
> > +#endif
> > +#ifndef OPENSSL_NO_EXTERNAL_TESTS
> > +# define OPENSSL_NO_EXTERNAL_TESTS
> > +#endif
> > +#ifndef OPENSSL_NO_FILENAMES
> > +# define OPENSSL_NO_FILENAMES
> > +#endif
> > +#ifndef OPENSSL_NO_FUZZ_AFL
> > +# define OPENSSL_NO_FUZZ_AFL
> > +#endif
> > +#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
> > +# define OPENSSL_NO_FUZZ_LIBFUZZER
> > +#endif
> > +#ifndef OPENSSL_NO_GOST
> > +# define OPENSSL_NO_GOST
> > +#endif
> > +#ifndef OPENSSL_NO_HEARTBEATS
> > +# define OPENSSL_NO_HEARTBEATS
> > +#endif
> > +#ifndef OPENSSL_NO_HW
> > +# define OPENSSL_NO_HW
> > +#endif
> > +#ifndef OPENSSL_NO_MSAN
> > +# define OPENSSL_NO_MSAN
> > +#endif
> > +#ifndef OPENSSL_NO_OCB
> > +# define OPENSSL_NO_OCB
> > +#endif
> > +#ifndef OPENSSL_NO_POSIX_IO
> > +# define OPENSSL_NO_POSIX_IO
> > +#endif
> > +#ifndef OPENSSL_NO_RFC3779
> > +# define OPENSSL_NO_RFC3779
> > +#endif
> > +#ifndef OPENSSL_NO_SCRYPT
> > +# define OPENSSL_NO_SCRYPT
> > +#endif
> > +#ifndef OPENSSL_NO_SCTP
> > +# define OPENSSL_NO_SCTP
> > +#endif
> > +#ifndef OPENSSL_NO_SOCK
> > +# define OPENSSL_NO_SOCK
> > +#endif
> > +#ifndef OPENSSL_NO_SSL_TRACE
> > +# define OPENSSL_NO_SSL_TRACE
> > +#endif
> > +#ifndef OPENSSL_NO_SSL3
> > +# define OPENSSL_NO_SSL3
> > +#endif
> > +#ifndef OPENSSL_NO_SSL3_METHOD
> > +# define OPENSSL_NO_SSL3_METHOD
> > +#endif
> > +#ifndef OPENSSL_NO_STDIO
> > +# define OPENSSL_NO_STDIO
> > +#endif
> > +#ifndef OPENSSL_NO_TESTS
> > +# define OPENSSL_NO_TESTS
> > +#endif
> > +#ifndef OPENSSL_NO_UBSAN
> > +# define OPENSSL_NO_UBSAN
> > +#endif
> > +#ifndef OPENSSL_NO_UI_CONSOLE
> > +# define OPENSSL_NO_UI_CONSOLE
> > +#endif
> > +#ifndef OPENSSL_NO_UNIT_TEST
> > +# define OPENSSL_NO_UNIT_TEST
> > +#endif
> > +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> > +# define OPENSSL_NO_WEAK_SSL_CIPHERS
> > +#endif
> > +#ifndef OPENSSL_NO_DYNAMIC_ENGINE
> > +# define OPENSSL_NO_DYNAMIC_ENGINE
> > +#endif
> > +
> > +
> > +/*
> > + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
> > + * don't like that. This will hopefully silence them.
> > + */
> > +#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
> > +
> > +/*
> > + * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
> > + * declarations of functions deprecated in or before <version>. Otherwise,
> > they
> > + * still won't see them if the library has been built to disable deprecated
> > + * functions.
> > + */
> > +#ifndef DECLARE_DEPRECATED
> > +# define DECLARE_DEPRECATED(f) f;
> > +# ifdef __GNUC__
> > +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> > +# undef DECLARE_DEPRECATED
> > +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> > +# endif
> > +#elif defined(__SUNPRO_C)
> > +#if (__SUNPRO_C >= 0x5130)
> > +#undef DECLARE_DEPRECATED
> > +#define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> > +#endif
> > # endif
> > -# ifndef OPENSSL_NO_SM2
> > -# define OPENSSL_NO_SM2
> > +#endif
> > +
> > +#ifndef OPENSSL_FILE
> > +# ifdef OPENSSL_NO_FILENAMES
> > +# define OPENSSL_FILE ""
> > +# define OPENSSL_LINE 0
> > +# else
> > +# define OPENSSL_FILE __FILE__
> > +# define OPENSSL_LINE __LINE__
> > # endif
> > #endif
> > -/* Autogenerated conditional openssl feature list ends here */
> > +
> > +#ifndef OPENSSL_MIN_API
> > +# define OPENSSL_MIN_API 0
> > +#endif
> > +
> > +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
> > +# undef OPENSSL_API_COMPAT
> > +# define OPENSSL_API_COMPAT OPENSSL_MIN_API
> > +#endif
> > +
> > +/*
> > + * Do not deprecate things to be deprecated in version 1.2.0 before the
> > + * OpenSSL version number matches.
> > + */
> > +#if OPENSSL_VERSION_NUMBER < 0x10200000L
> > +# define DEPRECATEDIN_1_2_0(f) f;
> > +#elif OPENSSL_API_COMPAT < 0x10200000L
> > +# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f)
> > +#else
> > +# define DEPRECATEDIN_1_2_0(f)
> > +#endif
> > +
> > +#if OPENSSL_API_COMPAT < 0x10100000L
> > +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
> > +#else
> > +# define DEPRECATEDIN_1_1_0(f)
> > +#endif
> > +
> > +#if OPENSSL_API_COMPAT < 0x10000000L
> > +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
> > +#else
> > +# define DEPRECATEDIN_1_0_0(f)
> > +#endif
> > +
> > +#if OPENSSL_API_COMPAT < 0x00908000L
> > +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
> > +#else
> > +# define DEPRECATEDIN_0_9_8(f)
> > +#endif
> > +
> > +/* Generate 80386 code? */
> > +#undef I386_ONLY
> > +
> > +#undef OPENSSL_UNISTD
> > +#define OPENSSL_UNISTD <unistd.h>
> > +
> > +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
> > +
> > +/*
> > + * The following are cipher-specific, but are part of the public API.
> > + */
> > +#if !defined(OPENSSL_SYS_UEFI)
> > +# undef BN_LLONG
> > +/* Only one for the following should be defined */
> > +# undef SIXTY_FOUR_BIT_LONG
> > +# undef SIXTY_FOUR_BIT
> > +# define THIRTY_TWO_BIT
> > +#endif
> > +
> > +#define RC4_INT unsigned int
> >
> > #ifdef __cplusplus
> > }
> > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> > b/CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> > deleted file mode 100644
> > index 09a6641ffcf9..000000000000
> > --- a/CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> > +++ /dev/null
> > @@ -1,333 +0,0 @@
> > -/*
> > - * WARNING: do not edit!
> > - * Generated from include/openssl/opensslconf.h.in
> > - *
> > - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
> > - *
> > - * Licensed under the OpenSSL license (the "License"). You may not use
> > - * this file except in compliance with the License. You can obtain a copy
> > - * in the file LICENSE in the source distribution or at
> > - * https://www.openssl.org/source/license.html
> > - */
> > -
> > -#include <openssl/opensslv.h>
> > -
> > -#ifdef __cplusplus
> > -extern "C" {
> > -#endif
> > -
> > -#ifdef OPENSSL_ALGORITHM_DEFINES
> > -# error OPENSSL_ALGORITHM_DEFINES no longer supported
> > -#endif
> > -
> > -/*
> > - * OpenSSL was configured with the following options:
> > - */
> > -
> > -#ifndef OPENSSL_SYS_UEFI
> > -# define OPENSSL_SYS_UEFI 1
> > -#endif
> > -#define OPENSSL_MIN_API 0x10100000L
> > -#ifndef OPENSSL_NO_BF
> > -# define OPENSSL_NO_BF
> > -#endif
> > -#ifndef OPENSSL_NO_BLAKE2
> > -# define OPENSSL_NO_BLAKE2
> > -#endif
> > -#ifndef OPENSSL_NO_CAMELLIA
> > -# define OPENSSL_NO_CAMELLIA
> > -#endif
> > -#ifndef OPENSSL_NO_CAST
> > -# define OPENSSL_NO_CAST
> > -#endif
> > -#ifndef OPENSSL_NO_CHACHA
> > -# define OPENSSL_NO_CHACHA
> > -#endif
> > -#ifndef OPENSSL_NO_CMS
> > -# define OPENSSL_NO_CMS
> > -#endif
> > -#ifndef OPENSSL_NO_CT
> > -# define OPENSSL_NO_CT
> > -#endif
> > -#ifndef OPENSSL_NO_DES
> > -# define OPENSSL_NO_DES
> > -#endif
> > -#ifndef OPENSSL_NO_DSA
> > -# define OPENSSL_NO_DSA
> > -#endif
> > -#ifndef OPENSSL_NO_IDEA
> > -# define OPENSSL_NO_IDEA
> > -#endif
> > -#ifndef OPENSSL_NO_MD2
> > -# define OPENSSL_NO_MD2
> > -#endif
> > -#ifndef OPENSSL_NO_MD4
> > -# define OPENSSL_NO_MD4
> > -#endif
> > -#ifndef OPENSSL_NO_MDC2
> > -# define OPENSSL_NO_MDC2
> > -#endif
> > -#ifndef OPENSSL_NO_POLY1305
> > -# define OPENSSL_NO_POLY1305
> > -#endif
> > -#ifndef OPENSSL_NO_RC2
> > -# define OPENSSL_NO_RC2
> > -#endif
> > -#ifndef OPENSSL_NO_RC4
> > -# define OPENSSL_NO_RC4
> > -#endif
> > -#ifndef OPENSSL_NO_RC5
> > -# define OPENSSL_NO_RC5
> > -#endif
> > -#ifndef OPENSSL_NO_RMD160
> > -# define OPENSSL_NO_RMD160
> > -#endif
> > -#ifndef OPENSSL_NO_SEED
> > -# define OPENSSL_NO_SEED
> > -#endif
> > -#ifndef OPENSSL_NO_SRP
> > -# define OPENSSL_NO_SRP
> > -#endif
> > -#ifndef OPENSSL_NO_TS
> > -# define OPENSSL_NO_TS
> > -#endif
> > -#ifndef OPENSSL_NO_WHIRLPOOL
> > -# define OPENSSL_NO_WHIRLPOOL
> > -#endif
> > -#ifndef OPENSSL_RAND_SEED_NONE
> > -# define OPENSSL_RAND_SEED_NONE
> > -#endif
> > -#ifndef OPENSSL_NO_AFALGENG
> > -# define OPENSSL_NO_AFALGENG
> > -#endif
> > -#ifndef OPENSSL_NO_APPS
> > -# define OPENSSL_NO_APPS
> > -#endif
> > -#ifndef OPENSSL_NO_ASAN
> > -# define OPENSSL_NO_ASAN
> > -#endif
> > -#ifndef OPENSSL_NO_ASYNC
> > -# define OPENSSL_NO_ASYNC
> > -#endif
> > -#ifndef OPENSSL_NO_AUTOERRINIT
> > -# define OPENSSL_NO_AUTOERRINIT
> > -#endif
> > -#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
> > -# define OPENSSL_NO_AUTOLOAD_CONFIG
> > -#endif
> > -#ifndef OPENSSL_NO_CAPIENG
> > -# define OPENSSL_NO_CAPIENG
> > -#endif
> > -#ifndef OPENSSL_NO_CRYPTO_MDEBUG
> > -# define OPENSSL_NO_CRYPTO_MDEBUG
> > -#endif
> > -#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> > -# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> > -#endif
> > -#ifndef OPENSSL_NO_DEPRECATED
> > -# define OPENSSL_NO_DEPRECATED
> > -#endif
> > -#ifndef OPENSSL_NO_DEVCRYPTOENG
> > -# define OPENSSL_NO_DEVCRYPTOENG
> > -#endif
> > -#ifndef OPENSSL_NO_DGRAM
> > -# define OPENSSL_NO_DGRAM
> > -#endif
> > -#ifndef OPENSSL_NO_DTLS
> > -# define OPENSSL_NO_DTLS
> > -#endif
> > -#ifndef OPENSSL_NO_DTLS1
> > -# define OPENSSL_NO_DTLS1
> > -#endif
> > -#ifndef OPENSSL_NO_DTLS1_2
> > -# define OPENSSL_NO_DTLS1_2
> > -#endif
> > -#ifndef OPENSSL_NO_EC2M
> > -# define OPENSSL_NO_EC2M
> > -#endif
> > -#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
> > -# define OPENSSL_NO_EC_NISTP_64_GCC_128
> > -#endif
> > -#ifndef OPENSSL_NO_EGD
> > -# define OPENSSL_NO_EGD
> > -#endif
> > -#ifndef OPENSSL_NO_ENGINE
> > -# define OPENSSL_NO_ENGINE
> > -#endif
> > -#ifndef OPENSSL_NO_ERR
> > -# define OPENSSL_NO_ERR
> > -#endif
> > -#ifndef OPENSSL_NO_EXTERNAL_TESTS
> > -# define OPENSSL_NO_EXTERNAL_TESTS
> > -#endif
> > -#ifndef OPENSSL_NO_FILENAMES
> > -# define OPENSSL_NO_FILENAMES
> > -#endif
> > -#ifndef OPENSSL_NO_FUZZ_AFL
> > -# define OPENSSL_NO_FUZZ_AFL
> > -#endif
> > -#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
> > -# define OPENSSL_NO_FUZZ_LIBFUZZER
> > -#endif
> > -#ifndef OPENSSL_NO_GOST
> > -# define OPENSSL_NO_GOST
> > -#endif
> > -#ifndef OPENSSL_NO_HEARTBEATS
> > -# define OPENSSL_NO_HEARTBEATS
> > -#endif
> > -#ifndef OPENSSL_NO_HW
> > -# define OPENSSL_NO_HW
> > -#endif
> > -#ifndef OPENSSL_NO_MSAN
> > -# define OPENSSL_NO_MSAN
> > -#endif
> > -#ifndef OPENSSL_NO_OCB
> > -# define OPENSSL_NO_OCB
> > -#endif
> > -#ifndef OPENSSL_NO_POSIX_IO
> > -# define OPENSSL_NO_POSIX_IO
> > -#endif
> > -#ifndef OPENSSL_NO_RFC3779
> > -# define OPENSSL_NO_RFC3779
> > -#endif
> > -#ifndef OPENSSL_NO_SCRYPT
> > -# define OPENSSL_NO_SCRYPT
> > -#endif
> > -#ifndef OPENSSL_NO_SCTP
> > -# define OPENSSL_NO_SCTP
> > -#endif
> > -#ifndef OPENSSL_NO_SOCK
> > -# define OPENSSL_NO_SOCK
> > -#endif
> > -#ifndef OPENSSL_NO_SSL_TRACE
> > -# define OPENSSL_NO_SSL_TRACE
> > -#endif
> > -#ifndef OPENSSL_NO_SSL3
> > -# define OPENSSL_NO_SSL3
> > -#endif
> > -#ifndef OPENSSL_NO_SSL3_METHOD
> > -# define OPENSSL_NO_SSL3_METHOD
> > -#endif
> > -#ifndef OPENSSL_NO_STDIO
> > -# define OPENSSL_NO_STDIO
> > -#endif
> > -#ifndef OPENSSL_NO_TESTS
> > -# define OPENSSL_NO_TESTS
> > -#endif
> > -#ifndef OPENSSL_NO_UBSAN
> > -# define OPENSSL_NO_UBSAN
> > -#endif
> > -#ifndef OPENSSL_NO_UI_CONSOLE
> > -# define OPENSSL_NO_UI_CONSOLE
> > -#endif
> > -#ifndef OPENSSL_NO_UNIT_TEST
> > -# define OPENSSL_NO_UNIT_TEST
> > -#endif
> > -#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> > -# define OPENSSL_NO_WEAK_SSL_CIPHERS
> > -#endif
> > -#ifndef OPENSSL_NO_DYNAMIC_ENGINE
> > -# define OPENSSL_NO_DYNAMIC_ENGINE
> > -#endif
> > -
> > -
> > -/*
> > - * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
> > - * don't like that. This will hopefully silence them.
> > - */
> > -#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
> > -
> > -/*
> > - * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
> > - * declarations of functions deprecated in or before <version>. Otherwise,
> > they
> > - * still won't see them if the library has been built to disable deprecated
> > - * functions.
> > - */
> > -#ifndef DECLARE_DEPRECATED
> > -# define DECLARE_DEPRECATED(f) f;
> > -# ifdef __GNUC__
> > -# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> > -# undef DECLARE_DEPRECATED
> > -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> > -# endif
> > -# elif defined(__SUNPRO_C)
> > -# if (__SUNPRO_C >= 0x5130)
> > -# undef DECLARE_DEPRECATED
> > -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
> > -# endif
> > -# endif
> > -#endif
> > -
> > -#ifndef OPENSSL_FILE
> > -# ifdef OPENSSL_NO_FILENAMES
> > -# define OPENSSL_FILE ""
> > -# define OPENSSL_LINE 0
> > -# else
> > -# define OPENSSL_FILE __FILE__
> > -# define OPENSSL_LINE __LINE__
> > -# endif
> > -#endif
> > -
> > -#ifndef OPENSSL_MIN_API
> > -# define OPENSSL_MIN_API 0
> > -#endif
> > -
> > -#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
> > -# undef OPENSSL_API_COMPAT
> > -# define OPENSSL_API_COMPAT OPENSSL_MIN_API
> > -#endif
> > -
> > -/*
> > - * Do not deprecate things to be deprecated in version 1.2.0 before the
> > - * OpenSSL version number matches.
> > - */
> > -#if OPENSSL_VERSION_NUMBER < 0x10200000L
> > -# define DEPRECATEDIN_1_2_0(f) f;
> > -#elif OPENSSL_API_COMPAT < 0x10200000L
> > -# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f)
> > -#else
> > -# define DEPRECATEDIN_1_2_0(f)
> > -#endif
> > -
> > -#if OPENSSL_API_COMPAT < 0x10100000L
> > -# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
> > -#else
> > -# define DEPRECATEDIN_1_1_0(f)
> > -#endif
> > -
> > -#if OPENSSL_API_COMPAT < 0x10000000L
> > -# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
> > -#else
> > -# define DEPRECATEDIN_1_0_0(f)
> > -#endif
> > -
> > -#if OPENSSL_API_COMPAT < 0x00908000L
> > -# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
> > -#else
> > -# define DEPRECATEDIN_0_9_8(f)
> > -#endif
> > -
> > -/* Generate 80386 code? */
> > -#undef I386_ONLY
> > -
> > -#undef OPENSSL_UNISTD
> > -#define OPENSSL_UNISTD <unistd.h>
> > -
> > -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
> > -
> > -/*
> > - * The following are cipher-specific, but are part of the public API.
> > - */
> > -#if !defined(OPENSSL_SYS_UEFI)
> > -# undef BN_LLONG
> > -/* Only one for the following should be defined */
> > -# undef SIXTY_FOUR_BIT_LONG
> > -# undef SIXTY_FOUR_BIT
> > -# define THIRTY_TWO_BIT
> > -#endif
> > -
> > -#define RC4_INT unsigned int
> > -
> > -#ifdef __cplusplus
> > -}
> > -#endif
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > index c899b811b149..7d4b729bf7c7 100644
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > @@ -1,5 +1,5 @@
> > ## @file
> > -# This module provides OpenSSL Library implementation.
> > +# This module provides OpenSSL Library implementation with TLS features.
> > #
> > # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
> > # (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > @@ -15,14 +15,18 @@ [Defines]
> > MODULE_TYPE = BASE
> > VERSION_STRING = 1.0
> > LIBRARY_CLASS = OpensslLib
> > + CONSTRUCTOR = OpensslLibConstructor
> > +
> > DEFINE OPENSSL_PATH = openssl
> > - DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> > D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM
> > + DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> > D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_EC -
> > DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_TLS1_3 -DOPENSSL_NO_SM2 -
> > DOPENSSL_NO_ASM
> > + DEFINE OPENSSL_FLAGS_CONFIG =
> >
> > #
> > # VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
> > #
> >
> > [Sources]
> > + OpensslLibConstructor.c
> > $(OPENSSL_PATH)/e_os.h
> > $(OPENSSL_PATH)/ms/uplink.h
> > # Autogenerated files list starts here
> > @@ -199,43 +203,43 @@ [Sources]
> > $(OPENSSL_PATH)/crypto/dso/dso_vms.c
> > $(OPENSSL_PATH)/crypto/dso/dso_win32.c
> > $(OPENSSL_PATH)/crypto/ebcdic.c
> > - $(OPENSSL_PATH)/crypto/ec/curve25519.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_check.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_err.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_key.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_print.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > +# $(OPENSSL_PATH)/crypto/ec/curve25519.c
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_check.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_err.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_key.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_print.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> > +# $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> > $(OPENSSL_PATH)/crypto/err/err.c
> > $(OPENSSL_PATH)/crypto/err/err_prn.c
> > $(OPENSSL_PATH)/crypto/evp/bio_b64.c
> > @@ -421,10 +425,10 @@ [Sources]
> > $(OPENSSL_PATH)/crypto/siphash/siphash.c
> > $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
> > $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > +# $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> > +# $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> > +# $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> > +# $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> > $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
> > $(OPENSSL_PATH)/crypto/sm3/sm3.c
> > $(OPENSSL_PATH)/crypto/sm4/sm4.c
> > @@ -537,15 +541,15 @@ [Sources]
> > $(OPENSSL_PATH)/crypto/conf/conf_local.h
> > $(OPENSSL_PATH)/crypto/dh/dh_local.h
> > $(OPENSSL_PATH)/crypto/dso/dso_local.h
> > - $(OPENSSL_PATH)/crypto/ec/ec_local.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > +# $(OPENSSL_PATH)/crypto/ec/ec_local.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> > $(OPENSSL_PATH)/crypto/evp/evp_local.h
> > $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> > $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> > @@ -637,15 +641,13 @@ [LibraryClasses]
> > [LibraryClasses.ARM]
> > ArmSoftFloatLib
> >
> > -[FixedPcd]
> > - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
> > -
> > [BuildOptions]
> > #
> > # Disables the following Visual Studio compiler warnings brought by
> > openssl source,
> > # so we do not break the build with /WX option:
> > # C4090: 'function' : different 'const' qualifiers
> > # C4132: 'object' : const object should be initialized (tls13_enc.c)
> > + # C4210: nonstandard extension used: function given file scope
> > # C4244: conversion from type1 to type2, possible loss of data
> > # C4245: conversion from type1 to type2, signed/unsigned mismatch
> > # C4267: conversion from size_t to type, possible loss of data
> > @@ -657,11 +659,11 @@ [BuildOptions]
> > # C4706: assignment within conditional expression
> > # C4819: The file contains a character that cannot be represented in the
> > current code page
> > #
> > - MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> > /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702
> > /wd4706 /wd4819
> > - MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> > /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389
> > /wd4702 /wd4706 /wd4819
> > + MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> > /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
> > + MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> > /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
> >
> > - INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> > $(OPENSSL_FLAGS) /w
> > - INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> > $(OPENSSL_FLAGS) /w
> > + INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> > $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> > + INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> > $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> >
> > #
> > # Suppress the following build warnings in openssl so we don't break the
> > build with -Werror
> > @@ -670,10 +672,10 @@ [BuildOptions]
> > # types appropriate to the format string specified.
> > # -Werror=unused-but-set-variable: Warn whenever a local variable is
> > assigned to, but otherwise unused (aside from its declaration).
> > #
> > - GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-
> > error=maybe-uninitialized -Wno-error=unused-but-set-variable
> > - GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-
> > error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-
> > but-set-variable -DNO_MSABI_VA_FUNCS
> > + GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-
> > set-variable
> > + GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -
> > Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
> > GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> > -Wno-error=unused-but-set-variable
> > - GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> > -Wno-format -Wno-error=unused-but-set-variable
> > + GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> > -Wno-format -Wno-error=unused-but-set-variable -Wno-error=format
> > GCC:*_*_RISCV64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> > -Wno-format -Wno-error=unused-but-set-variable
> > GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> > GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> > @@ -698,8 +700,8 @@ [BuildOptions]
> > # 1: ignore "#1-D: last line of file ends without a newline"
> > # 3017: <entity> may be used before being set (NOTE: This was fixed in
> > OpenSSL 1.1 HEAD with
> > # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be
> > dropped then.)
> > - XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > -w -std=c99 -Wno-error=uninitialized
> > - XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > -w -std=c99 -Wno-error=uninitialized
> > + XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> > + XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> >
> > #
> > # AARCH64 uses strict alignment and avoids SIMD registers for code that
> > may execute
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.uni
> > b/CryptoPkg/Library/OpensslLib/OpensslLib.uni
> > index abaff8a3c37f..6b62c46040f9 100644
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.uni
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.uni
> > @@ -1,7 +1,5 @@
> > // /** @file
> > -// This module provides openSSL Library implementation.
> > -//
> > -// This module provides OpenSSL Library implementation.
> > +// This module provides OpenSSL Library implementation with TLS features.
> > //
> > // Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
> > //
> > @@ -9,8 +7,6 @@
> > //
> > // **/
> >
> > +#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library
> > implementation with TLS features."
> >
> > -#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library
> > implementation"
> > -
> > -#string STR_MODULE_DESCRIPTION #language en-US "This module
> > provides OpenSSL Library implementation."
> > -
> > +#string STR_MODULE_DESCRIPTION #language en-US "This module
> > provides OpenSSL Library implementation with TLS features."
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf
> > b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
> > similarity index 79%
> > rename from CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf
> > rename to CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
> > index b6ee718edeff..b552b011e2bf 100644
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
> > @@ -1,5 +1,7 @@
> > ## @file
> > -# This module provides OpenSSL Library implementation.
> > +# This module provides OpenSSL Library implementation with TLS features
> > +# along with performance optimized implementations of SHA1, SHA256, SHA512,
> > +# AESNI, VPAED, and GHASH for IA32 and X64.
> > #
> > # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
> > # (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > @@ -9,33 +11,27 @@
> >
> > [Defines]
> > INF_VERSION = 0x00010005
> > - BASE_NAME = OpensslLibIa32
> > - MODULE_UNI_FILE = OpensslLib.uni
> > - FILE_GUID = 5805D1D4-F8EE-4FBA-BDD8-74465F16A534
> > + BASE_NAME = OpensslLibAccel
> > + MODULE_UNI_FILE = OpensslLibAccel.uni
> > + FILE_GUID = 96A34760-B04A-44EB-9680-AC7606E9776B
> > MODULE_TYPE = BASE
> > VERSION_STRING = 1.0
> > LIBRARY_CLASS = OpensslLib
> > + CONSTRUCTOR = OpensslLibConstructor
> > +
> > DEFINE OPENSSL_PATH = openssl
> > - DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> > D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
> > + DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> > D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_EC -
> > DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_TLS1_3 -DOPENSSL_NO_SM2
> > DEFINE OPENSSL_FLAGS_CONFIG = -DOPENSSL_CPUID_OBJ -DSHA1_ASM -
> > DSHA256_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
> > - CONSTRUCTOR = OpensslLibConstructor
> >
> > #
> > -# VALID_ARCHITECTURES = IA32
> > +# VALID_ARCHITECTURES = IA32 X64
> > #
> >
> > -[Sources.IA32]
> > +[Sources]
> > OpensslLibConstructor.c
> > $(OPENSSL_PATH)/e_os.h
> > $(OPENSSL_PATH)/ms/uplink.h
> > # Autogenerated files list starts here
> > - IA32/crypto/aes/aesni-x86.nasm
> > - IA32/crypto/aes/vpaes-x86.nasm
> > - IA32/crypto/modes/ghash-x86.nasm
> > - IA32/crypto/sha/sha1-586.nasm
> > - IA32/crypto/sha/sha256-586.nasm
> > - IA32/crypto/sha/sha512-586.nasm
> > - IA32/crypto/x86cpuid.nasm
> > $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
> > $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
> > $(OPENSSL_PATH)/crypto/aes/aes_core.c
> > @@ -209,43 +205,43 @@ [Sources.IA32]
> > $(OPENSSL_PATH)/crypto/dso/dso_vms.c
> > $(OPENSSL_PATH)/crypto/dso/dso_win32.c
> > $(OPENSSL_PATH)/crypto/ebcdic.c
> > - $(OPENSSL_PATH)/crypto/ec/curve25519.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_check.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_err.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_key.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_print.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > +# $(OPENSSL_PATH)/crypto/ec/curve25519.c
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_check.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_err.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_key.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_print.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> > +# $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> > $(OPENSSL_PATH)/crypto/err/err.c
> > $(OPENSSL_PATH)/crypto/err/err_prn.c
> > $(OPENSSL_PATH)/crypto/evp/bio_b64.c
> > @@ -324,6 +320,7 @@ [Sources.IA32]
> > $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
> > $(OPENSSL_PATH)/crypto/md5/md5_one.c
> > $(OPENSSL_PATH)/crypto/mem.c
> > +# $(OPENSSL_PATH)/crypto/mem_clr.c # Replaced by assembly optimized
> > NASM/S files
> > $(OPENSSL_PATH)/crypto/mem_dbg.c
> > $(OPENSSL_PATH)/crypto/mem_sec.c
> > $(OPENSSL_PATH)/crypto/modes/cbc128.c
> > @@ -430,10 +427,10 @@ [Sources.IA32]
> > $(OPENSSL_PATH)/crypto/siphash/siphash.c
> > $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
> > $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > +# $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> > +# $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> > +# $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> > +# $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> > $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
> > $(OPENSSL_PATH)/crypto/sm3/sm3.c
> > $(OPENSSL_PATH)/crypto/sm4/sm4.c
> > @@ -546,15 +543,15 @@ [Sources.IA32]
> > $(OPENSSL_PATH)/crypto/conf/conf_local.h
> > $(OPENSSL_PATH)/crypto/dh/dh_local.h
> > $(OPENSSL_PATH)/crypto/dso/dso_local.h
> > - $(OPENSSL_PATH)/crypto/ec/ec_local.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > +# $(OPENSSL_PATH)/crypto/ec/ec_local.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> > $(OPENSSL_PATH)/crypto/evp/evp_local.h
> > $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> > $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> > @@ -633,6 +630,53 @@ [Sources.IA32]
> > ossl_store.c
> > rand_pool.c
> >
> > +[Sources.IA32]
> > + IA32/crypto/aes/aesni-x86.nasm | MSFT
> > + IA32/crypto/aes/vpaes-x86.nasm | MSFT
> > + IA32/crypto/modes/ghash-x86.nasm | MSFT
> > + IA32/crypto/sha/sha1-586.nasm | MSFT
> > + IA32/crypto/sha/sha256-586.nasm | MSFT
> > + IA32/crypto/sha/sha512-586.nasm | MSFT
> > + IA32/crypto/x86cpuid.nasm | MSFT
> > +
> > + IA32Gcc/crypto/aes/aesni-x86.S | GCC
> > + IA32Gcc/crypto/aes/vpaes-x86.S | GCC
> > + IA32Gcc/crypto/modes/ghash-x86.S | GCC
> > + IA32Gcc/crypto/sha/sha1-586.S | GCC
> > + IA32Gcc/crypto/sha/sha256-586.S | GCC
> > + IA32Gcc/crypto/sha/sha512-586.S | GCC
> > + IA32Gcc/crypto/x86cpuid.S | GCC
> > +
> > +[Sources.X64]
> > + X64/ApiHooks.c
> > + X64/crypto/aes/aesni-mb-x86_64.nasm | MSFT
> > + X64/crypto/aes/aesni-sha1-x86_64.nasm | MSFT
> > + X64/crypto/aes/aesni-sha256-x86_64.nasm | MSFT
> > + X64/crypto/aes/aesni-x86_64.nasm | MSFT
> > + X64/crypto/aes/vpaes-x86_64.nasm | MSFT
> > + X64/crypto/modes/aesni-gcm-x86_64.nasm | MSFT
> > + X64/crypto/modes/ghash-x86_64.nasm | MSFT
> > + X64/crypto/sha/sha1-mb-x86_64.nasm | MSFT
> > + X64/crypto/sha/sha1-x86_64.nasm | MSFT
> > + X64/crypto/sha/sha256-mb-x86_64.nasm | MSFT
> > + X64/crypto/sha/sha256-x86_64.nasm | MSFT
> > + X64/crypto/sha/sha512-x86_64.nasm | MSFT
> > + X64/crypto/x86_64cpuid.nasm | MSFT
> > +
> > + X64Gcc/crypto/aes/aesni-mb-x86_64.S | GCC
> > + X64Gcc/crypto/aes/aesni-sha1-x86_64.S | GCC
> > + X64Gcc/crypto/aes/aesni-sha256-x86_64.S | GCC
> > + X64Gcc/crypto/aes/aesni-x86_64.S | GCC
> > + X64Gcc/crypto/aes/vpaes-x86_64.S | GCC
> > + X64Gcc/crypto/modes/aesni-gcm-x86_64.S | GCC
> > + X64Gcc/crypto/modes/ghash-x86_64.S | GCC
> > + X64Gcc/crypto/sha/sha1-mb-x86_64.S | GCC
> > + X64Gcc/crypto/sha/sha1-x86_64.S | GCC
> > + X64Gcc/crypto/sha/sha256-mb-x86_64.S | GCC
> > + X64Gcc/crypto/sha/sha256-x86_64.S | GCC
> > + X64Gcc/crypto/sha/sha512-x86_64.S | GCC
> > + X64Gcc/crypto/x86_64cpuid.S | GCC
> > +
> > [Packages]
> > MdePkg/MdePkg.dec
> > CryptoPkg/CryptoPkg.dec
> > @@ -643,9 +687,6 @@ [LibraryClasses]
> > RngLib
> > PrintLib
> >
> > -[FixedPcd]
> > - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
> > -
> > [BuildOptions]
> > #
> > # Disables the following Visual Studio compiler warnings brought by
> > openssl source,
> > @@ -665,8 +706,10 @@ [BuildOptions]
> > # C4819: The file contains a character that cannot be represented in the
> > current code page
> > #
> > MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> > /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
> > + MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> > /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
> >
> > INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> > $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> > + INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> > $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> >
> > #
> > # Suppress the following build warnings in openssl so we don't break the
> > build with -Werror
> > @@ -675,7 +718,11 @@ [BuildOptions]
> > # types appropriate to the format string specified.
> > # -Werror=unused-but-set-variable: Warn whenever a local variable is
> > assigned to, but otherwise unused (aside from its declaration).
> > #
> > - GCC:*_*_IA32_CC_FLAGS = -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-
> > set-variable
> > + GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-
> > set-variable
> > + GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -
> > Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
> > + GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> > + GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> > + GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized -Wno-
> > error=incompatible-pointer-types -Wno-error=pointer-sign -Wno-error=implicit-
> > function-declaration -Wno-error=ignored-pragma-optimize
> >
> > # suppress the following warnings in openssl so we don't break the build
> > with warnings-as-errors:
> > # 1295: Deprecated declaration <entity> - give arg types
> > @@ -697,3 +744,4 @@ [BuildOptions]
> > # 3017: <entity> may be used before being set (NOTE: This was fixed in
> > OpenSSL 1.1 HEAD with
> > # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be
> > dropped then.)
> > XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> > + XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> > b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> > new file mode 100644
> > index 000000000000..e547a0c1e816
> > --- /dev/null
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> > @@ -0,0 +1,14 @@
> > +// /** @file
> > +// This module provides OpenSSL Library implementation with TLS features
> > +// along with performance optimized implementations of SHA1, SHA256, SHA512,
> > +// AESNI, VPAED, and GHASH for IA32 and X64.
> > +//
> > +// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
> > +//
> > +// SPDX-License-Identifier: BSD-2-Clause-Patent
> > +//
> > +// **/
> > +
> > +#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library
> > implementation with TLS features and performance optimizations"
> > +
> > +#string STR_MODULE_DESCRIPTION #language en-US "This module
> > provides OpenSSL Library implementation with TLS features along with
> > performance optimized implementations of SHA1, SHA256, SHA512, AESNI, VPAED,
> > and GHASH for IA32 and X64."
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
> > b/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
> > index 18d8a5612808..5daf73a54710 100644
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
> > @@ -6,7 +6,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > **/
> >
> > -#include <Uefi.h>
> > +#include <Base.h>
> >
> > /**
> > An internal OpenSSL function which fetches a local copy of the hardware
> > @@ -30,7 +30,7 @@ OPENSSL_cpuid_setup (
> > @retval EFI_SUCCESS The construction succeeded.
> >
> > **/
> > -EFI_STATUS
> > +RETURN_STATUS
> > EFIAPI
> > OpensslLibConstructor (
> > VOID
> > @@ -38,5 +38,5 @@ OpensslLibConstructor (
> > {
> > OPENSSL_cpuid_setup ();
> >
> > - return EFI_SUCCESS;
> > + return RETURN_SUCCESS;
> > }
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > index 0ec372454119..5492865ddb2d 100644
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > @@ -1,5 +1,6 @@
> > ## @file
> > -# This module provides OpenSSL Library implementation.
> > +# This module provides OpenSSL Library implementation with ECC and TLS
> > +# features removed and features have performance optimizations enabled.
> > #
> > # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
> > # (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > @@ -15,14 +16,18 @@ [Defines]
> > MODULE_TYPE = BASE
> > VERSION_STRING = 1.0
> > LIBRARY_CLASS = OpensslLib
> > + CONSTRUCTOR = OpensslLibConstructor
> > +
> > DEFINE OPENSSL_PATH = openssl
> > - DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> > D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM
> > + DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> > D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_EC -
> > DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_TLS1_3 -DOPENSSL_NO_SM2 -
> > DOPENSSL_NO_ASM
> > + DEFINE OPENSSL_FLAGS_CONFIG =
> >
> > #
> > # VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
> > #
> >
> > [Sources]
> > + OpensslLibConstructor.c
> > $(OPENSSL_PATH)/e_os.h
> > $(OPENSSL_PATH)/ms/uplink.h
> > # Autogenerated files list starts here
> > @@ -199,43 +204,43 @@ [Sources]
> > $(OPENSSL_PATH)/crypto/dso/dso_vms.c
> > $(OPENSSL_PATH)/crypto/dso/dso_win32.c
> > $(OPENSSL_PATH)/crypto/ebcdic.c
> > - $(OPENSSL_PATH)/crypto/ec/curve25519.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_check.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_err.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_key.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_print.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > +# $(OPENSSL_PATH)/crypto/ec/curve25519.c
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_check.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_err.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_key.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> > +# $(OPENSSL_PATH)/crypto/ec/ec_print.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> > +# $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> > +# $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> > $(OPENSSL_PATH)/crypto/err/err.c
> > $(OPENSSL_PATH)/crypto/err/err_prn.c
> > $(OPENSSL_PATH)/crypto/evp/bio_b64.c
> > @@ -421,10 +426,10 @@ [Sources]
> > $(OPENSSL_PATH)/crypto/siphash/siphash.c
> > $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
> > $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > +# $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> > +# $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> > +# $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> > +# $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> > $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
> > $(OPENSSL_PATH)/crypto/sm3/sm3.c
> > $(OPENSSL_PATH)/crypto/sm4/sm4.c
> > @@ -537,15 +542,15 @@ [Sources]
> > $(OPENSSL_PATH)/crypto/conf/conf_local.h
> > $(OPENSSL_PATH)/crypto/dh/dh_local.h
> > $(OPENSSL_PATH)/crypto/dso/dso_local.h
> > - $(OPENSSL_PATH)/crypto/ec/ec_local.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > +# $(OPENSSL_PATH)/crypto/ec/ec_local.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> > +# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> > $(OPENSSL_PATH)/crypto/evp/evp_local.h
> > $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> > $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> > @@ -568,6 +573,57 @@ [Sources]
> > $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
> > $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
> > $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
> > +# $(OPENSSL_PATH)/ssl/bio_ssl.c
> > +# $(OPENSSL_PATH)/ssl/d1_lib.c
> > +# $(OPENSSL_PATH)/ssl/d1_msg.c
> > +# $(OPENSSL_PATH)/ssl/d1_srtp.c
> > +# $(OPENSSL_PATH)/ssl/methods.c
> > +# $(OPENSSL_PATH)/ssl/packet.c
> > +# $(OPENSSL_PATH)/ssl/pqueue.c
> > +# $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c
> > +# $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c
> > +# $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c
> > +# $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c
> > +# $(OPENSSL_PATH)/ssl/record/ssl3_record.c
> > +# $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c
> > +# $(OPENSSL_PATH)/ssl/s3_cbc.c
> > +# $(OPENSSL_PATH)/ssl/s3_enc.c
> > +# $(OPENSSL_PATH)/ssl/s3_lib.c
> > +# $(OPENSSL_PATH)/ssl/s3_msg.c
> > +# $(OPENSSL_PATH)/ssl/ssl_asn1.c
> > +# $(OPENSSL_PATH)/ssl/ssl_cert.c
> > +# $(OPENSSL_PATH)/ssl/ssl_ciph.c
> > +# $(OPENSSL_PATH)/ssl/ssl_conf.c
> > +# $(OPENSSL_PATH)/ssl/ssl_err.c
> > +# $(OPENSSL_PATH)/ssl/ssl_init.c
> > +# $(OPENSSL_PATH)/ssl/ssl_lib.c
> > +# $(OPENSSL_PATH)/ssl/ssl_mcnf.c
> > +# $(OPENSSL_PATH)/ssl/ssl_rsa.c
> > +# $(OPENSSL_PATH)/ssl/ssl_sess.c
> > +# $(OPENSSL_PATH)/ssl/ssl_stat.c
> > +# $(OPENSSL_PATH)/ssl/ssl_txt.c
> > +# $(OPENSSL_PATH)/ssl/ssl_utst.c
> > +# $(OPENSSL_PATH)/ssl/statem/extensions.c
> > +# $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c
> > +# $(OPENSSL_PATH)/ssl/statem/extensions_cust.c
> > +# $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c
> > +# $(OPENSSL_PATH)/ssl/statem/statem.c
> > +# $(OPENSSL_PATH)/ssl/statem/statem_clnt.c
> > +# $(OPENSSL_PATH)/ssl/statem/statem_dtls.c
> > +# $(OPENSSL_PATH)/ssl/statem/statem_lib.c
> > +# $(OPENSSL_PATH)/ssl/statem/statem_srvr.c
> > +# $(OPENSSL_PATH)/ssl/t1_enc.c
> > +# $(OPENSSL_PATH)/ssl/t1_lib.c
> > +# $(OPENSSL_PATH)/ssl/t1_trce.c
> > +# $(OPENSSL_PATH)/ssl/tls13_enc.c
> > +# $(OPENSSL_PATH)/ssl/tls_srp.c
> > +# $(OPENSSL_PATH)/ssl/packet_local.h
> > +# $(OPENSSL_PATH)/ssl/ssl_cert_table.h
> > +# $(OPENSSL_PATH)/ssl/ssl_local.h
> > +# $(OPENSSL_PATH)/ssl/record/record.h
> > +# $(OPENSSL_PATH)/ssl/record/record_local.h
> > +# $(OPENSSL_PATH)/ssl/statem/statem.h
> > +# $(OPENSSL_PATH)/ssl/statem/statem_local.h
> > # Autogenerated files list ends here
> > buildinf.h
> > ossl_store.c
> > @@ -586,15 +642,13 @@ [LibraryClasses]
> > [LibraryClasses.ARM]
> > ArmSoftFloatLib
> >
> > -[FixedPcd]
> > - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
> > -
> > [BuildOptions]
> > #
> > # Disables the following Visual Studio compiler warnings brought by
> > openssl source,
> > # so we do not break the build with /WX option:
> > # C4090: 'function' : different 'const' qualifiers
> > # C4132: 'object' : const object should be initialized (tls13_enc.c)
> > + # C4210: nonstandard extension used: function given file scope
> > # C4244: conversion from type1 to type2, possible loss of data
> > # C4245: conversion from type1 to type2, signed/unsigned mismatch
> > # C4267: conversion from size_t to type, possible loss of data
> > @@ -606,11 +660,11 @@ [BuildOptions]
> > # C4706: assignment within conditional expression
> > # C4819: The file contains a character that cannot be represented in the
> > current code page
> > #
> > - MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> > /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702
> > /wd4706 /wd4819
> > - MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> > /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389
> > /wd4702 /wd4706 /wd4819
> > + MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> > /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
> > + MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> > /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
> >
> > - INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> > $(OPENSSL_FLAGS) /w
> > - INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> > $(OPENSSL_FLAGS) /w
> > + INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> > $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> > + INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> > $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> >
> > #
> > # Suppress the following build warnings in openssl so we don't break the
> > build with -Werror
> > @@ -619,10 +673,10 @@ [BuildOptions]
> > # types appropriate to the format string specified.
> > # -Werror=unused-but-set-variable: Warn whenever a local variable is
> > assigned to, but otherwise unused (aside from its declaration).
> > #
> > - GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-
> > error=maybe-uninitialized -Wno-error=unused-but-set-variable
> > - GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-
> > error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-
> > but-set-variable -DNO_MSABI_VA_FUNCS
> > + GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-
> > set-variable
> > + GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -
> > Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
> > GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> > -Wno-error=unused-but-set-variable
> > - GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> > -Wno-format -Wno-error=unused-but-set-variable
> > + GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> > -Wno-format -Wno-error=unused-but-set-variable -Wno-error=format
> > GCC:*_*_RISCV64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> > -Wno-format -Wno-error=unused-but-set-variable
> > GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> > GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> > @@ -647,8 +701,8 @@ [BuildOptions]
> > # 1: ignore "#1-D: last line of file ends without a newline"
> > # 3017: <entity> may be used before being set (NOTE: This was fixed in
> > OpenSSL 1.1 HEAD with
> > # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be
> > dropped then.)
> > - XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > -w -std=c99 -Wno-error=uninitialized
> > - XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > -w -std=c99 -Wno-error=uninitialized
> > + XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> > + XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> >
> > #
> > # AARCH64 uses strict alignment and avoids SIMD registers for code that
> > may execute
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni
> > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni
> > index d3f12e178cae..462ccf4355f7 100644
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni
> > @@ -1,7 +1,6 @@
> > // /** @file
> > -// This module provides openSSL Library implementation (libcrypto only, no
> > libssl).
> > -//
> > -// This module provides OpenSSL Library implementation (libcrypto only, no
> > libssl).
> > +// This module provides OpenSSL Library implementation (libcrypto only, no
> > +// libssl or ecc).
> > //
> > // Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
> > //
> > @@ -9,8 +8,6 @@
> > //
> > // **/
> >
> > +#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library
> > implementation (libcrypto only, no libssl or ecc)"
> >
> > -#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library
> > implementation (libcrypto only, no libssl)"
> > -
> > -#string STR_MODULE_DESCRIPTION #language en-US "This module
> > provides OpenSSL Library implementation (libcrypto only, no libssl)."
> > -
> > +#string STR_MODULE_DESCRIPTION #language en-US "This module
> > provides OpenSSL Library implementation (libcrypto only, no libssl or ecc)."
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
> > similarity index 80%
> > copy from CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > copy to CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
> > index c899b811b149..1b5d9fa42405 100644
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
> > @@ -1,5 +1,11 @@
> > ## @file
> > -# This module provides OpenSSL Library implementation.
> > +# This module provides OpenSSL Library implementation with ECC and TLS
> > +# features.
> > +#
> > +# This library should be used if a module module needs ECC in TLS, or
> > +# asymmetric cryptography services such as X509 certificate or PEM format
> > +# data processing. This library increases the size overhead up to ~115 KB
> > +# compared to OpensslLib.inf library instance.
> > #
> > # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
> > # (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > @@ -9,20 +15,24 @@
> >
> > [Defines]
> > INF_VERSION = 0x00010005
> > - BASE_NAME = OpensslLib
> > - MODULE_UNI_FILE = OpensslLib.uni
> > - FILE_GUID = C873A7D0-9824-409f-9B42-2C158B992E69
> > + BASE_NAME = OpensslLibFull
> > + MODULE_UNI_FILE = OpensslLibFull.uni
> > + FILE_GUID = AB9E2231-D8FC-433F-9F27-FA293B64FB2C
> > MODULE_TYPE = BASE
> > VERSION_STRING = 1.0
> > LIBRARY_CLASS = OpensslLib
> > + CONSTRUCTOR = OpensslLibConstructor
> > +
> > DEFINE OPENSSL_PATH = openssl
> > DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> > D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM
> > + DEFINE OPENSSL_FLAGS_CONFIG =
> >
> > #
> > # VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
> > #
> >
> > [Sources]
> > + OpensslLibConstructor.c
> > $(OPENSSL_PATH)/e_os.h
> > $(OPENSSL_PATH)/ms/uplink.h
> > # Autogenerated files list starts here
> > @@ -199,43 +209,43 @@ [Sources]
> > $(OPENSSL_PATH)/crypto/dso/dso_vms.c
> > $(OPENSSL_PATH)/crypto/dso/dso_win32.c
> > $(OPENSSL_PATH)/crypto/ebcdic.c
> > - $(OPENSSL_PATH)/crypto/ec/curve25519.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_check.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_err.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_key.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_print.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > + $(OPENSSL_PATH)/crypto/ec/curve25519.c
> > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> > + $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> > + $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> > + $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> > + $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> > + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_check.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_err.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_key.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_print.c
> > + $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> > + $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> > + $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> > + $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> > + $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> > + $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> > + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> > + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> > + $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> > + $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> > + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> > + $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> > $(OPENSSL_PATH)/crypto/err/err.c
> > $(OPENSSL_PATH)/crypto/err/err_prn.c
> > $(OPENSSL_PATH)/crypto/evp/bio_b64.c
> > @@ -421,10 +431,10 @@ [Sources]
> > $(OPENSSL_PATH)/crypto/siphash/siphash.c
> > $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
> > $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > + $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> > + $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> > + $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> > + $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> > $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
> > $(OPENSSL_PATH)/crypto/sm3/sm3.c
> > $(OPENSSL_PATH)/crypto/sm4/sm4.c
> > @@ -537,15 +547,15 @@ [Sources]
> > $(OPENSSL_PATH)/crypto/conf/conf_local.h
> > $(OPENSSL_PATH)/crypto/dh/dh_local.h
> > $(OPENSSL_PATH)/crypto/dso/dso_local.h
> > - $(OPENSSL_PATH)/crypto/ec/ec_local.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > + $(OPENSSL_PATH)/crypto/ec/ec_local.h
> > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> > + $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> > + $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> > + $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> > + $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> > $(OPENSSL_PATH)/crypto/evp/evp_local.h
> > $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> > $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> > @@ -637,15 +647,13 @@ [LibraryClasses]
> > [LibraryClasses.ARM]
> > ArmSoftFloatLib
> >
> > -[FixedPcd]
> > - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
> > -
> > [BuildOptions]
> > #
> > # Disables the following Visual Studio compiler warnings brought by
> > openssl source,
> > # so we do not break the build with /WX option:
> > # C4090: 'function' : different 'const' qualifiers
> > # C4132: 'object' : const object should be initialized (tls13_enc.c)
> > + # C4210: nonstandard extension used: function given file scope
> > # C4244: conversion from type1 to type2, possible loss of data
> > # C4245: conversion from type1 to type2, signed/unsigned mismatch
> > # C4267: conversion from size_t to type, possible loss of data
> > @@ -657,11 +665,11 @@ [BuildOptions]
> > # C4706: assignment within conditional expression
> > # C4819: The file contains a character that cannot be represented in the
> > current code page
> > #
> > - MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> > /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702
> > /wd4706 /wd4819
> > - MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> > /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389
> > /wd4702 /wd4706 /wd4819
> > + MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> > /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
> > + MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> > /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
> >
> > - INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> > $(OPENSSL_FLAGS) /w
> > - INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> > $(OPENSSL_FLAGS) /w
> > + INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> > $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> > + INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> > $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> >
> > #
> > # Suppress the following build warnings in openssl so we don't break the
> > build with -Werror
> > @@ -670,10 +678,10 @@ [BuildOptions]
> > # types appropriate to the format string specified.
> > # -Werror=unused-but-set-variable: Warn whenever a local variable is
> > assigned to, but otherwise unused (aside from its declaration).
> > #
> > - GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-
> > error=maybe-uninitialized -Wno-error=unused-but-set-variable
> > - GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-
> > error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-
> > but-set-variable -DNO_MSABI_VA_FUNCS
> > + GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-
> > set-variable
> > + GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -
> > Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
> > GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> > -Wno-error=unused-but-set-variable
> > - GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> > -Wno-format -Wno-error=unused-but-set-variable
> > + GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> > -Wno-format -Wno-error=unused-but-set-variable -Wno-error=format
> > GCC:*_*_RISCV64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized
> > -Wno-format -Wno-error=unused-but-set-variable
> > GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> > GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> > @@ -698,8 +706,8 @@ [BuildOptions]
> > # 1: ignore "#1-D: last line of file ends without a newline"
> > # 3017: <entity> may be used before being set (NOTE: This was fixed in
> > OpenSSL 1.1 HEAD with
> > # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be
> > dropped then.)
> > - XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > -w -std=c99 -Wno-error=uninitialized
> > - XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > -w -std=c99 -Wno-error=uninitialized
> > + XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> > + XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> >
> > #
> > # AARCH64 uses strict alignment and avoids SIMD registers for code that
> > may execute
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.uni
> > b/CryptoPkg/Library/OpensslLib/OpensslLibFull.uni
> > similarity index 56%
> > copy from CryptoPkg/Library/OpensslLib/OpensslLib.uni
> > copy to CryptoPkg/Library/OpensslLib/OpensslLibFull.uni
> > index abaff8a3c37f..ec50adba9f83 100644
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.uni
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.uni
> > @@ -1,7 +1,5 @@
> > // /** @file
> > -// This module provides openSSL Library implementation.
> > -//
> > -// This module provides OpenSSL Library implementation.
> > +// This module provides OpenSSL Library implementation with TLS and ECC
> > features.
> > //
> > // Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
> > //
> > @@ -9,8 +7,6 @@
> > //
> > // **/
> >
> > +#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library
> > implementation with TLS and ECC features"
> >
> > -#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library
> > implementation"
> > -
> > -#string STR_MODULE_DESCRIPTION #language en-US "This module
> > provides OpenSSL Library implementation."
> > -
> > +#string STR_MODULE_DESCRIPTION #language en-US "This module
> > provides OpenSSL Library implementation with TLS and ECC features."
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf
> > b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
> > similarity index 79%
> > rename from CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf
> > rename to CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
> > index 150a82ec7af1..3c7b33f1e512 100644
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
> > @@ -1,5 +1,12 @@
> > ## @file
> > -# This module provides OpenSSL Library implementation.
> > +# This module provides OpenSSL Library implementation with ECC and TLS
> > +# features along with performance optimized implementations of SHA1,
> > +# SHA256, SHA512 AESNI, VPAED, and GHASH for IA32 and X64.
> > +#
> > +# This library should be used if a module module needs ECC in TLS, or
> > +# asymmetric cryptography services such as X509 certificate or PEM format
> > +# data processing. This library increases the size overhead up to ~115 KB
> > +# compared to OpensslLibAccel.inf library instance.
> > #
> > # Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
> > # (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > @@ -9,33 +16,27 @@
> >
> > [Defines]
> > INF_VERSION = 0x00010005
> > - BASE_NAME = OpensslLibIa32Gcc
> > - MODULE_UNI_FILE = OpensslLib.uni
> > - FILE_GUID = B1B32F26-A4E1-4D38-9E34-53A148B8EB11
> > + BASE_NAME = OpensslLibFullAccel
> > + MODULE_UNI_FILE = OpensslLibFullAccel.uni
> > + FILE_GUID = AC649FB2-ADCF-450A-9C61-ED3CAFF12864
> > MODULE_TYPE = BASE
> > VERSION_STRING = 1.0
> > LIBRARY_CLASS = OpensslLib
> > + CONSTRUCTOR = OpensslLibConstructor
> > +
> > DEFINE OPENSSL_PATH = openssl
> > DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> > D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
> > DEFINE OPENSSL_FLAGS_CONFIG = -DOPENSSL_CPUID_OBJ -DSHA1_ASM -
> > DSHA256_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
> > - CONSTRUCTOR = OpensslLibConstructor
> >
> > #
> > -# VALID_ARCHITECTURES = IA32
> > +# VALID_ARCHITECTURES = IA32 X64
> > #
> >
> > -[Sources.IA32]
> > +[Sources]
> > OpensslLibConstructor.c
> > $(OPENSSL_PATH)/e_os.h
> > $(OPENSSL_PATH)/ms/uplink.h
> > # Autogenerated files list starts here
> > - IA32Gcc/crypto/aes/aesni-x86.S
> > - IA32Gcc/crypto/aes/vpaes-x86.S
> > - IA32Gcc/crypto/modes/ghash-x86.S
> > - IA32Gcc/crypto/sha/sha1-586.S
> > - IA32Gcc/crypto/sha/sha256-586.S
> > - IA32Gcc/crypto/sha/sha512-586.S
> > - IA32Gcc/crypto/x86cpuid.S
> > $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
> > $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
> > $(OPENSSL_PATH)/crypto/aes/aes_core.c
> > @@ -209,43 +210,43 @@ [Sources.IA32]
> > $(OPENSSL_PATH)/crypto/dso/dso_vms.c
> > $(OPENSSL_PATH)/crypto/dso/dso_win32.c
> > $(OPENSSL_PATH)/crypto/ebcdic.c
> > - $(OPENSSL_PATH)/crypto/ec/curve25519.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_check.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_err.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_key.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_print.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > + $(OPENSSL_PATH)/crypto/ec/curve25519.c
> > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> > + $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> > + $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> > + $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> > + $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> > + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_check.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_err.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_key.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> > + $(OPENSSL_PATH)/crypto/ec/ec_print.c
> > + $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> > + $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> > + $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> > + $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> > + $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> > + $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> > + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> > + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> > + $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> > + $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> > + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> > + $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> > $(OPENSSL_PATH)/crypto/err/err.c
> > $(OPENSSL_PATH)/crypto/err/err_prn.c
> > $(OPENSSL_PATH)/crypto/evp/bio_b64.c
> > @@ -324,6 +325,7 @@ [Sources.IA32]
> > $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
> > $(OPENSSL_PATH)/crypto/md5/md5_one.c
> > $(OPENSSL_PATH)/crypto/mem.c
> > +# $(OPENSSL_PATH)/crypto/mem_clr.c # Replaced by assembly optimized
> > NASM/S files
> > $(OPENSSL_PATH)/crypto/mem_dbg.c
> > $(OPENSSL_PATH)/crypto/mem_sec.c
> > $(OPENSSL_PATH)/crypto/modes/cbc128.c
> > @@ -430,10 +432,10 @@ [Sources.IA32]
> > $(OPENSSL_PATH)/crypto/siphash/siphash.c
> > $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
> > $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > + $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> > + $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> > + $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> > + $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> > $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
> > $(OPENSSL_PATH)/crypto/sm3/sm3.c
> > $(OPENSSL_PATH)/crypto/sm4/sm4.c
> > @@ -546,15 +548,15 @@ [Sources.IA32]
> > $(OPENSSL_PATH)/crypto/conf/conf_local.h
> > $(OPENSSL_PATH)/crypto/dh/dh_local.h
> > $(OPENSSL_PATH)/crypto/dso/dso_local.h
> > - $(OPENSSL_PATH)/crypto/ec/ec_local.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > + $(OPENSSL_PATH)/crypto/ec/ec_local.h
> > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> > + $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> > + $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> > + $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> > + $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> > $(OPENSSL_PATH)/crypto/evp/evp_local.h
> > $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> > $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> > @@ -633,6 +635,53 @@ [Sources.IA32]
> > ossl_store.c
> > rand_pool.c
> >
> > +[Sources.IA32]
> > + IA32/crypto/aes/aesni-x86.nasm | MSFT
> > + IA32/crypto/aes/vpaes-x86.nasm | MSFT
> > + IA32/crypto/modes/ghash-x86.nasm | MSFT
> > + IA32/crypto/sha/sha1-586.nasm | MSFT
> > + IA32/crypto/sha/sha256-586.nasm | MSFT
> > + IA32/crypto/sha/sha512-586.nasm | MSFT
> > + IA32/crypto/x86cpuid.nasm | MSFT
> > +
> > + IA32Gcc/crypto/aes/aesni-x86.S | GCC
> > + IA32Gcc/crypto/aes/vpaes-x86.S | GCC
> > + IA32Gcc/crypto/modes/ghash-x86.S | GCC
> > + IA32Gcc/crypto/sha/sha1-586.S | GCC
> > + IA32Gcc/crypto/sha/sha256-586.S | GCC
> > + IA32Gcc/crypto/sha/sha512-586.S | GCC
> > + IA32Gcc/crypto/x86cpuid.S | GCC
> > +
> > +[Sources.X64]
> > + X64/ApiHooks.c
> > + X64/crypto/aes/aesni-mb-x86_64.nasm | MSFT
> > + X64/crypto/aes/aesni-sha1-x86_64.nasm | MSFT
> > + X64/crypto/aes/aesni-sha256-x86_64.nasm | MSFT
> > + X64/crypto/aes/aesni-x86_64.nasm | MSFT
> > + X64/crypto/aes/vpaes-x86_64.nasm | MSFT
> > + X64/crypto/modes/aesni-gcm-x86_64.nasm | MSFT
> > + X64/crypto/modes/ghash-x86_64.nasm | MSFT
> > + X64/crypto/sha/sha1-mb-x86_64.nasm | MSFT
> > + X64/crypto/sha/sha1-x86_64.nasm | MSFT
> > + X64/crypto/sha/sha256-mb-x86_64.nasm | MSFT
> > + X64/crypto/sha/sha256-x86_64.nasm | MSFT
> > + X64/crypto/sha/sha512-x86_64.nasm | MSFT
> > + X64/crypto/x86_64cpuid.nasm | MSFT
> > +
> > + X64Gcc/crypto/aes/aesni-mb-x86_64.S | GCC
> > + X64Gcc/crypto/aes/aesni-sha1-x86_64.S | GCC
> > + X64Gcc/crypto/aes/aesni-sha256-x86_64.S | GCC
> > + X64Gcc/crypto/aes/aesni-x86_64.S | GCC
> > + X64Gcc/crypto/aes/vpaes-x86_64.S | GCC
> > + X64Gcc/crypto/modes/aesni-gcm-x86_64.S | GCC
> > + X64Gcc/crypto/modes/ghash-x86_64.S | GCC
> > + X64Gcc/crypto/sha/sha1-mb-x86_64.S | GCC
> > + X64Gcc/crypto/sha/sha1-x86_64.S | GCC
> > + X64Gcc/crypto/sha/sha256-mb-x86_64.S | GCC
> > + X64Gcc/crypto/sha/sha256-x86_64.S | GCC
> > + X64Gcc/crypto/sha/sha512-x86_64.S | GCC
> > + X64Gcc/crypto/x86_64cpuid.S | GCC
> > +
> > [Packages]
> > MdePkg/MdePkg.dec
> > CryptoPkg/CryptoPkg.dec
> > @@ -643,9 +692,6 @@ [LibraryClasses]
> > RngLib
> > PrintLib
> >
> > -[FixedPcd]
> > - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
> > -
> > [BuildOptions]
> > #
> > # Disables the following Visual Studio compiler warnings brought by
> > openssl source,
> > @@ -665,8 +711,10 @@ [BuildOptions]
> > # C4819: The file contains a character that cannot be represented in the
> > current code page
> > #
> > MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> > /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
> > + MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> > /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
> >
> > INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> > $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> > + INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> > $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> >
> > #
> > # Suppress the following build warnings in openssl so we don't break the
> > build with -Werror
> > @@ -675,7 +723,11 @@ [BuildOptions]
> > # types appropriate to the format string specified.
> > # -Werror=unused-but-set-variable: Warn whenever a local variable is
> > assigned to, but otherwise unused (aside from its declaration).
> > #
> > - GCC:*_*_IA32_CC_FLAGS = -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-
> > set-variable
> > + GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-
> > set-variable
> > + GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -
> > Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
> > + GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> > + GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
> > + GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized -Wno-
> > error=incompatible-pointer-types -Wno-error=pointer-sign -Wno-error=implicit-
> > function-declaration -Wno-error=ignored-pragma-optimize
> >
> > # suppress the following warnings in openssl so we don't break the build
> > with warnings-as-errors:
> > # 1295: Deprecated declaration <entity> - give arg types
> > @@ -697,3 +749,4 @@ [BuildOptions]
> > # 3017: <entity> may be used before being set (NOTE: This was fixed in
> > OpenSSL 1.1 HEAD with
> > # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be
> > dropped then.)
> > XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> > + XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> > b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> > new file mode 100644
> > index 000000000000..b8453b6c902e
> > --- /dev/null
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> > @@ -0,0 +1,14 @@
> > +// /** @file
> > +// This module provides openSSL Library implementation with ECC and TLS
> > +// features along with performance optimized implementations of SHA1,
> > +// SHA256, SHA512 AESNI, VPAED, and GHASH for IA32 and X64.
> > +//
> > +// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
> > +//
> > +// SPDX-License-Identifier: BSD-2-Clause-Patent
> > +//
> > +// **/
> > +
> > +#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library
> > implementation with TLS and ECC features and performance optimizations"
> > +
> > +#string STR_MODULE_DESCRIPTION #language en-US "This module
> > provides OpenSSL Library implementation with TLS and ECC features and
> > performance optimizations."
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> > b/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> > deleted file mode 100644
> > index 5e92ba0844d5..000000000000
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> > +++ /dev/null
> > @@ -1,706 +0,0 @@
> > -## @file
> > -# This module provides OpenSSL Library implementation.
> > -#
> > -# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
> > -# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > -# SPDX-License-Identifier: BSD-2-Clause-Patent
> > -#
> > -##
> > -
> > -[Defines]
> > - INF_VERSION = 0x00010005
> > - BASE_NAME = OpensslLibX64
> > - MODULE_UNI_FILE = OpensslLib.uni
> > - FILE_GUID = 18125E50-0117-4DD0-BE54-4784AD995FEF
> > - MODULE_TYPE = BASE
> > - VERSION_STRING = 1.0
> > - LIBRARY_CLASS = OpensslLib
> > - DEFINE OPENSSL_PATH = openssl
> > - DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> > D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
> > - DEFINE OPENSSL_FLAGS_CONFIG = -DOPENSSL_CPUID_OBJ -DSHA1_ASM -
> > DSHA256_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
> > - CONSTRUCTOR = OpensslLibConstructor
> > -
> > -#
> > -# VALID_ARCHITECTURES = X64
> > -#
> > -
> > -[Sources.X64]
> > - OpensslLibConstructor.c
> > - $(OPENSSL_PATH)/e_os.h
> > - $(OPENSSL_PATH)/ms/uplink.h
> > -# Autogenerated files list starts here
> > - X64/crypto/aes/aesni-mb-x86_64.nasm
> > - X64/crypto/aes/aesni-sha1-x86_64.nasm
> > - X64/crypto/aes/aesni-sha256-x86_64.nasm
> > - X64/crypto/aes/aesni-x86_64.nasm
> > - X64/crypto/aes/vpaes-x86_64.nasm
> > - X64/crypto/modes/aesni-gcm-x86_64.nasm
> > - X64/crypto/modes/ghash-x86_64.nasm
> > - X64/crypto/sha/sha1-mb-x86_64.nasm
> > - X64/crypto/sha/sha1-x86_64.nasm
> > - X64/crypto/sha/sha256-mb-x86_64.nasm
> > - X64/crypto/sha/sha256-x86_64.nasm
> > - X64/crypto/sha/sha512-x86_64.nasm
> > - X64/crypto/x86_64cpuid.nasm
> > - $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
> > - $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
> > - $(OPENSSL_PATH)/crypto/aes/aes_core.c
> > - $(OPENSSL_PATH)/crypto/aes/aes_ige.c
> > - $(OPENSSL_PATH)/crypto/aes/aes_misc.c
> > - $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
> > - $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
> > - $(OPENSSL_PATH)/crypto/aria/aria.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_digest.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_dup.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_gentm.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_i2d_fp.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_int.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_mbstr.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_object.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_octet.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_print.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_sign.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_strex.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_strnid.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_time.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_type.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_utctm.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_utf8.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_verify.c
> > - $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c
> > - $(OPENSSL_PATH)/crypto/asn1/asn1_err.c
> > - $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c
> > - $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.c
> > - $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c
> > - $(OPENSSL_PATH)/crypto/asn1/asn1_par.c
> > - $(OPENSSL_PATH)/crypto/asn1/asn_mime.c
> > - $(OPENSSL_PATH)/crypto/asn1/asn_moid.c
> > - $(OPENSSL_PATH)/crypto/asn1/asn_mstbl.c
> > - $(OPENSSL_PATH)/crypto/asn1/asn_pack.c
> > - $(OPENSSL_PATH)/crypto/asn1/bio_asn1.c
> > - $(OPENSSL_PATH)/crypto/asn1/bio_ndef.c
> > - $(OPENSSL_PATH)/crypto/asn1/d2i_pr.c
> > - $(OPENSSL_PATH)/crypto/asn1/d2i_pu.c
> > - $(OPENSSL_PATH)/crypto/asn1/evp_asn1.c
> > - $(OPENSSL_PATH)/crypto/asn1/f_int.c
> > - $(OPENSSL_PATH)/crypto/asn1/f_string.c
> > - $(OPENSSL_PATH)/crypto/asn1/i2d_pr.c
> > - $(OPENSSL_PATH)/crypto/asn1/i2d_pu.c
> > - $(OPENSSL_PATH)/crypto/asn1/n_pkey.c
> > - $(OPENSSL_PATH)/crypto/asn1/nsseq.c
> > - $(OPENSSL_PATH)/crypto/asn1/p5_pbe.c
> > - $(OPENSSL_PATH)/crypto/asn1/p5_pbev2.c
> > - $(OPENSSL_PATH)/crypto/asn1/p5_scrypt.c
> > - $(OPENSSL_PATH)/crypto/asn1/p8_pkey.c
> > - $(OPENSSL_PATH)/crypto/asn1/t_bitst.c
> > - $(OPENSSL_PATH)/crypto/asn1/t_pkey.c
> > - $(OPENSSL_PATH)/crypto/asn1/t_spki.c
> > - $(OPENSSL_PATH)/crypto/asn1/tasn_dec.c
> > - $(OPENSSL_PATH)/crypto/asn1/tasn_enc.c
> > - $(OPENSSL_PATH)/crypto/asn1/tasn_fre.c
> > - $(OPENSSL_PATH)/crypto/asn1/tasn_new.c
> > - $(OPENSSL_PATH)/crypto/asn1/tasn_prn.c
> > - $(OPENSSL_PATH)/crypto/asn1/tasn_scn.c
> > - $(OPENSSL_PATH)/crypto/asn1/tasn_typ.c
> > - $(OPENSSL_PATH)/crypto/asn1/tasn_utl.c
> > - $(OPENSSL_PATH)/crypto/asn1/x_algor.c
> > - $(OPENSSL_PATH)/crypto/asn1/x_bignum.c
> > - $(OPENSSL_PATH)/crypto/asn1/x_info.c
> > - $(OPENSSL_PATH)/crypto/asn1/x_int64.c
> > - $(OPENSSL_PATH)/crypto/asn1/x_long.c
> > - $(OPENSSL_PATH)/crypto/asn1/x_pkey.c
> > - $(OPENSSL_PATH)/crypto/asn1/x_sig.c
> > - $(OPENSSL_PATH)/crypto/asn1/x_spki.c
> > - $(OPENSSL_PATH)/crypto/asn1/x_val.c
> > - $(OPENSSL_PATH)/crypto/async/arch/async_null.c
> > - $(OPENSSL_PATH)/crypto/async/arch/async_posix.c
> > - $(OPENSSL_PATH)/crypto/async/arch/async_win.c
> > - $(OPENSSL_PATH)/crypto/async/async.c
> > - $(OPENSSL_PATH)/crypto/async/async_err.c
> > - $(OPENSSL_PATH)/crypto/async/async_wait.c
> > - $(OPENSSL_PATH)/crypto/bio/b_addr.c
> > - $(OPENSSL_PATH)/crypto/bio/b_dump.c
> > - $(OPENSSL_PATH)/crypto/bio/b_sock.c
> > - $(OPENSSL_PATH)/crypto/bio/b_sock2.c
> > - $(OPENSSL_PATH)/crypto/bio/bf_buff.c
> > - $(OPENSSL_PATH)/crypto/bio/bf_lbuf.c
> > - $(OPENSSL_PATH)/crypto/bio/bf_nbio.c
> > - $(OPENSSL_PATH)/crypto/bio/bf_null.c
> > - $(OPENSSL_PATH)/crypto/bio/bio_cb.c
> > - $(OPENSSL_PATH)/crypto/bio/bio_err.c
> > - $(OPENSSL_PATH)/crypto/bio/bio_lib.c
> > - $(OPENSSL_PATH)/crypto/bio/bio_meth.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_acpt.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_bio.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_conn.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_dgram.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_fd.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_file.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_log.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_mem.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_null.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_sock.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_add.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_asm.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_blind.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_const.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_ctx.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_depr.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_dh.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_div.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_err.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_exp.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_exp2.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_gcd.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_gf2m.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_intern.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_kron.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_lib.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_mod.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_mont.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_mpi.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_mul.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_nist.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_prime.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_print.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_rand.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_recp.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_shift.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_sqr.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_sqrt.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_srp.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_word.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
> > - $(OPENSSL_PATH)/crypto/buffer/buf_err.c
> > - $(OPENSSL_PATH)/crypto/buffer/buffer.c
> > - $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
> > - $(OPENSSL_PATH)/crypto/cmac/cm_pmeth.c
> > - $(OPENSSL_PATH)/crypto/cmac/cmac.c
> > - $(OPENSSL_PATH)/crypto/comp/c_zlib.c
> > - $(OPENSSL_PATH)/crypto/comp/comp_err.c
> > - $(OPENSSL_PATH)/crypto/comp/comp_lib.c
> > - $(OPENSSL_PATH)/crypto/conf/conf_api.c
> > - $(OPENSSL_PATH)/crypto/conf/conf_def.c
> > - $(OPENSSL_PATH)/crypto/conf/conf_err.c
> > - $(OPENSSL_PATH)/crypto/conf/conf_lib.c
> > - $(OPENSSL_PATH)/crypto/conf/conf_mall.c
> > - $(OPENSSL_PATH)/crypto/conf/conf_mod.c
> > - $(OPENSSL_PATH)/crypto/conf/conf_sap.c
> > - $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
> > - $(OPENSSL_PATH)/crypto/cpt_err.c
> > - $(OPENSSL_PATH)/crypto/cryptlib.c
> > - $(OPENSSL_PATH)/crypto/ctype.c
> > - $(OPENSSL_PATH)/crypto/cversion.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_asn1.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_check.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_depr.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_err.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_gen.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_kdf.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_key.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_lib.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_meth.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_prn.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
> > - $(OPENSSL_PATH)/crypto/dso/dso_dl.c
> > - $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
> > - $(OPENSSL_PATH)/crypto/dso/dso_err.c
> > - $(OPENSSL_PATH)/crypto/dso/dso_lib.c
> > - $(OPENSSL_PATH)/crypto/dso/dso_openssl.c
> > - $(OPENSSL_PATH)/crypto/dso/dso_vms.c
> > - $(OPENSSL_PATH)/crypto/dso/dso_win32.c
> > - $(OPENSSL_PATH)/crypto/ebcdic.c
> > - $(OPENSSL_PATH)/crypto/ec/curve25519.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_check.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_err.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_key.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_print.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/err/err.c
> > - $(OPENSSL_PATH)/crypto/err/err_prn.c
> > - $(OPENSSL_PATH)/crypto/evp/bio_b64.c
> > - $(OPENSSL_PATH)/crypto/evp/bio_enc.c
> > - $(OPENSSL_PATH)/crypto/evp/bio_md.c
> > - $(OPENSSL_PATH)/crypto/evp/bio_ok.c
> > - $(OPENSSL_PATH)/crypto/evp/c_allc.c
> > - $(OPENSSL_PATH)/crypto/evp/c_alld.c
> > - $(OPENSSL_PATH)/crypto/evp/cmeth_lib.c
> > - $(OPENSSL_PATH)/crypto/evp/digest.c
> > - $(OPENSSL_PATH)/crypto/evp/e_aes.c
> > - $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c
> > - $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c
> > - $(OPENSSL_PATH)/crypto/evp/e_aria.c
> > - $(OPENSSL_PATH)/crypto/evp/e_bf.c
> > - $(OPENSSL_PATH)/crypto/evp/e_camellia.c
> > - $(OPENSSL_PATH)/crypto/evp/e_cast.c
> > - $(OPENSSL_PATH)/crypto/evp/e_chacha20_poly1305.c
> > - $(OPENSSL_PATH)/crypto/evp/e_des.c
> > - $(OPENSSL_PATH)/crypto/evp/e_des3.c
> > - $(OPENSSL_PATH)/crypto/evp/e_idea.c
> > - $(OPENSSL_PATH)/crypto/evp/e_null.c
> > - $(OPENSSL_PATH)/crypto/evp/e_old.c
> > - $(OPENSSL_PATH)/crypto/evp/e_rc2.c
> > - $(OPENSSL_PATH)/crypto/evp/e_rc4.c
> > - $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c
> > - $(OPENSSL_PATH)/crypto/evp/e_rc5.c
> > - $(OPENSSL_PATH)/crypto/evp/e_seed.c
> > - $(OPENSSL_PATH)/crypto/evp/e_sm4.c
> > - $(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c
> > - $(OPENSSL_PATH)/crypto/evp/encode.c
> > - $(OPENSSL_PATH)/crypto/evp/evp_cnf.c
> > - $(OPENSSL_PATH)/crypto/evp/evp_enc.c
> > - $(OPENSSL_PATH)/crypto/evp/evp_err.c
> > - $(OPENSSL_PATH)/crypto/evp/evp_key.c
> > - $(OPENSSL_PATH)/crypto/evp/evp_lib.c
> > - $(OPENSSL_PATH)/crypto/evp/evp_pbe.c
> > - $(OPENSSL_PATH)/crypto/evp/evp_pkey.c
> > - $(OPENSSL_PATH)/crypto/evp/m_md2.c
> > - $(OPENSSL_PATH)/crypto/evp/m_md4.c
> > - $(OPENSSL_PATH)/crypto/evp/m_md5.c
> > - $(OPENSSL_PATH)/crypto/evp/m_md5_sha1.c
> > - $(OPENSSL_PATH)/crypto/evp/m_mdc2.c
> > - $(OPENSSL_PATH)/crypto/evp/m_null.c
> > - $(OPENSSL_PATH)/crypto/evp/m_ripemd.c
> > - $(OPENSSL_PATH)/crypto/evp/m_sha1.c
> > - $(OPENSSL_PATH)/crypto/evp/m_sha3.c
> > - $(OPENSSL_PATH)/crypto/evp/m_sigver.c
> > - $(OPENSSL_PATH)/crypto/evp/m_wp.c
> > - $(OPENSSL_PATH)/crypto/evp/names.c
> > - $(OPENSSL_PATH)/crypto/evp/p5_crpt.c
> > - $(OPENSSL_PATH)/crypto/evp/p5_crpt2.c
> > - $(OPENSSL_PATH)/crypto/evp/p_dec.c
> > - $(OPENSSL_PATH)/crypto/evp/p_enc.c
> > - $(OPENSSL_PATH)/crypto/evp/p_lib.c
> > - $(OPENSSL_PATH)/crypto/evp/p_open.c
> > - $(OPENSSL_PATH)/crypto/evp/p_seal.c
> > - $(OPENSSL_PATH)/crypto/evp/p_sign.c
> > - $(OPENSSL_PATH)/crypto/evp/p_verify.c
> > - $(OPENSSL_PATH)/crypto/evp/pbe_scrypt.c
> > - $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
> > - $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
> > - $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
> > - $(OPENSSL_PATH)/crypto/ex_data.c
> > - $(OPENSSL_PATH)/crypto/getenv.c
> > - $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
> > - $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
> > - $(OPENSSL_PATH)/crypto/hmac/hmac.c
> > - $(OPENSSL_PATH)/crypto/init.c
> > - $(OPENSSL_PATH)/crypto/kdf/hkdf.c
> > - $(OPENSSL_PATH)/crypto/kdf/kdf_err.c
> > - $(OPENSSL_PATH)/crypto/kdf/scrypt.c
> > - $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
> > - $(OPENSSL_PATH)/crypto/lhash/lh_stats.c
> > - $(OPENSSL_PATH)/crypto/lhash/lhash.c
> > - $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
> > - $(OPENSSL_PATH)/crypto/md5/md5_one.c
> > - $(OPENSSL_PATH)/crypto/mem.c
> > - $(OPENSSL_PATH)/crypto/mem_dbg.c
> > - $(OPENSSL_PATH)/crypto/mem_sec.c
> > - $(OPENSSL_PATH)/crypto/modes/cbc128.c
> > - $(OPENSSL_PATH)/crypto/modes/ccm128.c
> > - $(OPENSSL_PATH)/crypto/modes/cfb128.c
> > - $(OPENSSL_PATH)/crypto/modes/ctr128.c
> > - $(OPENSSL_PATH)/crypto/modes/cts128.c
> > - $(OPENSSL_PATH)/crypto/modes/gcm128.c
> > - $(OPENSSL_PATH)/crypto/modes/ocb128.c
> > - $(OPENSSL_PATH)/crypto/modes/ofb128.c
> > - $(OPENSSL_PATH)/crypto/modes/wrap128.c
> > - $(OPENSSL_PATH)/crypto/modes/xts128.c
> > - $(OPENSSL_PATH)/crypto/o_dir.c
> > - $(OPENSSL_PATH)/crypto/o_fips.c
> > - $(OPENSSL_PATH)/crypto/o_fopen.c
> > - $(OPENSSL_PATH)/crypto/o_init.c
> > - $(OPENSSL_PATH)/crypto/o_str.c
> > - $(OPENSSL_PATH)/crypto/o_time.c
> > - $(OPENSSL_PATH)/crypto/objects/o_names.c
> > - $(OPENSSL_PATH)/crypto/objects/obj_dat.c
> > - $(OPENSSL_PATH)/crypto/objects/obj_err.c
> > - $(OPENSSL_PATH)/crypto/objects/obj_lib.c
> > - $(OPENSSL_PATH)/crypto/objects/obj_xref.c
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
> > - $(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_all.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_err.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_info.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_lib.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_oth.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_pk8.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_pkey.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_sign.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_x509.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_xaux.c
> > - $(OPENSSL_PATH)/crypto/pem/pvkfmt.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_add.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_attr.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_crpt.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_crt.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_decr.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_init.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_key.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_kiss.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_mutl.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_npas.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_sbag.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
> > - $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
> > - $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
> > - $(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
> > - $(OPENSSL_PATH)/crypto/pkcs7/pk7_doit.c
> > - $(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c
> > - $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
> > - $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
> > - $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
> > - $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
> > - $(OPENSSL_PATH)/crypto/rand/drbg_lib.c
> > - $(OPENSSL_PATH)/crypto/rand/rand_egd.c
> > - $(OPENSSL_PATH)/crypto/rand/rand_err.c
> > - $(OPENSSL_PATH)/crypto/rand/rand_lib.c
> > - $(OPENSSL_PATH)/crypto/rand/rand_unix.c
> > - $(OPENSSL_PATH)/crypto/rand/rand_vms.c
> > - $(OPENSSL_PATH)/crypto/rand/rand_win.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_crpt.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_depr.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_err.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_meth.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_mp.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_none.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_ossl.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_pmeth.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_prn.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_pss.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_saos.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_sign.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
> > - $(OPENSSL_PATH)/crypto/sha/keccak1600.c
> > - $(OPENSSL_PATH)/crypto/sha/sha1_one.c
> > - $(OPENSSL_PATH)/crypto/sha/sha1dgst.c
> > - $(OPENSSL_PATH)/crypto/sha/sha256.c
> > - $(OPENSSL_PATH)/crypto/sha/sha512.c
> > - $(OPENSSL_PATH)/crypto/siphash/siphash.c
> > - $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
> > - $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
> > - $(OPENSSL_PATH)/crypto/sm3/sm3.c
> > - $(OPENSSL_PATH)/crypto/sm4/sm4.c
> > - $(OPENSSL_PATH)/crypto/stack/stack.c
> > - $(OPENSSL_PATH)/crypto/threads_none.c
> > - $(OPENSSL_PATH)/crypto/threads_pthread.c
> > - $(OPENSSL_PATH)/crypto/threads_win.c
> > - $(OPENSSL_PATH)/crypto/txt_db/txt_db.c
> > - $(OPENSSL_PATH)/crypto/ui/ui_err.c
> > - $(OPENSSL_PATH)/crypto/ui/ui_lib.c
> > - $(OPENSSL_PATH)/crypto/ui/ui_null.c
> > - $(OPENSSL_PATH)/crypto/ui/ui_openssl.c
> > - $(OPENSSL_PATH)/crypto/ui/ui_util.c
> > - $(OPENSSL_PATH)/crypto/uid.c
> > - $(OPENSSL_PATH)/crypto/x509/by_dir.c
> > - $(OPENSSL_PATH)/crypto/x509/by_file.c
> > - $(OPENSSL_PATH)/crypto/x509/t_crl.c
> > - $(OPENSSL_PATH)/crypto/x509/t_req.c
> > - $(OPENSSL_PATH)/crypto/x509/t_x509.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_att.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_cmp.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_d2.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_def.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_err.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_ext.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_lu.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_meth.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_obj.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_req.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_set.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_trs.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_txt.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_v3.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_vfy.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_vpm.c
> > - $(OPENSSL_PATH)/crypto/x509/x509cset.c
> > - $(OPENSSL_PATH)/crypto/x509/x509name.c
> > - $(OPENSSL_PATH)/crypto/x509/x509rset.c
> > - $(OPENSSL_PATH)/crypto/x509/x509spki.c
> > - $(OPENSSL_PATH)/crypto/x509/x509type.c
> > - $(OPENSSL_PATH)/crypto/x509/x_all.c
> > - $(OPENSSL_PATH)/crypto/x509/x_attrib.c
> > - $(OPENSSL_PATH)/crypto/x509/x_crl.c
> > - $(OPENSSL_PATH)/crypto/x509/x_exten.c
> > - $(OPENSSL_PATH)/crypto/x509/x_name.c
> > - $(OPENSSL_PATH)/crypto/x509/x_pubkey.c
> > - $(OPENSSL_PATH)/crypto/x509/x_req.c
> > - $(OPENSSL_PATH)/crypto/x509/x_x509.c
> > - $(OPENSSL_PATH)/crypto/x509/x_x509a.c
> > - $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
> > - $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
> > - $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
> > - $(OPENSSL_PATH)/crypto/x509v3/pcy_map.c
> > - $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c
> > - $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_admis.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_asid.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_bcons.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_bitst.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_conf.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_cpols.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_crld.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_enum.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_extku.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_genn.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_ia5.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_info.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_int.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_lib.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_ncons.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_pci.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_pcia.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_pcons.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_pku.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_pmaps.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_prn.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_purp.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_skey.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_sxnet.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3err.c
> > - $(OPENSSL_PATH)/crypto/arm_arch.h
> > - $(OPENSSL_PATH)/crypto/mips_arch.h
> > - $(OPENSSL_PATH)/crypto/ppc_arch.h
> > - $(OPENSSL_PATH)/crypto/s390x_arch.h
> > - $(OPENSSL_PATH)/crypto/sparc_arch.h
> > - $(OPENSSL_PATH)/crypto/vms_rms.h
> > - $(OPENSSL_PATH)/crypto/aes/aes_local.h
> > - $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
> > - $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
> > - $(OPENSSL_PATH)/crypto/asn1/charmap.h
> > - $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
> > - $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
> > - $(OPENSSL_PATH)/crypto/async/async_local.h
> > - $(OPENSSL_PATH)/crypto/async/arch/async_null.h
> > - $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
> > - $(OPENSSL_PATH)/crypto/async/arch/async_win.h
> > - $(OPENSSL_PATH)/crypto/bio/bio_local.h
> > - $(OPENSSL_PATH)/crypto/bn/bn_local.h
> > - $(OPENSSL_PATH)/crypto/bn/bn_prime.h
> > - $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
> > - $(OPENSSL_PATH)/crypto/comp/comp_local.h
> > - $(OPENSSL_PATH)/crypto/conf/conf_def.h
> > - $(OPENSSL_PATH)/crypto/conf/conf_local.h
> > - $(OPENSSL_PATH)/crypto/dh/dh_local.h
> > - $(OPENSSL_PATH)/crypto/dso/dso_local.h
> > - $(OPENSSL_PATH)/crypto/ec/ec_local.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/evp/evp_local.h
> > - $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> > - $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> > - $(OPENSSL_PATH)/crypto/md5/md5_local.h
> > - $(OPENSSL_PATH)/crypto/modes/modes_local.h
> > - $(OPENSSL_PATH)/crypto/objects/obj_dat.h
> > - $(OPENSSL_PATH)/crypto/objects/obj_local.h
> > - $(OPENSSL_PATH)/crypto/objects/obj_xref.h
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
> > - $(OPENSSL_PATH)/crypto/rand/rand_local.h
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
> > - $(OPENSSL_PATH)/crypto/sha/sha_local.h
> > - $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
> > - $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
> > - $(OPENSSL_PATH)/crypto/store/store_local.h
> > - $(OPENSSL_PATH)/crypto/ui/ui_local.h
> > - $(OPENSSL_PATH)/crypto/x509/x509_local.h
> > - $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
> > - $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
> > - $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
> > - $(OPENSSL_PATH)/ssl/bio_ssl.c
> > - $(OPENSSL_PATH)/ssl/d1_lib.c
> > - $(OPENSSL_PATH)/ssl/d1_msg.c
> > - $(OPENSSL_PATH)/ssl/d1_srtp.c
> > - $(OPENSSL_PATH)/ssl/methods.c
> > - $(OPENSSL_PATH)/ssl/packet.c
> > - $(OPENSSL_PATH)/ssl/pqueue.c
> > - $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c
> > - $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c
> > - $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c
> > - $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c
> > - $(OPENSSL_PATH)/ssl/record/ssl3_record.c
> > - $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c
> > - $(OPENSSL_PATH)/ssl/s3_cbc.c
> > - $(OPENSSL_PATH)/ssl/s3_enc.c
> > - $(OPENSSL_PATH)/ssl/s3_lib.c
> > - $(OPENSSL_PATH)/ssl/s3_msg.c
> > - $(OPENSSL_PATH)/ssl/ssl_asn1.c
> > - $(OPENSSL_PATH)/ssl/ssl_cert.c
> > - $(OPENSSL_PATH)/ssl/ssl_ciph.c
> > - $(OPENSSL_PATH)/ssl/ssl_conf.c
> > - $(OPENSSL_PATH)/ssl/ssl_err.c
> > - $(OPENSSL_PATH)/ssl/ssl_init.c
> > - $(OPENSSL_PATH)/ssl/ssl_lib.c
> > - $(OPENSSL_PATH)/ssl/ssl_mcnf.c
> > - $(OPENSSL_PATH)/ssl/ssl_rsa.c
> > - $(OPENSSL_PATH)/ssl/ssl_sess.c
> > - $(OPENSSL_PATH)/ssl/ssl_stat.c
> > - $(OPENSSL_PATH)/ssl/ssl_txt.c
> > - $(OPENSSL_PATH)/ssl/ssl_utst.c
> > - $(OPENSSL_PATH)/ssl/statem/extensions.c
> > - $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c
> > - $(OPENSSL_PATH)/ssl/statem/extensions_cust.c
> > - $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c
> > - $(OPENSSL_PATH)/ssl/statem/statem.c
> > - $(OPENSSL_PATH)/ssl/statem/statem_clnt.c
> > - $(OPENSSL_PATH)/ssl/statem/statem_dtls.c
> > - $(OPENSSL_PATH)/ssl/statem/statem_lib.c
> > - $(OPENSSL_PATH)/ssl/statem/statem_srvr.c
> > - $(OPENSSL_PATH)/ssl/t1_enc.c
> > - $(OPENSSL_PATH)/ssl/t1_lib.c
> > - $(OPENSSL_PATH)/ssl/t1_trce.c
> > - $(OPENSSL_PATH)/ssl/tls13_enc.c
> > - $(OPENSSL_PATH)/ssl/tls_srp.c
> > - $(OPENSSL_PATH)/ssl/packet_local.h
> > - $(OPENSSL_PATH)/ssl/ssl_cert_table.h
> > - $(OPENSSL_PATH)/ssl/ssl_local.h
> > - $(OPENSSL_PATH)/ssl/record/record.h
> > - $(OPENSSL_PATH)/ssl/record/record_local.h
> > - $(OPENSSL_PATH)/ssl/statem/statem.h
> > - $(OPENSSL_PATH)/ssl/statem/statem_local.h
> > -# Autogenerated files list ends here
> > - buildinf.h
> > - ossl_store.c
> > - rand_pool.c
> > - X64/ApiHooks.c
> > -
> > -[Packages]
> > - MdePkg/MdePkg.dec
> > - CryptoPkg/CryptoPkg.dec
> > -
> > -[LibraryClasses]
> > - BaseLib
> > - DebugLib
> > - RngLib
> > - PrintLib
> > -
> > -[FixedPcd]
> > - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
> > -
> > -[BuildOptions]
> > - #
> > - # Disables the following Visual Studio compiler warnings brought by
> > openssl source,
> > - # so we do not break the build with /WX option:
> > - # C4090: 'function' : different 'const' qualifiers
> > - # C4132: 'object' : const object should be initialized (tls13_enc.c)
> > - # C4210: nonstandard extension used: function given file scope
> > - # C4244: conversion from type1 to type2, possible loss of data
> > - # C4245: conversion from type1 to type2, signed/unsigned mismatch
> > - # C4267: conversion from size_t to type, possible loss of data
> > - # C4306: 'identifier' : conversion from 'type1' to 'type2' of greater
> > size
> > - # C4310: cast truncates constant value
> > - # C4389: 'operator' : signed/unsigned mismatch (xxxx)
> > - # C4700: uninitialized local variable 'name' used. (conf_sap.c(71))
> > - # C4702: unreachable code
> > - # C4706: assignment within conditional expression
> > - # C4819: The file contains a character that cannot be represented in the
> > current code page
> > - #
> > - MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> > /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
> > -
> > - INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> > $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> > -
> > - #
> > - # Suppress the following build warnings in openssl so we don't break the
> > build with -Werror
> > - # -Werror=maybe-uninitialized: there exist some other paths for which
> > the variable is not initialized.
> > - # -Werror=format: Check calls to printf and scanf, etc., to make sure
> > that the arguments supplied have
> > - # types appropriate to the format string specified.
> > - # -Werror=unused-but-set-variable: Warn whenever a local variable is
> > assigned to, but otherwise unused (aside from its declaration).
> > - #
> > - GCC:*_*_X64_CC_FLAGS = -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -
> > Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
> > -
> > - # suppress the following warnings in openssl so we don't break the build
> > with warnings-as-errors:
> > - # 1295: Deprecated declaration <entity> - give arg types
> > - # 550: <entity> was set but never used
> > - # 1293: assignment in condition
> > - # 111: statement is unreachable (invariably "break;" after "return X;" in
> > case statement)
> > - # 68: integer conversion resulted in a change of sign ("if (Status == -
> > 1)")
> > - # 177: <entity> was declared but never referenced
> > - # 223: function <entity> declared implicitly
> > - # 144: a value of type <type> cannot be used to initialize an entity of
> > type <type>
> > - # 513: a value of type <type> cannot be assigned to an entity of type
> > <type>
> > - # 188: enumerated type mixed with another type (i.e. passing an integer
> > as an enum without a cast)
> > - # 1296: Extended constant initialiser used
> > - # 128: loop is not reachable - may be emitted inappropriately if code
> > follows a conditional return
> > - # from the function that evaluates to true at compile time
> > - # 546: transfer of control bypasses initialization - may be emitted
> > inappropriately if the uninitialized
> > - # variable is never referenced after the jump
> > - # 1: ignore "#1-D: last line of file ends without a newline"
> > - # 3017: <entity> may be used before being set (NOTE: This was fixed in
> > OpenSSL 1.1 HEAD with
> > - # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be
> > dropped then.)
> > - XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
> > b/CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
> > deleted file mode 100644
> > index 0f1b4b16f8b1..000000000000
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
> > +++ /dev/null
> > @@ -1,706 +0,0 @@
> > -## @file
> > -# This module provides OpenSSL Library implementation.
> > -#
> > -# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
> > -# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
> > -# SPDX-License-Identifier: BSD-2-Clause-Patent
> > -#
> > -##
> > -
> > -[Defines]
> > - INF_VERSION = 0x00010005
> > - BASE_NAME = OpensslLibX64Gcc
> > - MODULE_UNI_FILE = OpensslLib.uni
> > - FILE_GUID = DD90DB9D-6A3F-4F2B-87BF-A8F2BBEF982F
> > - MODULE_TYPE = BASE
> > - VERSION_STRING = 1.0
> > - LIBRARY_CLASS = OpensslLib
> > - DEFINE OPENSSL_PATH = openssl
> > - DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -
> > D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
> > - DEFINE OPENSSL_FLAGS_CONFIG = -DOPENSSL_CPUID_OBJ -DSHA1_ASM -
> > DSHA256_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
> > - CONSTRUCTOR = OpensslLibConstructor
> > -
> > -#
> > -# VALID_ARCHITECTURES = X64
> > -#
> > -
> > -[Sources.X64]
> > - OpensslLibConstructor.c
> > - $(OPENSSL_PATH)/e_os.h
> > - $(OPENSSL_PATH)/ms/uplink.h
> > -# Autogenerated files list starts here
> > - X64Gcc/crypto/aes/aesni-mb-x86_64.S
> > - X64Gcc/crypto/aes/aesni-sha1-x86_64.S
> > - X64Gcc/crypto/aes/aesni-sha256-x86_64.S
> > - X64Gcc/crypto/aes/aesni-x86_64.S
> > - X64Gcc/crypto/aes/vpaes-x86_64.S
> > - X64Gcc/crypto/modes/aesni-gcm-x86_64.S
> > - X64Gcc/crypto/modes/ghash-x86_64.S
> > - X64Gcc/crypto/sha/sha1-mb-x86_64.S
> > - X64Gcc/crypto/sha/sha1-x86_64.S
> > - X64Gcc/crypto/sha/sha256-mb-x86_64.S
> > - X64Gcc/crypto/sha/sha256-x86_64.S
> > - X64Gcc/crypto/sha/sha512-x86_64.S
> > - X64Gcc/crypto/x86_64cpuid.S
> > - $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
> > - $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
> > - $(OPENSSL_PATH)/crypto/aes/aes_core.c
> > - $(OPENSSL_PATH)/crypto/aes/aes_ige.c
> > - $(OPENSSL_PATH)/crypto/aes/aes_misc.c
> > - $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
> > - $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
> > - $(OPENSSL_PATH)/crypto/aria/aria.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_digest.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_dup.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_gentm.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_i2d_fp.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_int.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_mbstr.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_object.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_octet.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_print.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_sign.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_strex.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_strnid.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_time.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_type.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_utctm.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_utf8.c
> > - $(OPENSSL_PATH)/crypto/asn1/a_verify.c
> > - $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c
> > - $(OPENSSL_PATH)/crypto/asn1/asn1_err.c
> > - $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c
> > - $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.c
> > - $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c
> > - $(OPENSSL_PATH)/crypto/asn1/asn1_par.c
> > - $(OPENSSL_PATH)/crypto/asn1/asn_mime.c
> > - $(OPENSSL_PATH)/crypto/asn1/asn_moid.c
> > - $(OPENSSL_PATH)/crypto/asn1/asn_mstbl.c
> > - $(OPENSSL_PATH)/crypto/asn1/asn_pack.c
> > - $(OPENSSL_PATH)/crypto/asn1/bio_asn1.c
> > - $(OPENSSL_PATH)/crypto/asn1/bio_ndef.c
> > - $(OPENSSL_PATH)/crypto/asn1/d2i_pr.c
> > - $(OPENSSL_PATH)/crypto/asn1/d2i_pu.c
> > - $(OPENSSL_PATH)/crypto/asn1/evp_asn1.c
> > - $(OPENSSL_PATH)/crypto/asn1/f_int.c
> > - $(OPENSSL_PATH)/crypto/asn1/f_string.c
> > - $(OPENSSL_PATH)/crypto/asn1/i2d_pr.c
> > - $(OPENSSL_PATH)/crypto/asn1/i2d_pu.c
> > - $(OPENSSL_PATH)/crypto/asn1/n_pkey.c
> > - $(OPENSSL_PATH)/crypto/asn1/nsseq.c
> > - $(OPENSSL_PATH)/crypto/asn1/p5_pbe.c
> > - $(OPENSSL_PATH)/crypto/asn1/p5_pbev2.c
> > - $(OPENSSL_PATH)/crypto/asn1/p5_scrypt.c
> > - $(OPENSSL_PATH)/crypto/asn1/p8_pkey.c
> > - $(OPENSSL_PATH)/crypto/asn1/t_bitst.c
> > - $(OPENSSL_PATH)/crypto/asn1/t_pkey.c
> > - $(OPENSSL_PATH)/crypto/asn1/t_spki.c
> > - $(OPENSSL_PATH)/crypto/asn1/tasn_dec.c
> > - $(OPENSSL_PATH)/crypto/asn1/tasn_enc.c
> > - $(OPENSSL_PATH)/crypto/asn1/tasn_fre.c
> > - $(OPENSSL_PATH)/crypto/asn1/tasn_new.c
> > - $(OPENSSL_PATH)/crypto/asn1/tasn_prn.c
> > - $(OPENSSL_PATH)/crypto/asn1/tasn_scn.c
> > - $(OPENSSL_PATH)/crypto/asn1/tasn_typ.c
> > - $(OPENSSL_PATH)/crypto/asn1/tasn_utl.c
> > - $(OPENSSL_PATH)/crypto/asn1/x_algor.c
> > - $(OPENSSL_PATH)/crypto/asn1/x_bignum.c
> > - $(OPENSSL_PATH)/crypto/asn1/x_info.c
> > - $(OPENSSL_PATH)/crypto/asn1/x_int64.c
> > - $(OPENSSL_PATH)/crypto/asn1/x_long.c
> > - $(OPENSSL_PATH)/crypto/asn1/x_pkey.c
> > - $(OPENSSL_PATH)/crypto/asn1/x_sig.c
> > - $(OPENSSL_PATH)/crypto/asn1/x_spki.c
> > - $(OPENSSL_PATH)/crypto/asn1/x_val.c
> > - $(OPENSSL_PATH)/crypto/async/arch/async_null.c
> > - $(OPENSSL_PATH)/crypto/async/arch/async_posix.c
> > - $(OPENSSL_PATH)/crypto/async/arch/async_win.c
> > - $(OPENSSL_PATH)/crypto/async/async.c
> > - $(OPENSSL_PATH)/crypto/async/async_err.c
> > - $(OPENSSL_PATH)/crypto/async/async_wait.c
> > - $(OPENSSL_PATH)/crypto/bio/b_addr.c
> > - $(OPENSSL_PATH)/crypto/bio/b_dump.c
> > - $(OPENSSL_PATH)/crypto/bio/b_sock.c
> > - $(OPENSSL_PATH)/crypto/bio/b_sock2.c
> > - $(OPENSSL_PATH)/crypto/bio/bf_buff.c
> > - $(OPENSSL_PATH)/crypto/bio/bf_lbuf.c
> > - $(OPENSSL_PATH)/crypto/bio/bf_nbio.c
> > - $(OPENSSL_PATH)/crypto/bio/bf_null.c
> > - $(OPENSSL_PATH)/crypto/bio/bio_cb.c
> > - $(OPENSSL_PATH)/crypto/bio/bio_err.c
> > - $(OPENSSL_PATH)/crypto/bio/bio_lib.c
> > - $(OPENSSL_PATH)/crypto/bio/bio_meth.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_acpt.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_bio.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_conn.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_dgram.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_fd.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_file.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_log.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_mem.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_null.c
> > - $(OPENSSL_PATH)/crypto/bio/bss_sock.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_add.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_asm.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_blind.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_const.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_ctx.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_depr.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_dh.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_div.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_err.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_exp.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_exp2.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_gcd.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_gf2m.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_intern.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_kron.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_lib.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_mod.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_mont.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_mpi.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_mul.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_nist.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_prime.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_print.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_rand.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_recp.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_shift.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_sqr.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_sqrt.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_srp.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_word.c
> > - $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
> > - $(OPENSSL_PATH)/crypto/buffer/buf_err.c
> > - $(OPENSSL_PATH)/crypto/buffer/buffer.c
> > - $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
> > - $(OPENSSL_PATH)/crypto/cmac/cm_pmeth.c
> > - $(OPENSSL_PATH)/crypto/cmac/cmac.c
> > - $(OPENSSL_PATH)/crypto/comp/c_zlib.c
> > - $(OPENSSL_PATH)/crypto/comp/comp_err.c
> > - $(OPENSSL_PATH)/crypto/comp/comp_lib.c
> > - $(OPENSSL_PATH)/crypto/conf/conf_api.c
> > - $(OPENSSL_PATH)/crypto/conf/conf_def.c
> > - $(OPENSSL_PATH)/crypto/conf/conf_err.c
> > - $(OPENSSL_PATH)/crypto/conf/conf_lib.c
> > - $(OPENSSL_PATH)/crypto/conf/conf_mall.c
> > - $(OPENSSL_PATH)/crypto/conf/conf_mod.c
> > - $(OPENSSL_PATH)/crypto/conf/conf_sap.c
> > - $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
> > - $(OPENSSL_PATH)/crypto/cpt_err.c
> > - $(OPENSSL_PATH)/crypto/cryptlib.c
> > - $(OPENSSL_PATH)/crypto/ctype.c
> > - $(OPENSSL_PATH)/crypto/cversion.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_asn1.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_check.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_depr.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_err.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_gen.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_kdf.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_key.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_lib.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_meth.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_prn.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
> > - $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
> > - $(OPENSSL_PATH)/crypto/dso/dso_dl.c
> > - $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
> > - $(OPENSSL_PATH)/crypto/dso/dso_err.c
> > - $(OPENSSL_PATH)/crypto/dso/dso_lib.c
> > - $(OPENSSL_PATH)/crypto/dso/dso_openssl.c
> > - $(OPENSSL_PATH)/crypto/dso/dso_vms.c
> > - $(OPENSSL_PATH)/crypto/dso/dso_win32.c
> > - $(OPENSSL_PATH)/crypto/ebcdic.c
> > - $(OPENSSL_PATH)/crypto/ec/curve25519.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_check.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_curve.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_err.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_key.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_lib.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_mult.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ec_print.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/eck_prn.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/err/err.c
> > - $(OPENSSL_PATH)/crypto/err/err_prn.c
> > - $(OPENSSL_PATH)/crypto/evp/bio_b64.c
> > - $(OPENSSL_PATH)/crypto/evp/bio_enc.c
> > - $(OPENSSL_PATH)/crypto/evp/bio_md.c
> > - $(OPENSSL_PATH)/crypto/evp/bio_ok.c
> > - $(OPENSSL_PATH)/crypto/evp/c_allc.c
> > - $(OPENSSL_PATH)/crypto/evp/c_alld.c
> > - $(OPENSSL_PATH)/crypto/evp/cmeth_lib.c
> > - $(OPENSSL_PATH)/crypto/evp/digest.c
> > - $(OPENSSL_PATH)/crypto/evp/e_aes.c
> > - $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c
> > - $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c
> > - $(OPENSSL_PATH)/crypto/evp/e_aria.c
> > - $(OPENSSL_PATH)/crypto/evp/e_bf.c
> > - $(OPENSSL_PATH)/crypto/evp/e_camellia.c
> > - $(OPENSSL_PATH)/crypto/evp/e_cast.c
> > - $(OPENSSL_PATH)/crypto/evp/e_chacha20_poly1305.c
> > - $(OPENSSL_PATH)/crypto/evp/e_des.c
> > - $(OPENSSL_PATH)/crypto/evp/e_des3.c
> > - $(OPENSSL_PATH)/crypto/evp/e_idea.c
> > - $(OPENSSL_PATH)/crypto/evp/e_null.c
> > - $(OPENSSL_PATH)/crypto/evp/e_old.c
> > - $(OPENSSL_PATH)/crypto/evp/e_rc2.c
> > - $(OPENSSL_PATH)/crypto/evp/e_rc4.c
> > - $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c
> > - $(OPENSSL_PATH)/crypto/evp/e_rc5.c
> > - $(OPENSSL_PATH)/crypto/evp/e_seed.c
> > - $(OPENSSL_PATH)/crypto/evp/e_sm4.c
> > - $(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c
> > - $(OPENSSL_PATH)/crypto/evp/encode.c
> > - $(OPENSSL_PATH)/crypto/evp/evp_cnf.c
> > - $(OPENSSL_PATH)/crypto/evp/evp_enc.c
> > - $(OPENSSL_PATH)/crypto/evp/evp_err.c
> > - $(OPENSSL_PATH)/crypto/evp/evp_key.c
> > - $(OPENSSL_PATH)/crypto/evp/evp_lib.c
> > - $(OPENSSL_PATH)/crypto/evp/evp_pbe.c
> > - $(OPENSSL_PATH)/crypto/evp/evp_pkey.c
> > - $(OPENSSL_PATH)/crypto/evp/m_md2.c
> > - $(OPENSSL_PATH)/crypto/evp/m_md4.c
> > - $(OPENSSL_PATH)/crypto/evp/m_md5.c
> > - $(OPENSSL_PATH)/crypto/evp/m_md5_sha1.c
> > - $(OPENSSL_PATH)/crypto/evp/m_mdc2.c
> > - $(OPENSSL_PATH)/crypto/evp/m_null.c
> > - $(OPENSSL_PATH)/crypto/evp/m_ripemd.c
> > - $(OPENSSL_PATH)/crypto/evp/m_sha1.c
> > - $(OPENSSL_PATH)/crypto/evp/m_sha3.c
> > - $(OPENSSL_PATH)/crypto/evp/m_sigver.c
> > - $(OPENSSL_PATH)/crypto/evp/m_wp.c
> > - $(OPENSSL_PATH)/crypto/evp/names.c
> > - $(OPENSSL_PATH)/crypto/evp/p5_crpt.c
> > - $(OPENSSL_PATH)/crypto/evp/p5_crpt2.c
> > - $(OPENSSL_PATH)/crypto/evp/p_dec.c
> > - $(OPENSSL_PATH)/crypto/evp/p_enc.c
> > - $(OPENSSL_PATH)/crypto/evp/p_lib.c
> > - $(OPENSSL_PATH)/crypto/evp/p_open.c
> > - $(OPENSSL_PATH)/crypto/evp/p_seal.c
> > - $(OPENSSL_PATH)/crypto/evp/p_sign.c
> > - $(OPENSSL_PATH)/crypto/evp/p_verify.c
> > - $(OPENSSL_PATH)/crypto/evp/pbe_scrypt.c
> > - $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
> > - $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
> > - $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
> > - $(OPENSSL_PATH)/crypto/ex_data.c
> > - $(OPENSSL_PATH)/crypto/getenv.c
> > - $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
> > - $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
> > - $(OPENSSL_PATH)/crypto/hmac/hmac.c
> > - $(OPENSSL_PATH)/crypto/init.c
> > - $(OPENSSL_PATH)/crypto/kdf/hkdf.c
> > - $(OPENSSL_PATH)/crypto/kdf/kdf_err.c
> > - $(OPENSSL_PATH)/crypto/kdf/scrypt.c
> > - $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
> > - $(OPENSSL_PATH)/crypto/lhash/lh_stats.c
> > - $(OPENSSL_PATH)/crypto/lhash/lhash.c
> > - $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
> > - $(OPENSSL_PATH)/crypto/md5/md5_one.c
> > - $(OPENSSL_PATH)/crypto/mem.c
> > - $(OPENSSL_PATH)/crypto/mem_dbg.c
> > - $(OPENSSL_PATH)/crypto/mem_sec.c
> > - $(OPENSSL_PATH)/crypto/modes/cbc128.c
> > - $(OPENSSL_PATH)/crypto/modes/ccm128.c
> > - $(OPENSSL_PATH)/crypto/modes/cfb128.c
> > - $(OPENSSL_PATH)/crypto/modes/ctr128.c
> > - $(OPENSSL_PATH)/crypto/modes/cts128.c
> > - $(OPENSSL_PATH)/crypto/modes/gcm128.c
> > - $(OPENSSL_PATH)/crypto/modes/ocb128.c
> > - $(OPENSSL_PATH)/crypto/modes/ofb128.c
> > - $(OPENSSL_PATH)/crypto/modes/wrap128.c
> > - $(OPENSSL_PATH)/crypto/modes/xts128.c
> > - $(OPENSSL_PATH)/crypto/o_dir.c
> > - $(OPENSSL_PATH)/crypto/o_fips.c
> > - $(OPENSSL_PATH)/crypto/o_fopen.c
> > - $(OPENSSL_PATH)/crypto/o_init.c
> > - $(OPENSSL_PATH)/crypto/o_str.c
> > - $(OPENSSL_PATH)/crypto/o_time.c
> > - $(OPENSSL_PATH)/crypto/objects/o_names.c
> > - $(OPENSSL_PATH)/crypto/objects/obj_dat.c
> > - $(OPENSSL_PATH)/crypto/objects/obj_err.c
> > - $(OPENSSL_PATH)/crypto/objects/obj_lib.c
> > - $(OPENSSL_PATH)/crypto/objects/obj_xref.c
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
> > - $(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_all.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_err.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_info.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_lib.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_oth.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_pk8.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_pkey.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_sign.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_x509.c
> > - $(OPENSSL_PATH)/crypto/pem/pem_xaux.c
> > - $(OPENSSL_PATH)/crypto/pem/pvkfmt.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_add.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_attr.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_crpt.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_crt.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_decr.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_init.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_key.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_kiss.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_mutl.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_npas.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_sbag.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c
> > - $(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
> > - $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
> > - $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
> > - $(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
> > - $(OPENSSL_PATH)/crypto/pkcs7/pk7_doit.c
> > - $(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c
> > - $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
> > - $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
> > - $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
> > - $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
> > - $(OPENSSL_PATH)/crypto/rand/drbg_lib.c
> > - $(OPENSSL_PATH)/crypto/rand/rand_egd.c
> > - $(OPENSSL_PATH)/crypto/rand/rand_err.c
> > - $(OPENSSL_PATH)/crypto/rand/rand_lib.c
> > - $(OPENSSL_PATH)/crypto/rand/rand_unix.c
> > - $(OPENSSL_PATH)/crypto/rand/rand_vms.c
> > - $(OPENSSL_PATH)/crypto/rand/rand_win.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_crpt.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_depr.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_err.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_meth.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_mp.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_none.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_ossl.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_pmeth.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_prn.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_pss.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_saos.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_sign.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
> > - $(OPENSSL_PATH)/crypto/sha/keccak1600.c
> > - $(OPENSSL_PATH)/crypto/sha/sha1_one.c
> > - $(OPENSSL_PATH)/crypto/sha/sha1dgst.c
> > - $(OPENSSL_PATH)/crypto/sha/sha256.c
> > - $(OPENSSL_PATH)/crypto/sha/sha512.c
> > - $(OPENSSL_PATH)/crypto/siphash/siphash.c
> > - $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
> > - $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
> > - $(OPENSSL_PATH)/crypto/sm3/sm3.c
> > - $(OPENSSL_PATH)/crypto/sm4/sm4.c
> > - $(OPENSSL_PATH)/crypto/stack/stack.c
> > - $(OPENSSL_PATH)/crypto/threads_none.c
> > - $(OPENSSL_PATH)/crypto/threads_pthread.c
> > - $(OPENSSL_PATH)/crypto/threads_win.c
> > - $(OPENSSL_PATH)/crypto/txt_db/txt_db.c
> > - $(OPENSSL_PATH)/crypto/ui/ui_err.c
> > - $(OPENSSL_PATH)/crypto/ui/ui_lib.c
> > - $(OPENSSL_PATH)/crypto/ui/ui_null.c
> > - $(OPENSSL_PATH)/crypto/ui/ui_openssl.c
> > - $(OPENSSL_PATH)/crypto/ui/ui_util.c
> > - $(OPENSSL_PATH)/crypto/uid.c
> > - $(OPENSSL_PATH)/crypto/x509/by_dir.c
> > - $(OPENSSL_PATH)/crypto/x509/by_file.c
> > - $(OPENSSL_PATH)/crypto/x509/t_crl.c
> > - $(OPENSSL_PATH)/crypto/x509/t_req.c
> > - $(OPENSSL_PATH)/crypto/x509/t_x509.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_att.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_cmp.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_d2.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_def.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_err.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_ext.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_lu.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_meth.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_obj.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_req.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_set.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_trs.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_txt.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_v3.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_vfy.c
> > - $(OPENSSL_PATH)/crypto/x509/x509_vpm.c
> > - $(OPENSSL_PATH)/crypto/x509/x509cset.c
> > - $(OPENSSL_PATH)/crypto/x509/x509name.c
> > - $(OPENSSL_PATH)/crypto/x509/x509rset.c
> > - $(OPENSSL_PATH)/crypto/x509/x509spki.c
> > - $(OPENSSL_PATH)/crypto/x509/x509type.c
> > - $(OPENSSL_PATH)/crypto/x509/x_all.c
> > - $(OPENSSL_PATH)/crypto/x509/x_attrib.c
> > - $(OPENSSL_PATH)/crypto/x509/x_crl.c
> > - $(OPENSSL_PATH)/crypto/x509/x_exten.c
> > - $(OPENSSL_PATH)/crypto/x509/x_name.c
> > - $(OPENSSL_PATH)/crypto/x509/x_pubkey.c
> > - $(OPENSSL_PATH)/crypto/x509/x_req.c
> > - $(OPENSSL_PATH)/crypto/x509/x_x509.c
> > - $(OPENSSL_PATH)/crypto/x509/x_x509a.c
> > - $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
> > - $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
> > - $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
> > - $(OPENSSL_PATH)/crypto/x509v3/pcy_map.c
> > - $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c
> > - $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_admis.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_asid.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_bcons.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_bitst.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_conf.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_cpols.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_crld.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_enum.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_extku.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_genn.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_ia5.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_info.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_int.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_lib.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_ncons.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_pci.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_pcia.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_pcons.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_pku.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_pmaps.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_prn.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_purp.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_skey.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_sxnet.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
> > - $(OPENSSL_PATH)/crypto/x509v3/v3err.c
> > - $(OPENSSL_PATH)/crypto/arm_arch.h
> > - $(OPENSSL_PATH)/crypto/mips_arch.h
> > - $(OPENSSL_PATH)/crypto/ppc_arch.h
> > - $(OPENSSL_PATH)/crypto/s390x_arch.h
> > - $(OPENSSL_PATH)/crypto/sparc_arch.h
> > - $(OPENSSL_PATH)/crypto/vms_rms.h
> > - $(OPENSSL_PATH)/crypto/aes/aes_local.h
> > - $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
> > - $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
> > - $(OPENSSL_PATH)/crypto/asn1/charmap.h
> > - $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
> > - $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
> > - $(OPENSSL_PATH)/crypto/async/async_local.h
> > - $(OPENSSL_PATH)/crypto/async/arch/async_null.h
> > - $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
> > - $(OPENSSL_PATH)/crypto/async/arch/async_win.h
> > - $(OPENSSL_PATH)/crypto/bio/bio_local.h
> > - $(OPENSSL_PATH)/crypto/bn/bn_local.h
> > - $(OPENSSL_PATH)/crypto/bn/bn_prime.h
> > - $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
> > - $(OPENSSL_PATH)/crypto/comp/comp_local.h
> > - $(OPENSSL_PATH)/crypto/conf/conf_def.h
> > - $(OPENSSL_PATH)/crypto/conf/conf_local.h
> > - $(OPENSSL_PATH)/crypto/dh/dh_local.h
> > - $(OPENSSL_PATH)/crypto/dso/dso_local.h
> > - $(OPENSSL_PATH)/crypto/ec/ec_local.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/field.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/word.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
> > |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
> > - $(OPENSSL_PATH)/crypto/evp/evp_local.h
> > - $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
> > - $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
> > - $(OPENSSL_PATH)/crypto/md5/md5_local.h
> > - $(OPENSSL_PATH)/crypto/modes/modes_local.h
> > - $(OPENSSL_PATH)/crypto/objects/obj_dat.h
> > - $(OPENSSL_PATH)/crypto/objects/obj_local.h
> > - $(OPENSSL_PATH)/crypto/objects/obj_xref.h
> > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
> > - $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
> > - $(OPENSSL_PATH)/crypto/rand/rand_local.h
> > - $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
> > - $(OPENSSL_PATH)/crypto/sha/sha_local.h
> > - $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
> > - $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
> > - $(OPENSSL_PATH)/crypto/store/store_local.h
> > - $(OPENSSL_PATH)/crypto/ui/ui_local.h
> > - $(OPENSSL_PATH)/crypto/x509/x509_local.h
> > - $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
> > - $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
> > - $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
> > - $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
> > - $(OPENSSL_PATH)/ssl/bio_ssl.c
> > - $(OPENSSL_PATH)/ssl/d1_lib.c
> > - $(OPENSSL_PATH)/ssl/d1_msg.c
> > - $(OPENSSL_PATH)/ssl/d1_srtp.c
> > - $(OPENSSL_PATH)/ssl/methods.c
> > - $(OPENSSL_PATH)/ssl/packet.c
> > - $(OPENSSL_PATH)/ssl/pqueue.c
> > - $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c
> > - $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c
> > - $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c
> > - $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c
> > - $(OPENSSL_PATH)/ssl/record/ssl3_record.c
> > - $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c
> > - $(OPENSSL_PATH)/ssl/s3_cbc.c
> > - $(OPENSSL_PATH)/ssl/s3_enc.c
> > - $(OPENSSL_PATH)/ssl/s3_lib.c
> > - $(OPENSSL_PATH)/ssl/s3_msg.c
> > - $(OPENSSL_PATH)/ssl/ssl_asn1.c
> > - $(OPENSSL_PATH)/ssl/ssl_cert.c
> > - $(OPENSSL_PATH)/ssl/ssl_ciph.c
> > - $(OPENSSL_PATH)/ssl/ssl_conf.c
> > - $(OPENSSL_PATH)/ssl/ssl_err.c
> > - $(OPENSSL_PATH)/ssl/ssl_init.c
> > - $(OPENSSL_PATH)/ssl/ssl_lib.c
> > - $(OPENSSL_PATH)/ssl/ssl_mcnf.c
> > - $(OPENSSL_PATH)/ssl/ssl_rsa.c
> > - $(OPENSSL_PATH)/ssl/ssl_sess.c
> > - $(OPENSSL_PATH)/ssl/ssl_stat.c
> > - $(OPENSSL_PATH)/ssl/ssl_txt.c
> > - $(OPENSSL_PATH)/ssl/ssl_utst.c
> > - $(OPENSSL_PATH)/ssl/statem/extensions.c
> > - $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c
> > - $(OPENSSL_PATH)/ssl/statem/extensions_cust.c
> > - $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c
> > - $(OPENSSL_PATH)/ssl/statem/statem.c
> > - $(OPENSSL_PATH)/ssl/statem/statem_clnt.c
> > - $(OPENSSL_PATH)/ssl/statem/statem_dtls.c
> > - $(OPENSSL_PATH)/ssl/statem/statem_lib.c
> > - $(OPENSSL_PATH)/ssl/statem/statem_srvr.c
> > - $(OPENSSL_PATH)/ssl/t1_enc.c
> > - $(OPENSSL_PATH)/ssl/t1_lib.c
> > - $(OPENSSL_PATH)/ssl/t1_trce.c
> > - $(OPENSSL_PATH)/ssl/tls13_enc.c
> > - $(OPENSSL_PATH)/ssl/tls_srp.c
> > - $(OPENSSL_PATH)/ssl/packet_local.h
> > - $(OPENSSL_PATH)/ssl/ssl_cert_table.h
> > - $(OPENSSL_PATH)/ssl/ssl_local.h
> > - $(OPENSSL_PATH)/ssl/record/record.h
> > - $(OPENSSL_PATH)/ssl/record/record_local.h
> > - $(OPENSSL_PATH)/ssl/statem/statem.h
> > - $(OPENSSL_PATH)/ssl/statem/statem_local.h
> > -# Autogenerated files list ends here
> > - buildinf.h
> > - ossl_store.c
> > - rand_pool.c
> > - X64/ApiHooks.c
> > -
> > -[Packages]
> > - MdePkg/MdePkg.dec
> > - CryptoPkg/CryptoPkg.dec
> > -
> > -[LibraryClasses]
> > - BaseLib
> > - DebugLib
> > - RngLib
> > - PrintLib
> > -
> > -[FixedPcd]
> > - gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
> > -
> > -[BuildOptions]
> > - #
> > - # Disables the following Visual Studio compiler warnings brought by
> > openssl source,
> > - # so we do not break the build with /WX option:
> > - # C4090: 'function' : different 'const' qualifiers
> > - # C4132: 'object' : const object should be initialized (tls13_enc.c)
> > - # C4210: nonstandard extension used: function given file scope
> > - # C4244: conversion from type1 to type2, possible loss of data
> > - # C4245: conversion from type1 to type2, signed/unsigned mismatch
> > - # C4267: conversion from size_t to type, possible loss of data
> > - # C4306: 'identifier' : conversion from 'type1' to 'type2' of greater
> > size
> > - # C4310: cast truncates constant value
> > - # C4389: 'operator' : signed/unsigned mismatch (xxxx)
> > - # C4700: uninitialized local variable 'name' used. (conf_sap.c(71))
> > - # C4702: unreachable code
> > - # C4706: assignment within conditional expression
> > - # C4819: The file contains a character that cannot be represented in the
> > current code page
> > - #
> > - MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267
> > /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
> > -
> > - INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC
> > $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
> > -
> > - #
> > - # Suppress the following build warnings in openssl so we don't break the
> > build with -Werror
> > - # -Werror=maybe-uninitialized: there exist some other paths for which
> > the variable is not initialized.
> > - # -Werror=format: Check calls to printf and scanf, etc., to make sure
> > that the arguments supplied have
> > - # types appropriate to the format string specified.
> > - # -Werror=unused-but-set-variable: Warn whenever a local variable is
> > assigned to, but otherwise unused (aside from its declaration).
> > - #
> > - GCC:*_*_X64_CC_FLAGS = -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -
> > Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
> > -
> > - # suppress the following warnings in openssl so we don't break the build
> > with warnings-as-errors:
> > - # 1295: Deprecated declaration <entity> - give arg types
> > - # 550: <entity> was set but never used
> > - # 1293: assignment in condition
> > - # 111: statement is unreachable (invariably "break;" after "return X;" in
> > case statement)
> > - # 68: integer conversion resulted in a change of sign ("if (Status == -
> > 1)")
> > - # 177: <entity> was declared but never referenced
> > - # 223: function <entity> declared implicitly
> > - # 144: a value of type <type> cannot be used to initialize an entity of
> > type <type>
> > - # 513: a value of type <type> cannot be assigned to an entity of type
> > <type>
> > - # 188: enumerated type mixed with another type (i.e. passing an integer
> > as an enum without a cast)
> > - # 1296: Extended constant initialiser used
> > - # 128: loop is not reachable - may be emitted inappropriately if code
> > follows a conditional return
> > - # from the function that evaluates to true at compile time
> > - # 546: transfer of control bypasses initialization - may be emitted
> > inappropriately if the uninitialized
> > - # variable is never referenced after the jump
> > - # 1: ignore "#1-D: last line of file ends without a newline"
> > - # 3017: <entity> may be used before being set (NOTE: This was fixed in
> > OpenSSL 1.1 HEAD with
> > - # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be
> > dropped then.)
> > - XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS)
> > $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
> > --
> > 2.37.1.windows.1
> >
> >
> >
> >
> >
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs
2022-10-11 15:03 [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (11 preceding siblings ...)
2022-10-11 15:03 ` [Patch 12/12] CryptoPkg: Add Readme.md Michael D Kinney
@ 2022-10-12 1:08 ` Yao, Jiewen
2022-10-12 1:24 ` Michael D Kinney
12 siblings, 1 reply; 23+ messages in thread
From: Yao, Jiewen @ 2022-10-12 1:08 UTC (permalink / raw)
To: Kinney, Michael D, devel@edk2.groups.io
Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin, Zurcher, Christopher,
Rebecca Cran, Ard Biesheuvel
Thank you Mike.
1) I like the idea to combine multiple OpensslLibIA32/X64.inf into one OpensslLibAccel.inf.
Also the cleanup looks good to me.
2) I also like the summary in readme in https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_MergeOptimizedOpensslLibs/CryptoPkg
I notice some algorithms are listed Y(Deprecated) but N(Don't Use), such as Tdes, Arc4, Aes.Ecb*.
But I don't see the use case for those algorithms and I suggest a Y(Deprecated) have Y(Don't Use).
3) About PcdOpensslEcEnabled
I notice it is used in existing code - https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_MergeOptimizedOpensslLibs/CryptoPkg/Library/TlsLib/TlsConfig.c#L1139
Is this right way?
Thank you
Yao, Jiewen
> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Tuesday, October 11, 2022 11:04 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang,
> Guomin <guomin.jiang@intel.com>; Zurcher, Christopher
> <christopher.zurcher@microsoft.com>; Rebecca Cran
> <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> Subject: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt
> OpensslLibs
>
> The recent addition of the Ecliptic Curve (EC) feature and the performance
> optimization features increased the complexity for platforms to integrate
> and enable these features. This series simplifies the platform configuration
> as much as possible and improves the ability to manage the the size impact
> of cryptographic services in each FW phase. A Readme.md is also added
> that
> provides an overview of the CryptoPkg design and features along with
> platform
> integration recommendations.
>
> This series also addresses private library class declarations missing from
> CryptoPkg.dec and library instances not producing all the APIs defined
> by the library classes. A review of the CryptoPkg EDK II meta data files
> identified
> a number of additional cleanups. The CryptoPkg.dsc file was also updated to
> improve CI coverage for future CryptoPkg changes and identified some
> unit test bug fixes.
>
> PR: https://github.com/tianocore/edk2/pull/3443
> Branch:
> https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_Merge
> OptimizedOpensslLibs
> Readme:
> https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_Merge
> OptimizedOpensslLibs/CryptoPkg/Readme.md
>
> Change Summary
> ==============
> * Document disabled/deprecated cryptographic services
> * Add missing UNI files in BaseCryptLib
> * Update BaseCryptLib internal functions to be STATIC and remove EFIAPI
> * Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global
> variables
> * Fix BaseCryptLib unit tests
> * Cleanup BaseCryptLib and TlsLib INF files and
> * Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that uses it.
> * Merge 4 performance optimized INFs into OpensslLib*Accel.inf
> * Remove use of PcdOpensslEcEnabled and use OpensslLibFull*.inf instead
> * Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private library classes
> * Update all OpensslLib instances to always produce all APIs in OpensslLib
> class
> * Move PrintLib dependency from OpensslLib INF files to BaseCryptLib INF
> files
> * Update CryptoPkg.dsc files to provide full CI test coverage across all the
> supported combinations of OpensslLib, BaseCryptLib, and TlsLib instances.
> * Remove PACKAGE profile from CryptoPkg.dsc and add
> TARGET_UNIT_TESTS
> profile. Adding TARGET_UNIT_TESTS profile is required to prevent a few
> unit
> test artifacts being included in non unit test builds of components.
> * Add CryptoPkg Readme.md with overview and platform integration
> details.
> * Update host-based unit tests to always use OpensslLibFull.inf and add
> unit
> test coverage for OpensslLibFullAccel.inf.
> * Add Readme.md with CryptoPkg overview and platform integration
> documentation
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
> Cc: Rebecca Cran <quic_rcran@quicinc.com>
> Cc: Ard Biesheuvel <ardb@kernel.org>
> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
>
> Michael D Kinney (12):
> CryptoPkg: Document and disable deprecated crypto services
> CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format
> CryptoPkg/Library/BaseCryptLib: Update internal functions/variables
> CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
> CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
> CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs
> CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
> CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
> CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
> CryptoPkg: Update DSC to improve CI test coverage
> CryptoPkg: Fixed host-based unit tests
> CryptoPkg: Add Readme.md
>
> CryptoPkg/CryptoPkg.ci.yaml | 11 +-
> CryptoPkg/CryptoPkg.dec | 42 +-
> CryptoPkg/CryptoPkg.dsc | 460 +++++++++---
> .../Pcd/PcdCryptoServiceFamilyEnable.h | 122 +--
> .../Library/BaseCryptLib/BaseCryptLib.inf | 10 +-
> .../Library/BaseCryptLib/BaseCryptLib.uni | 2 -
> .../Library/BaseCryptLib/Hmac/CryptHmac.c | 7 +
> .../Library/BaseCryptLib/Kdf/CryptHkdf.c | 5 +-
> .../Library/BaseCryptLib/PeiCryptLib.inf | 8 +-
> .../Library/BaseCryptLib/PeiCryptLib.uni | 2 -
> .../BaseCryptLib/Pk/CryptAuthenticode.c | 2 +-
> .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 3 +-
> .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 3 +
> CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 44 +-
> .../Library/BaseCryptLib/RuntimeCryptLib.inf | 9 +-
> .../Library/BaseCryptLib/RuntimeCryptLib.uni | 2 -
> .../Library/BaseCryptLib/SecCryptLib.inf | 13 +-
> .../{SmmCryptLib.uni => SecCryptLib.uni} | 11 +-
> .../Library/BaseCryptLib/SmmCryptLib.inf | 12 -
> .../Library/BaseCryptLib/SmmCryptLib.uni | 2 -
> .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 22 +-
> .../Library/Include/openssl/opensslconf.h | 328 +++++++-
> .../Include/openssl/opensslconf_generated.h | 333 ---------
> CryptoPkg/Library/OpensslLib/EcSm2Null.c | 291 ++++++++
> CryptoPkg/Library/OpensslLib/OpensslLib.inf | 133 ++--
> CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +-
> ...nsslLibIa32Gcc.inf => OpensslLibAccel.inf} | 189 +++--
> .../Library/OpensslLib/OpensslLibAccel.uni | 14 +
> .../OpensslLib/OpensslLibConstructor.c | 6 +-
> .../Library/OpensslLib/OpensslLibCrypto.inf | 185 +++--
> .../Library/OpensslLib/OpensslLibCrypto.uni | 11 +-
> .../{OpensslLib.inf => OpensslLibFull.inf} | 143 ++--
> .../{OpensslLib.uni => OpensslLibFull.uni} | 10 +-
> ...sslLibIa32.inf => OpensslLibFullAccel.inf} | 192 +++--
> .../OpensslLib/OpensslLibFullAccel.uni | 14 +
> .../Library/OpensslLib/OpensslLibX64.inf | 706 ------------------
> .../Library/OpensslLib/OpensslLibX64Gcc.inf | 706 ------------------
> CryptoPkg/Library/OpensslLib/SslNull.c | 405 ++++++++++
> .../SysCall/inet_pton.c | 0
> CryptoPkg/Library/TlsLib/TlsConfig.c | 2 +-
> CryptoPkg/Library/TlsLib/TlsLib.inf | 12 +-
> CryptoPkg/Private/Library/IntrinsicLib.h | 16 +
> CryptoPkg/Private/Library/OpensslLib.h | 14 +
> CryptoPkg/Readme.md | 498 ++++++++++++
> CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 17 +-
> .../UnitTest/Library/BaseCryptLib/HmacTests.c | 17 +-
> .../UnitTest/Library/BaseCryptLib/TSTests.c | 2 +-
> .../TestBaseCryptLibHostAccel.inf | 55 ++
> 48 files changed, 2667 insertions(+), 2434 deletions(-)
> copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni =>
> SecCryptLib.uni} (74%)
> delete mode 100644
> CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
> rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =>
> OpensslLibAccel.inf} (79%)
> create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> copy CryptoPkg/Library/OpensslLib/{OpensslLib.inf => OpensslLibFull.inf}
> (80%)
> copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni => OpensslLibFull.uni}
> (56%)
> rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =>
> OpensslLibFullAccel.inf} (79%)
> create mode 100644
> CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
> create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
> rename CryptoPkg/Library/{BaseCryptLib => TlsLib}/SysCall/inet_pton.c
> (100%)
> create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
> create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
> create mode 100644 CryptoPkg/Readme.md
> create mode 100644
> CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.i
> nf
>
> --
> 2.37.1.windows.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs
2022-10-12 1:08 ` [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Yao, Jiewen
@ 2022-10-12 1:24 ` Michael D Kinney
2022-10-12 1:36 ` Yao, Jiewen
0 siblings, 1 reply; 23+ messages in thread
From: Michael D Kinney @ 2022-10-12 1:24 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io, Kinney, Michael D
Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin, Zurcher, Christopher,
Rebecca Cran, Ard Biesheuvel
Hi Jiewen,
Comments below.
Mike
> -----Original Message-----
> From: Yao, Jiewen <jiewen.yao@intel.com>
> Sent: Tuesday, October 11, 2022 6:09 PM
> To: Kinney, Michael D <michael.d.kinney@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; Zurcher,
> Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs
>
> Thank you Mike.
>
> 1) I like the idea to combine multiple OpensslLibIA32/X64.inf into one OpensslLibAccel.inf.
> Also the cleanup looks good to me.
>
> 2) I also like the summary in readme in
> https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_MergeOptimizedOpensslLibs/CryptoPkg
> I notice some algorithms are listed Y(Deprecated) but N(Don't Use), such as Tdes, Arc4, Aes.Ecb*.
> But I don’t see the use case for those algorithms and I suggest a Y(Deprecated) have Y(Don't Use).
Good catch. I will fix.
>
> 3) About PcdOpensslEcEnabled
> I notice it is used in existing code -
> https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_MergeOptimizedOpensslLibs/CryptoPkg/Library/TlsLib/TlsConfig.c#L11
> 39
> Is this right way?
This was added since I started this work and was added back in by rebase. I will fix.
We can just remove the check for the PCD. If the OpensslLib instance does not include
SSL services, then the Null SSL services are present and the call to SSL_ctrl() will
return 0 which will force TlsSetEcCurve() to return EFI_UNSUPPORTED. It will also
ASSERT() informing the developer that a call to a service that depends on SSL was made
without SSL services available.
long
SSL_ctrl (
SSL *ssl,
int cmd,
long larg,
void *parg
)
{
ASSERT (FALSE);
return 0;
}
Likewise, if the OpensslLib instance does not support EC services, then the Null
EC services will be included and the call to EC_KEY_new_by_curve_name() will
return NULL which will force TlsSetEcCurve() to return EFI_UNSUPPORTED. It will also
ASSERT() informing the developer that a call to a service that depends on EC was made
without EC services available.
EC_KEY *
EC_KEY_new_by_curve_name (
int nid
)
{
ASSERT (FALSE);
return NULL;
}
>
> Thank you
> Yao, Jiewen
>
> > -----Original Message-----
> > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > Sent: Tuesday, October 11, 2022 11:04 PM
> > To: devel@edk2.groups.io
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang,
> > Guomin <guomin.jiang@intel.com>; Zurcher, Christopher
> > <christopher.zurcher@microsoft.com>; Rebecca Cran
> > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > Subject: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt
> > OpensslLibs
> >
> > The recent addition of the Ecliptic Curve (EC) feature and the performance
> > optimization features increased the complexity for platforms to integrate
> > and enable these features. This series simplifies the platform configuration
> > as much as possible and improves the ability to manage the the size impact
> > of cryptographic services in each FW phase. A Readme.md is also added
> > that
> > provides an overview of the CryptoPkg design and features along with
> > platform
> > integration recommendations.
> >
> > This series also addresses private library class declarations missing from
> > CryptoPkg.dec and library instances not producing all the APIs defined
> > by the library classes. A review of the CryptoPkg EDK II meta data files
> > identified
> > a number of additional cleanups. The CryptoPkg.dsc file was also updated to
> > improve CI coverage for future CryptoPkg changes and identified some
> > unit test bug fixes.
> >
> > PR: https://github.com/tianocore/edk2/pull/3443
> > Branch:
> > https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_Merge
> > OptimizedOpensslLibs
> > Readme:
> > https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_Merge
> > OptimizedOpensslLibs/CryptoPkg/Readme.md
> >
> > Change Summary
> > ==============
> > * Document disabled/deprecated cryptographic services
> > * Add missing UNI files in BaseCryptLib
> > * Update BaseCryptLib internal functions to be STATIC and remove EFIAPI
> > * Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global
> > variables
> > * Fix BaseCryptLib unit tests
> > * Cleanup BaseCryptLib and TlsLib INF files and
> > * Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that uses it.
> > * Merge 4 performance optimized INFs into OpensslLib*Accel.inf
> > * Remove use of PcdOpensslEcEnabled and use OpensslLibFull*.inf instead
> > * Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private library classes
> > * Update all OpensslLib instances to always produce all APIs in OpensslLib
> > class
> > * Move PrintLib dependency from OpensslLib INF files to BaseCryptLib INF
> > files
> > * Update CryptoPkg.dsc files to provide full CI test coverage across all the
> > supported combinations of OpensslLib, BaseCryptLib, and TlsLib instances.
> > * Remove PACKAGE profile from CryptoPkg.dsc and add
> > TARGET_UNIT_TESTS
> > profile. Adding TARGET_UNIT_TESTS profile is required to prevent a few
> > unit
> > test artifacts being included in non unit test builds of components.
> > * Add CryptoPkg Readme.md with overview and platform integration
> > details.
> > * Update host-based unit tests to always use OpensslLibFull.inf and add
> > unit
> > test coverage for OpensslLibFullAccel.inf.
> > * Add Readme.md with CryptoPkg overview and platform integration
> > documentation
> >
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
> > Cc: Rebecca Cran <quic_rcran@quicinc.com>
> > Cc: Ard Biesheuvel <ardb@kernel.org>
> > Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> >
> > Michael D Kinney (12):
> > CryptoPkg: Document and disable deprecated crypto services
> > CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format
> > CryptoPkg/Library/BaseCryptLib: Update internal functions/variables
> > CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
> > CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
> > CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs
> > CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
> > CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
> > CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
> > CryptoPkg: Update DSC to improve CI test coverage
> > CryptoPkg: Fixed host-based unit tests
> > CryptoPkg: Add Readme.md
> >
> > CryptoPkg/CryptoPkg.ci.yaml | 11 +-
> > CryptoPkg/CryptoPkg.dec | 42 +-
> > CryptoPkg/CryptoPkg.dsc | 460 +++++++++---
> > .../Pcd/PcdCryptoServiceFamilyEnable.h | 122 +--
> > .../Library/BaseCryptLib/BaseCryptLib.inf | 10 +-
> > .../Library/BaseCryptLib/BaseCryptLib.uni | 2 -
> > .../Library/BaseCryptLib/Hmac/CryptHmac.c | 7 +
> > .../Library/BaseCryptLib/Kdf/CryptHkdf.c | 5 +-
> > .../Library/BaseCryptLib/PeiCryptLib.inf | 8 +-
> > .../Library/BaseCryptLib/PeiCryptLib.uni | 2 -
> > .../BaseCryptLib/Pk/CryptAuthenticode.c | 2 +-
> > .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 3 +-
> > .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 3 +
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 44 +-
> > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 9 +-
> > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 2 -
> > .../Library/BaseCryptLib/SecCryptLib.inf | 13 +-
> > .../{SmmCryptLib.uni => SecCryptLib.uni} | 11 +-
> > .../Library/BaseCryptLib/SmmCryptLib.inf | 12 -
> > .../Library/BaseCryptLib/SmmCryptLib.uni | 2 -
> > .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 22 +-
> > .../Library/Include/openssl/opensslconf.h | 328 +++++++-
> > .../Include/openssl/opensslconf_generated.h | 333 ---------
> > CryptoPkg/Library/OpensslLib/EcSm2Null.c | 291 ++++++++
> > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 133 ++--
> > CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +-
> > ...nsslLibIa32Gcc.inf => OpensslLibAccel.inf} | 189 +++--
> > .../Library/OpensslLib/OpensslLibAccel.uni | 14 +
> > .../OpensslLib/OpensslLibConstructor.c | 6 +-
> > .../Library/OpensslLib/OpensslLibCrypto.inf | 185 +++--
> > .../Library/OpensslLib/OpensslLibCrypto.uni | 11 +-
> > .../{OpensslLib.inf => OpensslLibFull.inf} | 143 ++--
> > .../{OpensslLib.uni => OpensslLibFull.uni} | 10 +-
> > ...sslLibIa32.inf => OpensslLibFullAccel.inf} | 192 +++--
> > .../OpensslLib/OpensslLibFullAccel.uni | 14 +
> > .../Library/OpensslLib/OpensslLibX64.inf | 706 ------------------
> > .../Library/OpensslLib/OpensslLibX64Gcc.inf | 706 ------------------
> > CryptoPkg/Library/OpensslLib/SslNull.c | 405 ++++++++++
> > .../SysCall/inet_pton.c | 0
> > CryptoPkg/Library/TlsLib/TlsConfig.c | 2 +-
> > CryptoPkg/Library/TlsLib/TlsLib.inf | 12 +-
> > CryptoPkg/Private/Library/IntrinsicLib.h | 16 +
> > CryptoPkg/Private/Library/OpensslLib.h | 14 +
> > CryptoPkg/Readme.md | 498 ++++++++++++
> > CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 17 +-
> > .../UnitTest/Library/BaseCryptLib/HmacTests.c | 17 +-
> > .../UnitTest/Library/BaseCryptLib/TSTests.c | 2 +-
> > .../TestBaseCryptLibHostAccel.inf | 55 ++
> > 48 files changed, 2667 insertions(+), 2434 deletions(-)
> > copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni =>
> > SecCryptLib.uni} (74%)
> > delete mode 100644
> > CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> > create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
> > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =>
> > OpensslLibAccel.inf} (79%)
> > create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> > copy CryptoPkg/Library/OpensslLib/{OpensslLib.inf => OpensslLibFull.inf}
> > (80%)
> > copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni => OpensslLibFull.uni}
> > (56%)
> > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =>
> > OpensslLibFullAccel.inf} (79%)
> > create mode 100644
> > CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> > delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> > delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
> > create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
> > rename CryptoPkg/Library/{BaseCryptLib => TlsLib}/SysCall/inet_pton.c
> > (100%)
> > create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
> > create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
> > create mode 100644 CryptoPkg/Readme.md
> > create mode 100644
> > CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.i
> > nf
> >
> > --
> > 2.37.1.windows.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs
2022-10-12 1:24 ` Michael D Kinney
@ 2022-10-12 1:36 ` Yao, Jiewen
2022-10-12 1:55 ` Michael D Kinney
0 siblings, 1 reply; 23+ messages in thread
From: Yao, Jiewen @ 2022-10-12 1:36 UTC (permalink / raw)
To: Kinney, Michael D, devel@edk2.groups.io
Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin, Zurcher, Christopher,
Rebecca Cran, Ard Biesheuvel
Hi Mike
For PcdOpensslEcEnabled, I am seeing other usage. For example:
https://github.com/qizhangz/edk2/blob/EC_Upstream/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c#L156
I think we may need BKM on "how to disable EC".
Thank you
Yao, Jiewen
> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Wednesday, October 12, 2022 9:25 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Kinney,
> Michael D <michael.d.kinney@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> Zurcher, Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt
> OpensslLibs
>
> Hi Jiewen,
>
> Comments below.
>
> Mike
>
> > -----Original Message-----
> > From: Yao, Jiewen <jiewen.yao@intel.com>
> > Sent: Tuesday, October 11, 2022 6:09 PM
> > To: Kinney, Michael D <michael.d.kinney@intel.com>;
> devel@edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> Zurcher,
> > Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt
> OpensslLibs
> >
> > Thank you Mike.
> >
> > 1) I like the idea to combine multiple OpensslLibIA32/X64.inf into one
> OpensslLibAccel.inf.
> > Also the cleanup looks good to me.
> >
> > 2) I also like the summary in readme in
> >
> https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_Merge
> OptimizedOpensslLibs/CryptoPkg
> > I notice some algorithms are listed Y(Deprecated) but N(Don't Use), such
> as Tdes, Arc4, Aes.Ecb*.
> > But I don’t see the use case for those algorithms and I suggest a
> Y(Deprecated) have Y(Don't Use).
>
> Good catch. I will fix.
>
> >
> > 3) About PcdOpensslEcEnabled
> > I notice it is used in existing code -
> >
> https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_Merge
> OptimizedOpensslLibs/CryptoPkg/Library/TlsLib/TlsConfig.c#L11
> > 39
> > Is this right way?
>
> This was added since I started this work and was added back in by rebase. I
> will fix.
> We can just remove the check for the PCD. If the OpensslLib instance does
> not include
> SSL services, then the Null SSL services are present and the call to SSL_ctrl()
> will
> return 0 which will force TlsSetEcCurve() to return EFI_UNSUPPORTED. It
> will also
> ASSERT() informing the developer that a call to a service that depends on
> SSL was made
> without SSL services available.
>
> long
> SSL_ctrl (
> SSL *ssl,
> int cmd,
> long larg,
> void *parg
> )
> {
> ASSERT (FALSE);
> return 0;
> }
>
> Likewise, if the OpensslLib instance does not support EC services, then the
> Null
> EC services will be included and the call to EC_KEY_new_by_curve_name()
> will
> return NULL which will force TlsSetEcCurve() to return EFI_UNSUPPORTED. It
> will also
> ASSERT() informing the developer that a call to a service that depends on EC
> was made
> without EC services available.
>
> EC_KEY *
> EC_KEY_new_by_curve_name (
> int nid
> )
> {
> ASSERT (FALSE);
> return NULL;
> }
>
> >
> > Thank you
> > Yao, Jiewen
> >
> > > -----Original Message-----
> > > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > > Sent: Tuesday, October 11, 2022 11:04 PM
> > > To: devel@edk2.groups.io
> > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > > <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang,
> > > Guomin <guomin.jiang@intel.com>; Zurcher, Christopher
> > > <christopher.zurcher@microsoft.com>; Rebecca Cran
> > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > Subject: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt
> > > OpensslLibs
> > >
> > > The recent addition of the Ecliptic Curve (EC) feature and the
> performance
> > > optimization features increased the complexity for platforms to
> integrate
> > > and enable these features. This series simplifies the platform
> configuration
> > > as much as possible and improves the ability to manage the the size
> impact
> > > of cryptographic services in each FW phase. A Readme.md is also added
> > > that
> > > provides an overview of the CryptoPkg design and features along with
> > > platform
> > > integration recommendations.
> > >
> > > This series also addresses private library class declarations missing from
> > > CryptoPkg.dec and library instances not producing all the APIs defined
> > > by the library classes. A review of the CryptoPkg EDK II meta data files
> > > identified
> > > a number of additional cleanups. The CryptoPkg.dsc file was also
> updated to
> > > improve CI coverage for future CryptoPkg changes and identified some
> > > unit test bug fixes.
> > >
> > > PR: https://github.com/tianocore/edk2/pull/3443
> > > Branch:
> > >
> https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_Merge
> > > OptimizedOpensslLibs
> > > Readme:
> > >
> https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_Merge
> > > OptimizedOpensslLibs/CryptoPkg/Readme.md
> > >
> > > Change Summary
> > > ==============
> > > * Document disabled/deprecated cryptographic services
> > > * Add missing UNI files in BaseCryptLib
> > > * Update BaseCryptLib internal functions to be STATIC and remove
> EFIAPI
> > > * Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global
> > > variables
> > > * Fix BaseCryptLib unit tests
> > > * Cleanup BaseCryptLib and TlsLib INF files and
> > > * Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that uses it.
> > > * Merge 4 performance optimized INFs into OpensslLib*Accel.inf
> > > * Remove use of PcdOpensslEcEnabled and use OpensslLibFull*.inf
> instead
> > > * Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private library
> classes
> > > * Update all OpensslLib instances to always produce all APIs in
> OpensslLib
> > > class
> > > * Move PrintLib dependency from OpensslLib INF files to BaseCryptLib
> INF
> > > files
> > > * Update CryptoPkg.dsc files to provide full CI test coverage across all
> the
> > > supported combinations of OpensslLib, BaseCryptLib, and TlsLib
> instances.
> > > * Remove PACKAGE profile from CryptoPkg.dsc and add
> > > TARGET_UNIT_TESTS
> > > profile. Adding TARGET_UNIT_TESTS profile is required to prevent a
> few
> > > unit
> > > test artifacts being included in non unit test builds of components.
> > > * Add CryptoPkg Readme.md with overview and platform integration
> > > details.
> > > * Update host-based unit tests to always use OpensslLibFull.inf and add
> > > unit
> > > test coverage for OpensslLibFullAccel.inf.
> > > * Add Readme.md with CryptoPkg overview and platform integration
> > > documentation
> > >
> > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> > > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > > Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
> > > Cc: Rebecca Cran <quic_rcran@quicinc.com>
> > > Cc: Ard Biesheuvel <ardb@kernel.org>
> > > Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> > >
> > > Michael D Kinney (12):
> > > CryptoPkg: Document and disable deprecated crypto services
> > > CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format
> > > CryptoPkg/Library/BaseCryptLib: Update internal functions/variables
> > > CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
> > > CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
> > > CryptoPkg/Library/OpensslLib: Combine all performance optimized
> INFs
> > > CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
> > > CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
> > > CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
> > > CryptoPkg: Update DSC to improve CI test coverage
> > > CryptoPkg: Fixed host-based unit tests
> > > CryptoPkg: Add Readme.md
> > >
> > > CryptoPkg/CryptoPkg.ci.yaml | 11 +-
> > > CryptoPkg/CryptoPkg.dec | 42 +-
> > > CryptoPkg/CryptoPkg.dsc | 460 +++++++++---
> > > .../Pcd/PcdCryptoServiceFamilyEnable.h | 122 +--
> > > .../Library/BaseCryptLib/BaseCryptLib.inf | 10 +-
> > > .../Library/BaseCryptLib/BaseCryptLib.uni | 2 -
> > > .../Library/BaseCryptLib/Hmac/CryptHmac.c | 7 +
> > > .../Library/BaseCryptLib/Kdf/CryptHkdf.c | 5 +-
> > > .../Library/BaseCryptLib/PeiCryptLib.inf | 8 +-
> > > .../Library/BaseCryptLib/PeiCryptLib.uni | 2 -
> > > .../BaseCryptLib/Pk/CryptAuthenticode.c | 2 +-
> > > .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 3 +-
> > > .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 3 +
> > > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 44 +-
> > > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 9 +-
> > > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 2 -
> > > .../Library/BaseCryptLib/SecCryptLib.inf | 13 +-
> > > .../{SmmCryptLib.uni => SecCryptLib.uni} | 11 +-
> > > .../Library/BaseCryptLib/SmmCryptLib.inf | 12 -
> > > .../Library/BaseCryptLib/SmmCryptLib.uni | 2 -
> > > .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 22 +-
> > > .../Library/Include/openssl/opensslconf.h | 328 +++++++-
> > > .../Include/openssl/opensslconf_generated.h | 333 ---------
> > > CryptoPkg/Library/OpensslLib/EcSm2Null.c | 291 ++++++++
> > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 133 ++--
> > > CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +-
> > > ...nsslLibIa32Gcc.inf => OpensslLibAccel.inf} | 189 +++--
> > > .../Library/OpensslLib/OpensslLibAccel.uni | 14 +
> > > .../OpensslLib/OpensslLibConstructor.c | 6 +-
> > > .../Library/OpensslLib/OpensslLibCrypto.inf | 185 +++--
> > > .../Library/OpensslLib/OpensslLibCrypto.uni | 11 +-
> > > .../{OpensslLib.inf => OpensslLibFull.inf} | 143 ++--
> > > .../{OpensslLib.uni => OpensslLibFull.uni} | 10 +-
> > > ...sslLibIa32.inf => OpensslLibFullAccel.inf} | 192 +++--
> > > .../OpensslLib/OpensslLibFullAccel.uni | 14 +
> > > .../Library/OpensslLib/OpensslLibX64.inf | 706 ------------------
> > > .../Library/OpensslLib/OpensslLibX64Gcc.inf | 706 ------------------
> > > CryptoPkg/Library/OpensslLib/SslNull.c | 405 ++++++++++
> > > .../SysCall/inet_pton.c | 0
> > > CryptoPkg/Library/TlsLib/TlsConfig.c | 2 +-
> > > CryptoPkg/Library/TlsLib/TlsLib.inf | 12 +-
> > > CryptoPkg/Private/Library/IntrinsicLib.h | 16 +
> > > CryptoPkg/Private/Library/OpensslLib.h | 14 +
> > > CryptoPkg/Readme.md | 498 ++++++++++++
> > > CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 17 +-
> > > .../UnitTest/Library/BaseCryptLib/HmacTests.c | 17 +-
> > > .../UnitTest/Library/BaseCryptLib/TSTests.c | 2 +-
> > > .../TestBaseCryptLibHostAccel.inf | 55 ++
> > > 48 files changed, 2667 insertions(+), 2434 deletions(-)
> > > copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni =>
> > > SecCryptLib.uni} (74%)
> > > delete mode 100644
> > > CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> > > create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
> > > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =>
> > > OpensslLibAccel.inf} (79%)
> > > create mode 100644
> CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> > > copy CryptoPkg/Library/OpensslLib/{OpensslLib.inf =>
> OpensslLibFull.inf}
> > > (80%)
> > > copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni =>
> OpensslLibFull.uni}
> > > (56%)
> > > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =>
> > > OpensslLibFullAccel.inf} (79%)
> > > create mode 100644
> > > CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> > > delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> > > delete mode 100644
> CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
> > > create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
> > > rename CryptoPkg/Library/{BaseCryptLib => TlsLib}/SysCall/inet_pton.c
> > > (100%)
> > > create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
> > > create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
> > > create mode 100644 CryptoPkg/Readme.md
> > > create mode 100644
> > >
> CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.i
> > > nf
> > >
> > > --
> > > 2.37.1.windows.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs
2022-10-12 1:36 ` Yao, Jiewen
@ 2022-10-12 1:55 ` Michael D Kinney
2022-10-12 2:07 ` Yao, Jiewen
[not found] ` <171D30322FF3DC63.20882@groups.io>
0 siblings, 2 replies; 23+ messages in thread
From: Michael D Kinney @ 2022-10-12 1:55 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io, Kinney, Michael D
Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin, Zurcher, Christopher,
Rebecca Cran, Ard Biesheuvel
Jiewen,
The BKM is to just call the EC services from the layers above OpensslLib.
The EC APIs will always be present. Either real EC service or Null EC service.
This way we can remove all the #ifdef on EC PCD.
Platform developers select the OpensslLib instance with EC (OpensslLibFull.inf) or
without EC (OpensslLib.inf).
Mike
> -----Original Message-----
> From: Yao, Jiewen <jiewen.yao@intel.com>
> Sent: Tuesday, October 11, 2022 6:37 PM
> To: Kinney, Michael D <michael.d.kinney@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; Zurcher,
> Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs
>
> Hi Mike
> For PcdOpensslEcEnabled, I am seeing other usage. For example:
> https://github.com/qizhangz/edk2/blob/EC_Upstream/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c#L156
>
> I think we may need BKM on "how to disable EC".
>
> Thank you
> Yao, Jiewen
>
>
> > -----Original Message-----
> > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > Sent: Wednesday, October 12, 2022 9:25 AM
> > To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Kinney,
> > Michael D <michael.d.kinney@intel.com>
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > Zurcher, Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt
> > OpensslLibs
> >
> > Hi Jiewen,
> >
> > Comments below.
> >
> > Mike
> >
> > > -----Original Message-----
> > > From: Yao, Jiewen <jiewen.yao@intel.com>
> > > Sent: Tuesday, October 11, 2022 6:09 PM
> > > To: Kinney, Michael D <michael.d.kinney@intel.com>;
> > devel@edk2.groups.io
> > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > Zurcher,
> > > Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt
> > OpensslLibs
> > >
> > > Thank you Mike.
> > >
> > > 1) I like the idea to combine multiple OpensslLibIA32/X64.inf into one
> > OpensslLibAccel.inf.
> > > Also the cleanup looks good to me.
> > >
> > > 2) I also like the summary in readme in
> > >
> > https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_Merge
> > OptimizedOpensslLibs/CryptoPkg
> > > I notice some algorithms are listed Y(Deprecated) but N(Don't Use), such
> > as Tdes, Arc4, Aes.Ecb*.
> > > But I don’t see the use case for those algorithms and I suggest a
> > Y(Deprecated) have Y(Don't Use).
> >
> > Good catch. I will fix.
> >
> > >
> > > 3) About PcdOpensslEcEnabled
> > > I notice it is used in existing code -
> > >
> > https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_Merge
> > OptimizedOpensslLibs/CryptoPkg/Library/TlsLib/TlsConfig.c#L11
> > > 39
> > > Is this right way?
> >
> > This was added since I started this work and was added back in by rebase. I
> > will fix.
> > We can just remove the check for the PCD. If the OpensslLib instance does
> > not include
> > SSL services, then the Null SSL services are present and the call to SSL_ctrl()
> > will
> > return 0 which will force TlsSetEcCurve() to return EFI_UNSUPPORTED. It
> > will also
> > ASSERT() informing the developer that a call to a service that depends on
> > SSL was made
> > without SSL services available.
> >
> > long
> > SSL_ctrl (
> > SSL *ssl,
> > int cmd,
> > long larg,
> > void *parg
> > )
> > {
> > ASSERT (FALSE);
> > return 0;
> > }
> >
> > Likewise, if the OpensslLib instance does not support EC services, then the
> > Null
> > EC services will be included and the call to EC_KEY_new_by_curve_name()
> > will
> > return NULL which will force TlsSetEcCurve() to return EFI_UNSUPPORTED. It
> > will also
> > ASSERT() informing the developer that a call to a service that depends on EC
> > was made
> > without EC services available.
> >
> > EC_KEY *
> > EC_KEY_new_by_curve_name (
> > int nid
> > )
> > {
> > ASSERT (FALSE);
> > return NULL;
> > }
> >
> > >
> > > Thank you
> > > Yao, Jiewen
> > >
> > > > -----Original Message-----
> > > > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > > > Sent: Tuesday, October 11, 2022 11:04 PM
> > > > To: devel@edk2.groups.io
> > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > > > <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang,
> > > > Guomin <guomin.jiang@intel.com>; Zurcher, Christopher
> > > > <christopher.zurcher@microsoft.com>; Rebecca Cran
> > > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > > Subject: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt
> > > > OpensslLibs
> > > >
> > > > The recent addition of the Ecliptic Curve (EC) feature and the
> > performance
> > > > optimization features increased the complexity for platforms to
> > integrate
> > > > and enable these features. This series simplifies the platform
> > configuration
> > > > as much as possible and improves the ability to manage the the size
> > impact
> > > > of cryptographic services in each FW phase. A Readme.md is also added
> > > > that
> > > > provides an overview of the CryptoPkg design and features along with
> > > > platform
> > > > integration recommendations.
> > > >
> > > > This series also addresses private library class declarations missing from
> > > > CryptoPkg.dec and library instances not producing all the APIs defined
> > > > by the library classes. A review of the CryptoPkg EDK II meta data files
> > > > identified
> > > > a number of additional cleanups. The CryptoPkg.dsc file was also
> > updated to
> > > > improve CI coverage for future CryptoPkg changes and identified some
> > > > unit test bug fixes.
> > > >
> > > > PR: https://github.com/tianocore/edk2/pull/3443
> > > > Branch:
> > > >
> > https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_Merge
> > > > OptimizedOpensslLibs
> > > > Readme:
> > > >
> > https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_Merge
> > > > OptimizedOpensslLibs/CryptoPkg/Readme.md
> > > >
> > > > Change Summary
> > > > ==============
> > > > * Document disabled/deprecated cryptographic services
> > > > * Add missing UNI files in BaseCryptLib
> > > > * Update BaseCryptLib internal functions to be STATIC and remove
> > EFIAPI
> > > > * Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global
> > > > variables
> > > > * Fix BaseCryptLib unit tests
> > > > * Cleanup BaseCryptLib and TlsLib INF files and
> > > > * Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that uses it.
> > > > * Merge 4 performance optimized INFs into OpensslLib*Accel.inf
> > > > * Remove use of PcdOpensslEcEnabled and use OpensslLibFull*.inf
> > instead
> > > > * Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private library
> > classes
> > > > * Update all OpensslLib instances to always produce all APIs in
> > OpensslLib
> > > > class
> > > > * Move PrintLib dependency from OpensslLib INF files to BaseCryptLib
> > INF
> > > > files
> > > > * Update CryptoPkg.dsc files to provide full CI test coverage across all
> > the
> > > > supported combinations of OpensslLib, BaseCryptLib, and TlsLib
> > instances.
> > > > * Remove PACKAGE profile from CryptoPkg.dsc and add
> > > > TARGET_UNIT_TESTS
> > > > profile. Adding TARGET_UNIT_TESTS profile is required to prevent a
> > few
> > > > unit
> > > > test artifacts being included in non unit test builds of components.
> > > > * Add CryptoPkg Readme.md with overview and platform integration
> > > > details.
> > > > * Update host-based unit tests to always use OpensslLibFull.inf and add
> > > > unit
> > > > test coverage for OpensslLibFullAccel.inf.
> > > > * Add Readme.md with CryptoPkg overview and platform integration
> > > > documentation
> > > >
> > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > > Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> > > > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > > > Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
> > > > Cc: Rebecca Cran <quic_rcran@quicinc.com>
> > > > Cc: Ard Biesheuvel <ardb@kernel.org>
> > > > Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> > > >
> > > > Michael D Kinney (12):
> > > > CryptoPkg: Document and disable deprecated crypto services
> > > > CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format
> > > > CryptoPkg/Library/BaseCryptLib: Update internal functions/variables
> > > > CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
> > > > CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
> > > > CryptoPkg/Library/OpensslLib: Combine all performance optimized
> > INFs
> > > > CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
> > > > CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
> > > > CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
> > > > CryptoPkg: Update DSC to improve CI test coverage
> > > > CryptoPkg: Fixed host-based unit tests
> > > > CryptoPkg: Add Readme.md
> > > >
> > > > CryptoPkg/CryptoPkg.ci.yaml | 11 +-
> > > > CryptoPkg/CryptoPkg.dec | 42 +-
> > > > CryptoPkg/CryptoPkg.dsc | 460 +++++++++---
> > > > .../Pcd/PcdCryptoServiceFamilyEnable.h | 122 +--
> > > > .../Library/BaseCryptLib/BaseCryptLib.inf | 10 +-
> > > > .../Library/BaseCryptLib/BaseCryptLib.uni | 2 -
> > > > .../Library/BaseCryptLib/Hmac/CryptHmac.c | 7 +
> > > > .../Library/BaseCryptLib/Kdf/CryptHkdf.c | 5 +-
> > > > .../Library/BaseCryptLib/PeiCryptLib.inf | 8 +-
> > > > .../Library/BaseCryptLib/PeiCryptLib.uni | 2 -
> > > > .../BaseCryptLib/Pk/CryptAuthenticode.c | 2 +-
> > > > .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 3 +-
> > > > .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 3 +
> > > > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 44 +-
> > > > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 9 +-
> > > > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 2 -
> > > > .../Library/BaseCryptLib/SecCryptLib.inf | 13 +-
> > > > .../{SmmCryptLib.uni => SecCryptLib.uni} | 11 +-
> > > > .../Library/BaseCryptLib/SmmCryptLib.inf | 12 -
> > > > .../Library/BaseCryptLib/SmmCryptLib.uni | 2 -
> > > > .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 22 +-
> > > > .../Library/Include/openssl/opensslconf.h | 328 +++++++-
> > > > .../Include/openssl/opensslconf_generated.h | 333 ---------
> > > > CryptoPkg/Library/OpensslLib/EcSm2Null.c | 291 ++++++++
> > > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 133 ++--
> > > > CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +-
> > > > ...nsslLibIa32Gcc.inf => OpensslLibAccel.inf} | 189 +++--
> > > > .../Library/OpensslLib/OpensslLibAccel.uni | 14 +
> > > > .../OpensslLib/OpensslLibConstructor.c | 6 +-
> > > > .../Library/OpensslLib/OpensslLibCrypto.inf | 185 +++--
> > > > .../Library/OpensslLib/OpensslLibCrypto.uni | 11 +-
> > > > .../{OpensslLib.inf => OpensslLibFull.inf} | 143 ++--
> > > > .../{OpensslLib.uni => OpensslLibFull.uni} | 10 +-
> > > > ...sslLibIa32.inf => OpensslLibFullAccel.inf} | 192 +++--
> > > > .../OpensslLib/OpensslLibFullAccel.uni | 14 +
> > > > .../Library/OpensslLib/OpensslLibX64.inf | 706 ------------------
> > > > .../Library/OpensslLib/OpensslLibX64Gcc.inf | 706 ------------------
> > > > CryptoPkg/Library/OpensslLib/SslNull.c | 405 ++++++++++
> > > > .../SysCall/inet_pton.c | 0
> > > > CryptoPkg/Library/TlsLib/TlsConfig.c | 2 +-
> > > > CryptoPkg/Library/TlsLib/TlsLib.inf | 12 +-
> > > > CryptoPkg/Private/Library/IntrinsicLib.h | 16 +
> > > > CryptoPkg/Private/Library/OpensslLib.h | 14 +
> > > > CryptoPkg/Readme.md | 498 ++++++++++++
> > > > CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 17 +-
> > > > .../UnitTest/Library/BaseCryptLib/HmacTests.c | 17 +-
> > > > .../UnitTest/Library/BaseCryptLib/TSTests.c | 2 +-
> > > > .../TestBaseCryptLibHostAccel.inf | 55 ++
> > > > 48 files changed, 2667 insertions(+), 2434 deletions(-)
> > > > copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni =>
> > > > SecCryptLib.uni} (74%)
> > > > delete mode 100644
> > > > CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> > > > create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
> > > > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =>
> > > > OpensslLibAccel.inf} (79%)
> > > > create mode 100644
> > CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> > > > copy CryptoPkg/Library/OpensslLib/{OpensslLib.inf =>
> > OpensslLibFull.inf}
> > > > (80%)
> > > > copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni =>
> > OpensslLibFull.uni}
> > > > (56%)
> > > > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =>
> > > > OpensslLibFullAccel.inf} (79%)
> > > > create mode 100644
> > > > CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> > > > delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> > > > delete mode 100644
> > CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
> > > > create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
> > > > rename CryptoPkg/Library/{BaseCryptLib => TlsLib}/SysCall/inet_pton.c
> > > > (100%)
> > > > create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
> > > > create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
> > > > create mode 100644 CryptoPkg/Readme.md
> > > > create mode 100644
> > > >
> > CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.i
> > > > nf
> > > >
> > > > --
> > > > 2.37.1.windows.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs
2022-10-12 1:55 ` Michael D Kinney
@ 2022-10-12 2:07 ` Yao, Jiewen
2022-10-12 2:23 ` Michael D Kinney
[not found] ` <171D30322FF3DC63.20882@groups.io>
1 sibling, 1 reply; 23+ messages in thread
From: Yao, Jiewen @ 2022-10-12 2:07 UTC (permalink / raw)
To: Kinney, Michael D, devel@edk2.groups.io
Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin, Zurcher, Christopher,
Rebecca Cran, Ard Biesheuvel
OK. That means we need manual write a wrapper for all EC APIs in Openssl Lib for internal usage.
More precisely, a wrapper for the delta between OpensslLib and OpensslLibFull, right?
There will be size difference between those two solutions, because the code other than EC will be include in the function.
Why not use NO_EC macro from openssl directly?
Thank you
Yao Jiewen
> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Wednesday, October 12, 2022 9:55 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Kinney,
> Michael D <michael.d.kinney@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> Zurcher, Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt
> OpensslLibs
>
> Jiewen,
>
> The BKM is to just call the EC services from the layers above OpensslLib.
> The EC APIs will always be present. Either real EC service or Null EC service.
> This way we can remove all the #ifdef on EC PCD.
>
> Platform developers select the OpensslLib instance with EC
> (OpensslLibFull.inf) or
> without EC (OpensslLib.inf).
>
> Mike
>
> > -----Original Message-----
> > From: Yao, Jiewen <jiewen.yao@intel.com>
> > Sent: Tuesday, October 11, 2022 6:37 PM
> > To: Kinney, Michael D <michael.d.kinney@intel.com>;
> devel@edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> Zurcher,
> > Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt
> OpensslLibs
> >
> > Hi Mike
> > For PcdOpensslEcEnabled, I am seeing other usage. For example:
> >
> https://github.com/qizhangz/edk2/blob/EC_Upstream/CryptoPkg/Library/
> BaseCryptLib/Pem/CryptPem.c#L156
> >
> > I think we may need BKM on "how to disable EC".
> >
> > Thank you
> > Yao, Jiewen
> >
> >
> > > -----Original Message-----
> > > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > > Sent: Wednesday, October 12, 2022 9:25 AM
> > > To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Kinney,
> > > Michael D <michael.d.kinney@intel.com>
> > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> > > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > > Zurcher, Christopher <christopher.zurcher@microsoft.com>; Rebecca
> Cran
> > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf
> opt
> > > OpensslLibs
> > >
> > > Hi Jiewen,
> > >
> > > Comments below.
> > >
> > > Mike
> > >
> > > > -----Original Message-----
> > > > From: Yao, Jiewen <jiewen.yao@intel.com>
> > > > Sent: Tuesday, October 11, 2022 6:09 PM
> > > > To: Kinney, Michael D <michael.d.kinney@intel.com>;
> > > devel@edk2.groups.io
> > > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> > > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > > Zurcher,
> > > > Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf
> opt
> > > OpensslLibs
> > > >
> > > > Thank you Mike.
> > > >
> > > > 1) I like the idea to combine multiple OpensslLibIA32/X64.inf into one
> > > OpensslLibAccel.inf.
> > > > Also the cleanup looks good to me.
> > > >
> > > > 2) I also like the summary in readme in
> > > >
> > >
> https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_Merge
> > > OptimizedOpensslLibs/CryptoPkg
> > > > I notice some algorithms are listed Y(Deprecated) but N(Don't Use),
> such
> > > as Tdes, Arc4, Aes.Ecb*.
> > > > But I don’t see the use case for those algorithms and I suggest a
> > > Y(Deprecated) have Y(Don't Use).
> > >
> > > Good catch. I will fix.
> > >
> > > >
> > > > 3) About PcdOpensslEcEnabled
> > > > I notice it is used in existing code -
> > > >
> > >
> https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_Merge
> > > OptimizedOpensslLibs/CryptoPkg/Library/TlsLib/TlsConfig.c#L11
> > > > 39
> > > > Is this right way?
> > >
> > > This was added since I started this work and was added back in by
> rebase. I
> > > will fix.
> > > We can just remove the check for the PCD. If the OpensslLib instance
> does
> > > not include
> > > SSL services, then the Null SSL services are present and the call to
> SSL_ctrl()
> > > will
> > > return 0 which will force TlsSetEcCurve() to return EFI_UNSUPPORTED.
> It
> > > will also
> > > ASSERT() informing the developer that a call to a service that depends
> on
> > > SSL was made
> > > without SSL services available.
> > >
> > > long
> > > SSL_ctrl (
> > > SSL *ssl,
> > > int cmd,
> > > long larg,
> > > void *parg
> > > )
> > > {
> > > ASSERT (FALSE);
> > > return 0;
> > > }
> > >
> > > Likewise, if the OpensslLib instance does not support EC services, then
> the
> > > Null
> > > EC services will be included and the call to
> EC_KEY_new_by_curve_name()
> > > will
> > > return NULL which will force TlsSetEcCurve() to return
> EFI_UNSUPPORTED. It
> > > will also
> > > ASSERT() informing the developer that a call to a service that depends
> on EC
> > > was made
> > > without EC services available.
> > >
> > > EC_KEY *
> > > EC_KEY_new_by_curve_name (
> > > int nid
> > > )
> > > {
> > > ASSERT (FALSE);
> > > return NULL;
> > > }
> > >
> > > >
> > > > Thank you
> > > > Yao, Jiewen
> > > >
> > > > > -----Original Message-----
> > > > > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > > > > Sent: Tuesday, October 11, 2022 11:04 PM
> > > > > To: devel@edk2.groups.io
> > > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > > > > <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang,
> > > > > Guomin <guomin.jiang@intel.com>; Zurcher, Christopher
> > > > > <christopher.zurcher@microsoft.com>; Rebecca Cran
> > > > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > > > Subject: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf
> opt
> > > > > OpensslLibs
> > > > >
> > > > > The recent addition of the Ecliptic Curve (EC) feature and the
> > > performance
> > > > > optimization features increased the complexity for platforms to
> > > integrate
> > > > > and enable these features. This series simplifies the platform
> > > configuration
> > > > > as much as possible and improves the ability to manage the the size
> > > impact
> > > > > of cryptographic services in each FW phase. A Readme.md is also
> added
> > > > > that
> > > > > provides an overview of the CryptoPkg design and features along
> with
> > > > > platform
> > > > > integration recommendations.
> > > > >
> > > > > This series also addresses private library class declarations missing
> from
> > > > > CryptoPkg.dec and library instances not producing all the APIs
> defined
> > > > > by the library classes. A review of the CryptoPkg EDK II meta data
> files
> > > > > identified
> > > > > a number of additional cleanups. The CryptoPkg.dsc file was also
> > > updated to
> > > > > improve CI coverage for future CryptoPkg changes and identified
> some
> > > > > unit test bug fixes.
> > > > >
> > > > > PR: https://github.com/tianocore/edk2/pull/3443
> > > > > Branch:
> > > > >
> > >
> https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_Merge
> > > > > OptimizedOpensslLibs
> > > > > Readme:
> > > > >
> > >
> https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_Merge
> > > > > OptimizedOpensslLibs/CryptoPkg/Readme.md
> > > > >
> > > > > Change Summary
> > > > > ==============
> > > > > * Document disabled/deprecated cryptographic services
> > > > > * Add missing UNI files in BaseCryptLib
> > > > > * Update BaseCryptLib internal functions to be STATIC and remove
> > > EFIAPI
> > > > > * Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global
> > > > > variables
> > > > > * Fix BaseCryptLib unit tests
> > > > > * Cleanup BaseCryptLib and TlsLib INF files and
> > > > > * Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that uses it.
> > > > > * Merge 4 performance optimized INFs into OpensslLib*Accel.inf
> > > > > * Remove use of PcdOpensslEcEnabled and use OpensslLibFull*.inf
> > > instead
> > > > > * Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private library
> > > classes
> > > > > * Update all OpensslLib instances to always produce all APIs in
> > > OpensslLib
> > > > > class
> > > > > * Move PrintLib dependency from OpensslLib INF files to
> BaseCryptLib
> > > INF
> > > > > files
> > > > > * Update CryptoPkg.dsc files to provide full CI test coverage across
> all
> > > the
> > > > > supported combinations of OpensslLib, BaseCryptLib, and TlsLib
> > > instances.
> > > > > * Remove PACKAGE profile from CryptoPkg.dsc and add
> > > > > TARGET_UNIT_TESTS
> > > > > profile. Adding TARGET_UNIT_TESTS profile is required to prevent
> a
> > > few
> > > > > unit
> > > > > test artifacts being included in non unit test builds of components.
> > > > > * Add CryptoPkg Readme.md with overview and platform
> integration
> > > > > details.
> > > > > * Update host-based unit tests to always use OpensslLibFull.inf and
> add
> > > > > unit
> > > > > test coverage for OpensslLibFullAccel.inf.
> > > > > * Add Readme.md with CryptoPkg overview and platform
> integration
> > > > > documentation
> > > > >
> > > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > > > Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> > > > > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > > > > Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
> > > > > Cc: Rebecca Cran <quic_rcran@quicinc.com>
> > > > > Cc: Ard Biesheuvel <ardb@kernel.org>
> > > > > Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> > > > >
> > > > > Michael D Kinney (12):
> > > > > CryptoPkg: Document and disable deprecated crypto services
> > > > > CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix
> format
> > > > > CryptoPkg/Library/BaseCryptLib: Update internal
> functions/variables
> > > > > CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
> > > > > CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
> > > > > CryptoPkg/Library/OpensslLib: Combine all performance optimized
> > > INFs
> > > > > CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
> > > > > CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
> > > > > CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
> > > > > CryptoPkg: Update DSC to improve CI test coverage
> > > > > CryptoPkg: Fixed host-based unit tests
> > > > > CryptoPkg: Add Readme.md
> > > > >
> > > > > CryptoPkg/CryptoPkg.ci.yaml | 11 +-
> > > > > CryptoPkg/CryptoPkg.dec | 42 +-
> > > > > CryptoPkg/CryptoPkg.dsc | 460 +++++++++---
> > > > > .../Pcd/PcdCryptoServiceFamilyEnable.h | 122 +--
> > > > > .../Library/BaseCryptLib/BaseCryptLib.inf | 10 +-
> > > > > .../Library/BaseCryptLib/BaseCryptLib.uni | 2 -
> > > > > .../Library/BaseCryptLib/Hmac/CryptHmac.c | 7 +
> > > > > .../Library/BaseCryptLib/Kdf/CryptHkdf.c | 5 +-
> > > > > .../Library/BaseCryptLib/PeiCryptLib.inf | 8 +-
> > > > > .../Library/BaseCryptLib/PeiCryptLib.uni | 2 -
> > > > > .../BaseCryptLib/Pk/CryptAuthenticode.c | 2 +-
> > > > > .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 3 +-
> > > > > .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 3 +
> > > > > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 44 +-
> > > > > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 9 +-
> > > > > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 2 -
> > > > > .../Library/BaseCryptLib/SecCryptLib.inf | 13 +-
> > > > > .../{SmmCryptLib.uni => SecCryptLib.uni} | 11 +-
> > > > > .../Library/BaseCryptLib/SmmCryptLib.inf | 12 -
> > > > > .../Library/BaseCryptLib/SmmCryptLib.uni | 2 -
> > > > > .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 22 +-
> > > > > .../Library/Include/openssl/opensslconf.h | 328 +++++++-
> > > > > .../Include/openssl/opensslconf_generated.h | 333 ---------
> > > > > CryptoPkg/Library/OpensslLib/EcSm2Null.c | 291 ++++++++
> > > > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 133 ++--
> > > > > CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +-
> > > > > ...nsslLibIa32Gcc.inf => OpensslLibAccel.inf} | 189 +++--
> > > > > .../Library/OpensslLib/OpensslLibAccel.uni | 14 +
> > > > > .../OpensslLib/OpensslLibConstructor.c | 6 +-
> > > > > .../Library/OpensslLib/OpensslLibCrypto.inf | 185 +++--
> > > > > .../Library/OpensslLib/OpensslLibCrypto.uni | 11 +-
> > > > > .../{OpensslLib.inf => OpensslLibFull.inf} | 143 ++--
> > > > > .../{OpensslLib.uni => OpensslLibFull.uni} | 10 +-
> > > > > ...sslLibIa32.inf => OpensslLibFullAccel.inf} | 192 +++--
> > > > > .../OpensslLib/OpensslLibFullAccel.uni | 14 +
> > > > > .../Library/OpensslLib/OpensslLibX64.inf | 706 ------------------
> > > > > .../Library/OpensslLib/OpensslLibX64Gcc.inf | 706 ------------------
> > > > > CryptoPkg/Library/OpensslLib/SslNull.c | 405 ++++++++++
> > > > > .../SysCall/inet_pton.c | 0
> > > > > CryptoPkg/Library/TlsLib/TlsConfig.c | 2 +-
> > > > > CryptoPkg/Library/TlsLib/TlsLib.inf | 12 +-
> > > > > CryptoPkg/Private/Library/IntrinsicLib.h | 16 +
> > > > > CryptoPkg/Private/Library/OpensslLib.h | 14 +
> > > > > CryptoPkg/Readme.md | 498 ++++++++++++
> > > > > CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 17 +-
> > > > > .../UnitTest/Library/BaseCryptLib/HmacTests.c | 17 +-
> > > > > .../UnitTest/Library/BaseCryptLib/TSTests.c | 2 +-
> > > > > .../TestBaseCryptLibHostAccel.inf | 55 ++
> > > > > 48 files changed, 2667 insertions(+), 2434 deletions(-)
> > > > > copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni =>
> > > > > SecCryptLib.uni} (74%)
> > > > > delete mode 100644
> > > > > CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> > > > > create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
> > > > > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =>
> > > > > OpensslLibAccel.inf} (79%)
> > > > > create mode 100644
> > > CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> > > > > copy CryptoPkg/Library/OpensslLib/{OpensslLib.inf =>
> > > OpensslLibFull.inf}
> > > > > (80%)
> > > > > copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni =>
> > > OpensslLibFull.uni}
> > > > > (56%)
> > > > > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =>
> > > > > OpensslLibFullAccel.inf} (79%)
> > > > > create mode 100644
> > > > > CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> > > > > delete mode 100644
> CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> > > > > delete mode 100644
> > > CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
> > > > > create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
> > > > > rename CryptoPkg/Library/{BaseCryptLib =>
> TlsLib}/SysCall/inet_pton.c
> > > > > (100%)
> > > > > create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
> > > > > create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
> > > > > create mode 100644 CryptoPkg/Readme.md
> > > > > create mode 100644
> > > > >
> > >
> CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.i
> > > > > nf
> > > > >
> > > > > --
> > > > > 2.37.1.windows.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [edk2-devel] [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs
[not found] ` <171D30322FF3DC63.20882@groups.io>
@ 2022-10-12 2:12 ` Yao, Jiewen
0 siblings, 0 replies; 23+ messages in thread
From: Yao, Jiewen @ 2022-10-12 2:12 UTC (permalink / raw)
To: devel@edk2.groups.io, Yao, Jiewen, Kinney, Michael D
Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin, Zurcher, Christopher,
Rebecca Cran, Ard Biesheuvel
I just remember we cannot use macro in BaseCryptoLib. Please ignore my comment on NO_EC macro.
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao,
> Jiewen
> Sent: Wednesday, October 12, 2022 10:07 AM
> To: Kinney, Michael D <michael.d.kinney@intel.com>;
> devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> Zurcher, Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> Subject: Re: [edk2-devel] [Patch 00/12] CryptoPkg: Remove EC PCD and
> merge perf opt OpensslLibs
>
> OK. That means we need manual write a wrapper for all EC APIs in Openssl
> Lib for internal usage.
> More precisely, a wrapper for the delta between OpensslLib and
> OpensslLibFull, right?
>
> There will be size difference between those two solutions, because the code
> other than EC will be include in the function.
>
> Why not use NO_EC macro from openssl directly?
>
> Thank you
> Yao Jiewen
>
>
> > -----Original Message-----
> > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > Sent: Wednesday, October 12, 2022 9:55 AM
> > To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Kinney,
> > Michael D <michael.d.kinney@intel.com>
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > Zurcher, Christopher <christopher.zurcher@microsoft.com>; Rebecca
> Cran
> > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt
> > OpensslLibs
> >
> > Jiewen,
> >
> > The BKM is to just call the EC services from the layers above OpensslLib.
> > The EC APIs will always be present. Either real EC service or Null EC
> service.
> > This way we can remove all the #ifdef on EC PCD.
> >
> > Platform developers select the OpensslLib instance with EC
> > (OpensslLibFull.inf) or
> > without EC (OpensslLib.inf).
> >
> > Mike
> >
> > > -----Original Message-----
> > > From: Yao, Jiewen <jiewen.yao@intel.com>
> > > Sent: Tuesday, October 11, 2022 6:37 PM
> > > To: Kinney, Michael D <michael.d.kinney@intel.com>;
> > devel@edk2.groups.io
> > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > Zurcher,
> > > Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf
> opt
> > OpensslLibs
> > >
> > > Hi Mike
> > > For PcdOpensslEcEnabled, I am seeing other usage. For example:
> > >
> >
> https://github.com/qizhangz/edk2/blob/EC_Upstream/CryptoPkg/Library/
> > BaseCryptLib/Pem/CryptPem.c#L156
> > >
> > > I think we may need BKM on "how to disable EC".
> > >
> > > Thank you
> > > Yao, Jiewen
> > >
> > >
> > > > -----Original Message-----
> > > > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > > > Sent: Wednesday, October 12, 2022 9:25 AM
> > > > To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io;
> Kinney,
> > > > Michael D <michael.d.kinney@intel.com>
> > > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> > > > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > > > Zurcher, Christopher <christopher.zurcher@microsoft.com>; Rebecca
> > Cran
> > > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf
> > opt
> > > > OpensslLibs
> > > >
> > > > Hi Jiewen,
> > > >
> > > > Comments below.
> > > >
> > > > Mike
> > > >
> > > > > -----Original Message-----
> > > > > From: Yao, Jiewen <jiewen.yao@intel.com>
> > > > > Sent: Tuesday, October 11, 2022 6:09 PM
> > > > > To: Kinney, Michael D <michael.d.kinney@intel.com>;
> > > > devel@edk2.groups.io
> > > > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> > > > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > > > Zurcher,
> > > > > Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> > > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > > > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge
> perf
> > opt
> > > > OpensslLibs
> > > > >
> > > > > Thank you Mike.
> > > > >
> > > > > 1) I like the idea to combine multiple OpensslLibIA32/X64.inf into
> one
> > > > OpensslLibAccel.inf.
> > > > > Also the cleanup looks good to me.
> > > > >
> > > > > 2) I also like the summary in readme in
> > > > >
> > > >
> >
> https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_Merge
> > > > OptimizedOpensslLibs/CryptoPkg
> > > > > I notice some algorithms are listed Y(Deprecated) but N(Don't Use),
> > such
> > > > as Tdes, Arc4, Aes.Ecb*.
> > > > > But I don’t see the use case for those algorithms and I suggest a
> > > > Y(Deprecated) have Y(Don't Use).
> > > >
> > > > Good catch. I will fix.
> > > >
> > > > >
> > > > > 3) About PcdOpensslEcEnabled
> > > > > I notice it is used in existing code -
> > > > >
> > > >
> >
> https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_Merge
> > > > OptimizedOpensslLibs/CryptoPkg/Library/TlsLib/TlsConfig.c#L11
> > > > > 39
> > > > > Is this right way?
> > > >
> > > > This was added since I started this work and was added back in by
> > rebase. I
> > > > will fix.
> > > > We can just remove the check for the PCD. If the OpensslLib instance
> > does
> > > > not include
> > > > SSL services, then the Null SSL services are present and the call to
> > SSL_ctrl()
> > > > will
> > > > return 0 which will force TlsSetEcCurve() to return EFI_UNSUPPORTED.
> > It
> > > > will also
> > > > ASSERT() informing the developer that a call to a service that depends
> > on
> > > > SSL was made
> > > > without SSL services available.
> > > >
> > > > long
> > > > SSL_ctrl (
> > > > SSL *ssl,
> > > > int cmd,
> > > > long larg,
> > > > void *parg
> > > > )
> > > > {
> > > > ASSERT (FALSE);
> > > > return 0;
> > > > }
> > > >
> > > > Likewise, if the OpensslLib instance does not support EC services, then
> > the
> > > > Null
> > > > EC services will be included and the call to
> > EC_KEY_new_by_curve_name()
> > > > will
> > > > return NULL which will force TlsSetEcCurve() to return
> > EFI_UNSUPPORTED. It
> > > > will also
> > > > ASSERT() informing the developer that a call to a service that depends
> > on EC
> > > > was made
> > > > without EC services available.
> > > >
> > > > EC_KEY *
> > > > EC_KEY_new_by_curve_name (
> > > > int nid
> > > > )
> > > > {
> > > > ASSERT (FALSE);
> > > > return NULL;
> > > > }
> > > >
> > > > >
> > > > > Thank you
> > > > > Yao, Jiewen
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > > > > > Sent: Tuesday, October 11, 2022 11:04 PM
> > > > > > To: devel@edk2.groups.io
> > > > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > > > > > <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>;
> Jiang,
> > > > > > Guomin <guomin.jiang@intel.com>; Zurcher, Christopher
> > > > > > <christopher.zurcher@microsoft.com>; Rebecca Cran
> > > > > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > > > > Subject: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf
> > opt
> > > > > > OpensslLibs
> > > > > >
> > > > > > The recent addition of the Ecliptic Curve (EC) feature and the
> > > > performance
> > > > > > optimization features increased the complexity for platforms to
> > > > integrate
> > > > > > and enable these features. This series simplifies the platform
> > > > configuration
> > > > > > as much as possible and improves the ability to manage the the
> size
> > > > impact
> > > > > > of cryptographic services in each FW phase. A Readme.md is also
> > added
> > > > > > that
> > > > > > provides an overview of the CryptoPkg design and features along
> > with
> > > > > > platform
> > > > > > integration recommendations.
> > > > > >
> > > > > > This series also addresses private library class declarations missing
> > from
> > > > > > CryptoPkg.dec and library instances not producing all the APIs
> > defined
> > > > > > by the library classes. A review of the CryptoPkg EDK II meta data
> > files
> > > > > > identified
> > > > > > a number of additional cleanups. The CryptoPkg.dsc file was also
> > > > updated to
> > > > > > improve CI coverage for future CryptoPkg changes and identified
> > some
> > > > > > unit test bug fixes.
> > > > > >
> > > > > > PR: https://github.com/tianocore/edk2/pull/3443
> > > > > > Branch:
> > > > > >
> > > >
> >
> https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_Merge
> > > > > > OptimizedOpensslLibs
> > > > > > Readme:
> > > > > >
> > > >
> >
> https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_Merge
> > > > > > OptimizedOpensslLibs/CryptoPkg/Readme.md
> > > > > >
> > > > > > Change Summary
> > > > > > ==============
> > > > > > * Document disabled/deprecated cryptographic services
> > > > > > * Add missing UNI files in BaseCryptLib
> > > > > > * Update BaseCryptLib internal functions to be STATIC and remove
> > > > EFIAPI
> > > > > > * Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib
> global
> > > > > > variables
> > > > > > * Fix BaseCryptLib unit tests
> > > > > > * Cleanup BaseCryptLib and TlsLib INF files and
> > > > > > * Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that uses
> it.
> > > > > > * Merge 4 performance optimized INFs into OpensslLib*Accel.inf
> > > > > > * Remove use of PcdOpensslEcEnabled and use OpensslLibFull*.inf
> > > > instead
> > > > > > * Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private
> library
> > > > classes
> > > > > > * Update all OpensslLib instances to always produce all APIs in
> > > > OpensslLib
> > > > > > class
> > > > > > * Move PrintLib dependency from OpensslLib INF files to
> > BaseCryptLib
> > > > INF
> > > > > > files
> > > > > > * Update CryptoPkg.dsc files to provide full CI test coverage across
> > all
> > > > the
> > > > > > supported combinations of OpensslLib, BaseCryptLib, and TlsLib
> > > > instances.
> > > > > > * Remove PACKAGE profile from CryptoPkg.dsc and add
> > > > > > TARGET_UNIT_TESTS
> > > > > > profile. Adding TARGET_UNIT_TESTS profile is required to
> prevent
> > a
> > > > few
> > > > > > unit
> > > > > > test artifacts being included in non unit test builds of
> components.
> > > > > > * Add CryptoPkg Readme.md with overview and platform
> > integration
> > > > > > details.
> > > > > > * Update host-based unit tests to always use OpensslLibFull.inf
> and
> > add
> > > > > > unit
> > > > > > test coverage for OpensslLibFullAccel.inf.
> > > > > > * Add Readme.md with CryptoPkg overview and platform
> > integration
> > > > > > documentation
> > > > > >
> > > > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > > > > Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> > > > > > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > > > > > Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
> > > > > > Cc: Rebecca Cran <quic_rcran@quicinc.com>
> > > > > > Cc: Ard Biesheuvel <ardb@kernel.org>
> > > > > > Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> > > > > >
> > > > > > Michael D Kinney (12):
> > > > > > CryptoPkg: Document and disable deprecated crypto services
> > > > > > CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix
> > format
> > > > > > CryptoPkg/Library/BaseCryptLib: Update internal
> > functions/variables
> > > > > > CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
> > > > > > CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
> > > > > > CryptoPkg/Library/OpensslLib: Combine all performance
> optimized
> > > > INFs
> > > > > > CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
> > > > > > CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
> > > > > > CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
> > > > > > CryptoPkg: Update DSC to improve CI test coverage
> > > > > > CryptoPkg: Fixed host-based unit tests
> > > > > > CryptoPkg: Add Readme.md
> > > > > >
> > > > > > CryptoPkg/CryptoPkg.ci.yaml | 11 +-
> > > > > > CryptoPkg/CryptoPkg.dec | 42 +-
> > > > > > CryptoPkg/CryptoPkg.dsc | 460 +++++++++---
> > > > > > .../Pcd/PcdCryptoServiceFamilyEnable.h | 122 +--
> > > > > > .../Library/BaseCryptLib/BaseCryptLib.inf | 10 +-
> > > > > > .../Library/BaseCryptLib/BaseCryptLib.uni | 2 -
> > > > > > .../Library/BaseCryptLib/Hmac/CryptHmac.c | 7 +
> > > > > > .../Library/BaseCryptLib/Kdf/CryptHkdf.c | 5 +-
> > > > > > .../Library/BaseCryptLib/PeiCryptLib.inf | 8 +-
> > > > > > .../Library/BaseCryptLib/PeiCryptLib.uni | 2 -
> > > > > > .../BaseCryptLib/Pk/CryptAuthenticode.c | 2 +-
> > > > > > .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 3 +-
> > > > > > .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 3 +
> > > > > > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 44 +-
> > > > > > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 9 +-
> > > > > > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 2 -
> > > > > > .../Library/BaseCryptLib/SecCryptLib.inf | 13 +-
> > > > > > .../{SmmCryptLib.uni => SecCryptLib.uni} | 11 +-
> > > > > > .../Library/BaseCryptLib/SmmCryptLib.inf | 12 -
> > > > > > .../Library/BaseCryptLib/SmmCryptLib.uni | 2 -
> > > > > > .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 22 +-
> > > > > > .../Library/Include/openssl/opensslconf.h | 328 +++++++-
> > > > > > .../Include/openssl/opensslconf_generated.h | 333 ---------
> > > > > > CryptoPkg/Library/OpensslLib/EcSm2Null.c | 291 ++++++++
> > > > > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 133 ++--
> > > > > > CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +-
> > > > > > ...nsslLibIa32Gcc.inf => OpensslLibAccel.inf} | 189 +++--
> > > > > > .../Library/OpensslLib/OpensslLibAccel.uni | 14 +
> > > > > > .../OpensslLib/OpensslLibConstructor.c | 6 +-
> > > > > > .../Library/OpensslLib/OpensslLibCrypto.inf | 185 +++--
> > > > > > .../Library/OpensslLib/OpensslLibCrypto.uni | 11 +-
> > > > > > .../{OpensslLib.inf => OpensslLibFull.inf} | 143 ++--
> > > > > > .../{OpensslLib.uni => OpensslLibFull.uni} | 10 +-
> > > > > > ...sslLibIa32.inf => OpensslLibFullAccel.inf} | 192 +++--
> > > > > > .../OpensslLib/OpensslLibFullAccel.uni | 14 +
> > > > > > .../Library/OpensslLib/OpensslLibX64.inf | 706 ------------------
> > > > > > .../Library/OpensslLib/OpensslLibX64Gcc.inf | 706 ------------------
> > > > > > CryptoPkg/Library/OpensslLib/SslNull.c | 405 ++++++++++
> > > > > > .../SysCall/inet_pton.c | 0
> > > > > > CryptoPkg/Library/TlsLib/TlsConfig.c | 2 +-
> > > > > > CryptoPkg/Library/TlsLib/TlsLib.inf | 12 +-
> > > > > > CryptoPkg/Private/Library/IntrinsicLib.h | 16 +
> > > > > > CryptoPkg/Private/Library/OpensslLib.h | 14 +
> > > > > > CryptoPkg/Readme.md | 498 ++++++++++++
> > > > > > CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 17 +-
> > > > > > .../UnitTest/Library/BaseCryptLib/HmacTests.c | 17 +-
> > > > > > .../UnitTest/Library/BaseCryptLib/TSTests.c | 2 +-
> > > > > > .../TestBaseCryptLibHostAccel.inf | 55 ++
> > > > > > 48 files changed, 2667 insertions(+), 2434 deletions(-)
> > > > > > copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni =>
> > > > > > SecCryptLib.uni} (74%)
> > > > > > delete mode 100644
> > > > > > CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> > > > > > create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
> > > > > > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =>
> > > > > > OpensslLibAccel.inf} (79%)
> > > > > > create mode 100644
> > > > CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> > > > > > copy CryptoPkg/Library/OpensslLib/{OpensslLib.inf =>
> > > > OpensslLibFull.inf}
> > > > > > (80%)
> > > > > > copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni =>
> > > > OpensslLibFull.uni}
> > > > > > (56%)
> > > > > > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =>
> > > > > > OpensslLibFullAccel.inf} (79%)
> > > > > > create mode 100644
> > > > > > CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> > > > > > delete mode 100644
> > CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> > > > > > delete mode 100644
> > > > CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
> > > > > > create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
> > > > > > rename CryptoPkg/Library/{BaseCryptLib =>
> > TlsLib}/SysCall/inet_pton.c
> > > > > > (100%)
> > > > > > create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
> > > > > > create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
> > > > > > create mode 100644 CryptoPkg/Readme.md
> > > > > > create mode 100644
> > > > > >
> > > >
> >
> CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.i
> > > > > > nf
> > > > > >
> > > > > > --
> > > > > > 2.37.1.windows.1
>
>
>
>
>
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs
2022-10-12 2:07 ` Yao, Jiewen
@ 2022-10-12 2:23 ` Michael D Kinney
2022-10-12 8:33 ` Yao, Jiewen
0 siblings, 1 reply; 23+ messages in thread
From: Michael D Kinney @ 2022-10-12 2:23 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io, Kinney, Michael D
Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin, Zurcher, Christopher,
Rebecca Cran, Ard Biesheuvel
Hi Jiewen,
comments below.
Mike
> -----Original Message-----
> From: Yao, Jiewen <jiewen.yao@intel.com>
> Sent: Tuesday, October 11, 2022 7:07 PM
> To: Kinney, Michael D <michael.d.kinney@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; Zurcher,
> Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs
>
> OK. That means we need manual write a wrapper for all EC APIs in Openssl Lib for internal usage.
> More precisely, a wrapper for the delta between OpensslLib and OpensslLibFull, right?
Yes. This these are implemented in:
https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_MergeOptimizedOpensslLibs/CryptoPkg/Library/OpensslLib/SslNull.c
https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_MergeOptimizedOpensslLibs/CryptoPkg/Library/OpensslLib/EcSm2Null.c
New instances are easy to find because you will get a link failure in CI for missing symbols if
BaseCryptLib or TlsLib uses a new API that is only present in OpensslLibFull.inf. When that occurs
add the Null version of API that always returns a failure condition.
The current implementation before this PR is using OpensslLib class, but the OpensslLib instances
are inconsistent in the APIs produced by the lib instances. This is what caused the introduction
of #if for EC feature into the layers above OpensslLib. This means the EDK II rules for
lib class/lib instance were not followed, and the workaround was to use #if which are also not allowed.
The correct fix is to follow EDK II lib class/lib instance rules. All lib instances of the same
lib class always produce the same APIs, and then all components that use the lib class can depend
on all the services being present without link failures.
>
> There will be size difference between those two solutions, because the code other than EC will be include in the function.
Yes,
>
> Why not use NO_EC macro from openssl directly?
Because that hides all the EC related types required to implement the Null EC APIs
and the EC types required in the layer above OpensslLib that calls EC services.
They will not compile without the EC types being defined.
>
> Thank you
> Yao Jiewen
>
>
> > -----Original Message-----
> > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > Sent: Wednesday, October 12, 2022 9:55 AM
> > To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Kinney,
> > Michael D <michael.d.kinney@intel.com>
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > Zurcher, Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt
> > OpensslLibs
> >
> > Jiewen,
> >
> > The BKM is to just call the EC services from the layers above OpensslLib.
> > The EC APIs will always be present. Either real EC service or Null EC service.
> > This way we can remove all the #ifdef on EC PCD.
> >
> > Platform developers select the OpensslLib instance with EC
> > (OpensslLibFull.inf) or
> > without EC (OpensslLib.inf).
> >
> > Mike
> >
> > > -----Original Message-----
> > > From: Yao, Jiewen <jiewen.yao@intel.com>
> > > Sent: Tuesday, October 11, 2022 6:37 PM
> > > To: Kinney, Michael D <michael.d.kinney@intel.com>;
> > devel@edk2.groups.io
> > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > Zurcher,
> > > Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt
> > OpensslLibs
> > >
> > > Hi Mike
> > > For PcdOpensslEcEnabled, I am seeing other usage. For example:
> > >
> > https://github.com/qizhangz/edk2/blob/EC_Upstream/CryptoPkg/Library/
> > BaseCryptLib/Pem/CryptPem.c#L156
> > >
> > > I think we may need BKM on "how to disable EC".
> > >
> > > Thank you
> > > Yao, Jiewen
> > >
> > >
> > > > -----Original Message-----
> > > > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > > > Sent: Wednesday, October 12, 2022 9:25 AM
> > > > To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Kinney,
> > > > Michael D <michael.d.kinney@intel.com>
> > > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> > > > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > > > Zurcher, Christopher <christopher.zurcher@microsoft.com>; Rebecca
> > Cran
> > > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf
> > opt
> > > > OpensslLibs
> > > >
> > > > Hi Jiewen,
> > > >
> > > > Comments below.
> > > >
> > > > Mike
> > > >
> > > > > -----Original Message-----
> > > > > From: Yao, Jiewen <jiewen.yao@intel.com>
> > > > > Sent: Tuesday, October 11, 2022 6:09 PM
> > > > > To: Kinney, Michael D <michael.d.kinney@intel.com>;
> > > > devel@edk2.groups.io
> > > > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> > > > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > > > Zurcher,
> > > > > Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> > > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > > > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf
> > opt
> > > > OpensslLibs
> > > > >
> > > > > Thank you Mike.
> > > > >
> > > > > 1) I like the idea to combine multiple OpensslLibIA32/X64.inf into one
> > > > OpensslLibAccel.inf.
> > > > > Also the cleanup looks good to me.
> > > > >
> > > > > 2) I also like the summary in readme in
> > > > >
> > > >
> > https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_Merge
> > > > OptimizedOpensslLibs/CryptoPkg
> > > > > I notice some algorithms are listed Y(Deprecated) but N(Don't Use),
> > such
> > > > as Tdes, Arc4, Aes.Ecb*.
> > > > > But I don’t see the use case for those algorithms and I suggest a
> > > > Y(Deprecated) have Y(Don't Use).
> > > >
> > > > Good catch. I will fix.
> > > >
> > > > >
> > > > > 3) About PcdOpensslEcEnabled
> > > > > I notice it is used in existing code -
> > > > >
> > > >
> > https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_Merge
> > > > OptimizedOpensslLibs/CryptoPkg/Library/TlsLib/TlsConfig.c#L11
> > > > > 39
> > > > > Is this right way?
> > > >
> > > > This was added since I started this work and was added back in by
> > rebase. I
> > > > will fix.
> > > > We can just remove the check for the PCD. If the OpensslLib instance
> > does
> > > > not include
> > > > SSL services, then the Null SSL services are present and the call to
> > SSL_ctrl()
> > > > will
> > > > return 0 which will force TlsSetEcCurve() to return EFI_UNSUPPORTED.
> > It
> > > > will also
> > > > ASSERT() informing the developer that a call to a service that depends
> > on
> > > > SSL was made
> > > > without SSL services available.
> > > >
> > > > long
> > > > SSL_ctrl (
> > > > SSL *ssl,
> > > > int cmd,
> > > > long larg,
> > > > void *parg
> > > > )
> > > > {
> > > > ASSERT (FALSE);
> > > > return 0;
> > > > }
> > > >
> > > > Likewise, if the OpensslLib instance does not support EC services, then
> > the
> > > > Null
> > > > EC services will be included and the call to
> > EC_KEY_new_by_curve_name()
> > > > will
> > > > return NULL which will force TlsSetEcCurve() to return
> > EFI_UNSUPPORTED. It
> > > > will also
> > > > ASSERT() informing the developer that a call to a service that depends
> > on EC
> > > > was made
> > > > without EC services available.
> > > >
> > > > EC_KEY *
> > > > EC_KEY_new_by_curve_name (
> > > > int nid
> > > > )
> > > > {
> > > > ASSERT (FALSE);
> > > > return NULL;
> > > > }
> > > >
> > > > >
> > > > > Thank you
> > > > > Yao, Jiewen
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > > > > > Sent: Tuesday, October 11, 2022 11:04 PM
> > > > > > To: devel@edk2.groups.io
> > > > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > > > > > <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang,
> > > > > > Guomin <guomin.jiang@intel.com>; Zurcher, Christopher
> > > > > > <christopher.zurcher@microsoft.com>; Rebecca Cran
> > > > > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > > > > Subject: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf
> > opt
> > > > > > OpensslLibs
> > > > > >
> > > > > > The recent addition of the Ecliptic Curve (EC) feature and the
> > > > performance
> > > > > > optimization features increased the complexity for platforms to
> > > > integrate
> > > > > > and enable these features. This series simplifies the platform
> > > > configuration
> > > > > > as much as possible and improves the ability to manage the the size
> > > > impact
> > > > > > of cryptographic services in each FW phase. A Readme.md is also
> > added
> > > > > > that
> > > > > > provides an overview of the CryptoPkg design and features along
> > with
> > > > > > platform
> > > > > > integration recommendations.
> > > > > >
> > > > > > This series also addresses private library class declarations missing
> > from
> > > > > > CryptoPkg.dec and library instances not producing all the APIs
> > defined
> > > > > > by the library classes. A review of the CryptoPkg EDK II meta data
> > files
> > > > > > identified
> > > > > > a number of additional cleanups. The CryptoPkg.dsc file was also
> > > > updated to
> > > > > > improve CI coverage for future CryptoPkg changes and identified
> > some
> > > > > > unit test bug fixes.
> > > > > >
> > > > > > PR: https://github.com/tianocore/edk2/pull/3443
> > > > > > Branch:
> > > > > >
> > > >
> > https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_Merge
> > > > > > OptimizedOpensslLibs
> > > > > > Readme:
> > > > > >
> > > >
> > https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_Merge
> > > > > > OptimizedOpensslLibs/CryptoPkg/Readme.md
> > > > > >
> > > > > > Change Summary
> > > > > > ==============
> > > > > > * Document disabled/deprecated cryptographic services
> > > > > > * Add missing UNI files in BaseCryptLib
> > > > > > * Update BaseCryptLib internal functions to be STATIC and remove
> > > > EFIAPI
> > > > > > * Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global
> > > > > > variables
> > > > > > * Fix BaseCryptLib unit tests
> > > > > > * Cleanup BaseCryptLib and TlsLib INF files and
> > > > > > * Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that uses it.
> > > > > > * Merge 4 performance optimized INFs into OpensslLib*Accel.inf
> > > > > > * Remove use of PcdOpensslEcEnabled and use OpensslLibFull*.inf
> > > > instead
> > > > > > * Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private library
> > > > classes
> > > > > > * Update all OpensslLib instances to always produce all APIs in
> > > > OpensslLib
> > > > > > class
> > > > > > * Move PrintLib dependency from OpensslLib INF files to
> > BaseCryptLib
> > > > INF
> > > > > > files
> > > > > > * Update CryptoPkg.dsc files to provide full CI test coverage across
> > all
> > > > the
> > > > > > supported combinations of OpensslLib, BaseCryptLib, and TlsLib
> > > > instances.
> > > > > > * Remove PACKAGE profile from CryptoPkg.dsc and add
> > > > > > TARGET_UNIT_TESTS
> > > > > > profile. Adding TARGET_UNIT_TESTS profile is required to prevent
> > a
> > > > few
> > > > > > unit
> > > > > > test artifacts being included in non unit test builds of components.
> > > > > > * Add CryptoPkg Readme.md with overview and platform
> > integration
> > > > > > details.
> > > > > > * Update host-based unit tests to always use OpensslLibFull.inf and
> > add
> > > > > > unit
> > > > > > test coverage for OpensslLibFullAccel.inf.
> > > > > > * Add Readme.md with CryptoPkg overview and platform
> > integration
> > > > > > documentation
> > > > > >
> > > > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > > > > Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> > > > > > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > > > > > Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
> > > > > > Cc: Rebecca Cran <quic_rcran@quicinc.com>
> > > > > > Cc: Ard Biesheuvel <ardb@kernel.org>
> > > > > > Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> > > > > >
> > > > > > Michael D Kinney (12):
> > > > > > CryptoPkg: Document and disable deprecated crypto services
> > > > > > CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix
> > format
> > > > > > CryptoPkg/Library/BaseCryptLib: Update internal
> > functions/variables
> > > > > > CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
> > > > > > CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
> > > > > > CryptoPkg/Library/OpensslLib: Combine all performance optimized
> > > > INFs
> > > > > > CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
> > > > > > CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
> > > > > > CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
> > > > > > CryptoPkg: Update DSC to improve CI test coverage
> > > > > > CryptoPkg: Fixed host-based unit tests
> > > > > > CryptoPkg: Add Readme.md
> > > > > >
> > > > > > CryptoPkg/CryptoPkg.ci.yaml | 11 +-
> > > > > > CryptoPkg/CryptoPkg.dec | 42 +-
> > > > > > CryptoPkg/CryptoPkg.dsc | 460 +++++++++---
> > > > > > .../Pcd/PcdCryptoServiceFamilyEnable.h | 122 +--
> > > > > > .../Library/BaseCryptLib/BaseCryptLib.inf | 10 +-
> > > > > > .../Library/BaseCryptLib/BaseCryptLib.uni | 2 -
> > > > > > .../Library/BaseCryptLib/Hmac/CryptHmac.c | 7 +
> > > > > > .../Library/BaseCryptLib/Kdf/CryptHkdf.c | 5 +-
> > > > > > .../Library/BaseCryptLib/PeiCryptLib.inf | 8 +-
> > > > > > .../Library/BaseCryptLib/PeiCryptLib.uni | 2 -
> > > > > > .../BaseCryptLib/Pk/CryptAuthenticode.c | 2 +-
> > > > > > .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 3 +-
> > > > > > .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 3 +
> > > > > > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 44 +-
> > > > > > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 9 +-
> > > > > > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 2 -
> > > > > > .../Library/BaseCryptLib/SecCryptLib.inf | 13 +-
> > > > > > .../{SmmCryptLib.uni => SecCryptLib.uni} | 11 +-
> > > > > > .../Library/BaseCryptLib/SmmCryptLib.inf | 12 -
> > > > > > .../Library/BaseCryptLib/SmmCryptLib.uni | 2 -
> > > > > > .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 22 +-
> > > > > > .../Library/Include/openssl/opensslconf.h | 328 +++++++-
> > > > > > .../Include/openssl/opensslconf_generated.h | 333 ---------
> > > > > > CryptoPkg/Library/OpensslLib/EcSm2Null.c | 291 ++++++++
> > > > > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 133 ++--
> > > > > > CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +-
> > > > > > ...nsslLibIa32Gcc.inf => OpensslLibAccel.inf} | 189 +++--
> > > > > > .../Library/OpensslLib/OpensslLibAccel.uni | 14 +
> > > > > > .../OpensslLib/OpensslLibConstructor.c | 6 +-
> > > > > > .../Library/OpensslLib/OpensslLibCrypto.inf | 185 +++--
> > > > > > .../Library/OpensslLib/OpensslLibCrypto.uni | 11 +-
> > > > > > .../{OpensslLib.inf => OpensslLibFull.inf} | 143 ++--
> > > > > > .../{OpensslLib.uni => OpensslLibFull.uni} | 10 +-
> > > > > > ...sslLibIa32.inf => OpensslLibFullAccel.inf} | 192 +++--
> > > > > > .../OpensslLib/OpensslLibFullAccel.uni | 14 +
> > > > > > .../Library/OpensslLib/OpensslLibX64.inf | 706 ------------------
> > > > > > .../Library/OpensslLib/OpensslLibX64Gcc.inf | 706 ------------------
> > > > > > CryptoPkg/Library/OpensslLib/SslNull.c | 405 ++++++++++
> > > > > > .../SysCall/inet_pton.c | 0
> > > > > > CryptoPkg/Library/TlsLib/TlsConfig.c | 2 +-
> > > > > > CryptoPkg/Library/TlsLib/TlsLib.inf | 12 +-
> > > > > > CryptoPkg/Private/Library/IntrinsicLib.h | 16 +
> > > > > > CryptoPkg/Private/Library/OpensslLib.h | 14 +
> > > > > > CryptoPkg/Readme.md | 498 ++++++++++++
> > > > > > CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 17 +-
> > > > > > .../UnitTest/Library/BaseCryptLib/HmacTests.c | 17 +-
> > > > > > .../UnitTest/Library/BaseCryptLib/TSTests.c | 2 +-
> > > > > > .../TestBaseCryptLibHostAccel.inf | 55 ++
> > > > > > 48 files changed, 2667 insertions(+), 2434 deletions(-)
> > > > > > copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni =>
> > > > > > SecCryptLib.uni} (74%)
> > > > > > delete mode 100644
> > > > > > CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> > > > > > create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
> > > > > > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =>
> > > > > > OpensslLibAccel.inf} (79%)
> > > > > > create mode 100644
> > > > CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> > > > > > copy CryptoPkg/Library/OpensslLib/{OpensslLib.inf =>
> > > > OpensslLibFull.inf}
> > > > > > (80%)
> > > > > > copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni =>
> > > > OpensslLibFull.uni}
> > > > > > (56%)
> > > > > > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =>
> > > > > > OpensslLibFullAccel.inf} (79%)
> > > > > > create mode 100644
> > > > > > CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> > > > > > delete mode 100644
> > CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> > > > > > delete mode 100644
> > > > CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
> > > > > > create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
> > > > > > rename CryptoPkg/Library/{BaseCryptLib =>
> > TlsLib}/SysCall/inet_pton.c
> > > > > > (100%)
> > > > > > create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
> > > > > > create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
> > > > > > create mode 100644 CryptoPkg/Readme.md
> > > > > > create mode 100644
> > > > > >
> > > >
> > CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.i
> > > > > > nf
> > > > > >
> > > > > > --
> > > > > > 2.37.1.windows.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs
2022-10-12 2:23 ` Michael D Kinney
@ 2022-10-12 8:33 ` Yao, Jiewen
0 siblings, 0 replies; 23+ messages in thread
From: Yao, Jiewen @ 2022-10-12 8:33 UTC (permalink / raw)
To: Kinney, Michael D, devel@edk2.groups.io
Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin, Zurcher, Christopher,
Rebecca Cran, Ard Biesheuvel
Thanks Mike. Agree with you.
For the series, Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Just FYI: I have merged rest pending CryptoPkg patches.
Please rebase when you submit next version.
Thank you
Yao Jiewen
> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Wednesday, October 12, 2022 10:23 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Kinney,
> Michael D <michael.d.kinney@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> Zurcher, Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt
> OpensslLibs
>
> Hi Jiewen,
>
> comments below.
>
> Mike
>
> > -----Original Message-----
> > From: Yao, Jiewen <jiewen.yao@intel.com>
> > Sent: Tuesday, October 11, 2022 7:07 PM
> > To: Kinney, Michael D <michael.d.kinney@intel.com>;
> devel@edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> Zurcher,
> > Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt
> OpensslLibs
> >
> > OK. That means we need manual write a wrapper for all EC APIs in Openssl
> Lib for internal usage.
> > More precisely, a wrapper for the delta between OpensslLib and
> OpensslLibFull, right?
>
> Yes. This these are implemented in:
>
> https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_Merge
> OptimizedOpensslLibs/CryptoPkg/Library/OpensslLib/SslNull.c
> https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_Merge
> OptimizedOpensslLibs/CryptoPkg/Library/OpensslLib/EcSm2Null.c
>
> New instances are easy to find because you will get a link failure in CI for
> missing symbols if
> BaseCryptLib or TlsLib uses a new API that is only present in
> OpensslLibFull.inf. When that occurs
> add the Null version of API that always returns a failure condition.
>
> The current implementation before this PR is using OpensslLib class, but the
> OpensslLib instances
> are inconsistent in the APIs produced by the lib instances. This is what
> caused the introduction
> of #if for EC feature into the layers above OpensslLib. This means the EDK II
> rules for
> lib class/lib instance were not followed, and the workaround was to use #if
> which are also not allowed.
>
> The correct fix is to follow EDK II lib class/lib instance rules. All lib instances
> of the same
> lib class always produce the same APIs, and then all components that use
> the lib class can depend
> on all the services being present without link failures.
>
> >
> > There will be size difference between those two solutions, because the
> code other than EC will be include in the function.
>
> Yes,
>
> >
> > Why not use NO_EC macro from openssl directly?
>
> Because that hides all the EC related types required to implement the Null
> EC APIs
> and the EC types required in the layer above OpensslLib that calls EC
> services.
> They will not compile without the EC types being defined.
>
> >
> > Thank you
> > Yao Jiewen
> >
> >
> > > -----Original Message-----
> > > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > > Sent: Wednesday, October 12, 2022 9:55 AM
> > > To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Kinney,
> > > Michael D <michael.d.kinney@intel.com>
> > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> > > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > > Zurcher, Christopher <christopher.zurcher@microsoft.com>; Rebecca
> Cran
> > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf
> opt
> > > OpensslLibs
> > >
> > > Jiewen,
> > >
> > > The BKM is to just call the EC services from the layers above OpensslLib.
> > > The EC APIs will always be present. Either real EC service or Null EC
> service.
> > > This way we can remove all the #ifdef on EC PCD.
> > >
> > > Platform developers select the OpensslLib instance with EC
> > > (OpensslLibFull.inf) or
> > > without EC (OpensslLib.inf).
> > >
> > > Mike
> > >
> > > > -----Original Message-----
> > > > From: Yao, Jiewen <jiewen.yao@intel.com>
> > > > Sent: Tuesday, October 11, 2022 6:37 PM
> > > > To: Kinney, Michael D <michael.d.kinney@intel.com>;
> > > devel@edk2.groups.io
> > > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> > > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > > Zurcher,
> > > > Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf
> opt
> > > OpensslLibs
> > > >
> > > > Hi Mike
> > > > For PcdOpensslEcEnabled, I am seeing other usage. For example:
> > > >
> > >
> https://github.com/qizhangz/edk2/blob/EC_Upstream/CryptoPkg/Library/
> > > BaseCryptLib/Pem/CryptPem.c#L156
> > > >
> > > > I think we may need BKM on "how to disable EC".
> > > >
> > > > Thank you
> > > > Yao, Jiewen
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > > > > Sent: Wednesday, October 12, 2022 9:25 AM
> > > > > To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io;
> Kinney,
> > > > > Michael D <michael.d.kinney@intel.com>
> > > > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> > > > > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > > > > Zurcher, Christopher <christopher.zurcher@microsoft.com>;
> Rebecca
> > > Cran
> > > > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > > > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge
> perf
> > > opt
> > > > > OpensslLibs
> > > > >
> > > > > Hi Jiewen,
> > > > >
> > > > > Comments below.
> > > > >
> > > > > Mike
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Yao, Jiewen <jiewen.yao@intel.com>
> > > > > > Sent: Tuesday, October 11, 2022 6:09 PM
> > > > > > To: Kinney, Michael D <michael.d.kinney@intel.com>;
> > > > > devel@edk2.groups.io
> > > > > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> > > > > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > > > > Zurcher,
> > > > > > Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> > > > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > > > > Subject: RE: [Patch 00/12] CryptoPkg: Remove EC PCD and merge
> perf
> > > opt
> > > > > OpensslLibs
> > > > > >
> > > > > > Thank you Mike.
> > > > > >
> > > > > > 1) I like the idea to combine multiple OpensslLibIA32/X64.inf into
> one
> > > > > OpensslLibAccel.inf.
> > > > > > Also the cleanup looks good to me.
> > > > > >
> > > > > > 2) I also like the summary in readme in
> > > > > >
> > > > >
> > >
> https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_Merge
> > > > > OptimizedOpensslLibs/CryptoPkg
> > > > > > I notice some algorithms are listed Y(Deprecated) but N(Don't Use),
> > > such
> > > > > as Tdes, Arc4, Aes.Ecb*.
> > > > > > But I don’t see the use case for those algorithms and I suggest a
> > > > > Y(Deprecated) have Y(Don't Use).
> > > > >
> > > > > Good catch. I will fix.
> > > > >
> > > > > >
> > > > > > 3) About PcdOpensslEcEnabled
> > > > > > I notice it is used in existing code -
> > > > > >
> > > > >
> > >
> https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_Merge
> > > > > OptimizedOpensslLibs/CryptoPkg/Library/TlsLib/TlsConfig.c#L11
> > > > > > 39
> > > > > > Is this right way?
> > > > >
> > > > > This was added since I started this work and was added back in by
> > > rebase. I
> > > > > will fix.
> > > > > We can just remove the check for the PCD. If the OpensslLib
> instance
> > > does
> > > > > not include
> > > > > SSL services, then the Null SSL services are present and the call to
> > > SSL_ctrl()
> > > > > will
> > > > > return 0 which will force TlsSetEcCurve() to return
> EFI_UNSUPPORTED.
> > > It
> > > > > will also
> > > > > ASSERT() informing the developer that a call to a service that
> depends
> > > on
> > > > > SSL was made
> > > > > without SSL services available.
> > > > >
> > > > > long
> > > > > SSL_ctrl (
> > > > > SSL *ssl,
> > > > > int cmd,
> > > > > long larg,
> > > > > void *parg
> > > > > )
> > > > > {
> > > > > ASSERT (FALSE);
> > > > > return 0;
> > > > > }
> > > > >
> > > > > Likewise, if the OpensslLib instance does not support EC services,
> then
> > > the
> > > > > Null
> > > > > EC services will be included and the call to
> > > EC_KEY_new_by_curve_name()
> > > > > will
> > > > > return NULL which will force TlsSetEcCurve() to return
> > > EFI_UNSUPPORTED. It
> > > > > will also
> > > > > ASSERT() informing the developer that a call to a service that
> depends
> > > on EC
> > > > > was made
> > > > > without EC services available.
> > > > >
> > > > > EC_KEY *
> > > > > EC_KEY_new_by_curve_name (
> > > > > int nid
> > > > > )
> > > > > {
> > > > > ASSERT (FALSE);
> > > > > return NULL;
> > > > > }
> > > > >
> > > > > >
> > > > > > Thank you
> > > > > > Yao, Jiewen
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > > > > > > Sent: Tuesday, October 11, 2022 11:04 PM
> > > > > > > To: devel@edk2.groups.io
> > > > > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > > > > > > <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>;
> Jiang,
> > > > > > > Guomin <guomin.jiang@intel.com>; Zurcher, Christopher
> > > > > > > <christopher.zurcher@microsoft.com>; Rebecca Cran
> > > > > > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>
> > > > > > > Subject: [Patch 00/12] CryptoPkg: Remove EC PCD and merge
> perf
> > > opt
> > > > > > > OpensslLibs
> > > > > > >
> > > > > > > The recent addition of the Ecliptic Curve (EC) feature and the
> > > > > performance
> > > > > > > optimization features increased the complexity for platforms to
> > > > > integrate
> > > > > > > and enable these features. This series simplifies the platform
> > > > > configuration
> > > > > > > as much as possible and improves the ability to manage the the
> size
> > > > > impact
> > > > > > > of cryptographic services in each FW phase. A Readme.md is also
> > > added
> > > > > > > that
> > > > > > > provides an overview of the CryptoPkg design and features along
> > > with
> > > > > > > platform
> > > > > > > integration recommendations.
> > > > > > >
> > > > > > > This series also addresses private library class declarations
> missing
> > > from
> > > > > > > CryptoPkg.dec and library instances not producing all the APIs
> > > defined
> > > > > > > by the library classes. A review of the CryptoPkg EDK II meta
> data
> > > files
> > > > > > > identified
> > > > > > > a number of additional cleanups. The CryptoPkg.dsc file was also
> > > > > updated to
> > > > > > > improve CI coverage for future CryptoPkg changes and identified
> > > some
> > > > > > > unit test bug fixes.
> > > > > > >
> > > > > > > PR: https://github.com/tianocore/edk2/pull/3443
> > > > > > > Branch:
> > > > > > >
> > > > >
> > >
> https://github.com/mdkinney/edk2/tree/CryptoPkg_RemoveEcPcd_Merge
> > > > > > > OptimizedOpensslLibs
> > > > > > > Readme:
> > > > > > >
> > > > >
> > >
> https://github.com/mdkinney/edk2/blob/CryptoPkg_RemoveEcPcd_Merge
> > > > > > > OptimizedOpensslLibs/CryptoPkg/Readme.md
> > > > > > >
> > > > > > > Change Summary
> > > > > > > ==============
> > > > > > > * Document disabled/deprecated cryptographic services
> > > > > > > * Add missing UNI files in BaseCryptLib
> > > > > > > * Update BaseCryptLib internal functions to be STATIC and
> remove
> > > > > EFIAPI
> > > > > > > * Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib
> global
> > > > > > > variables
> > > > > > > * Fix BaseCryptLib unit tests
> > > > > > > * Cleanup BaseCryptLib and TlsLib INF files and
> > > > > > > * Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that
> uses it.
> > > > > > > * Merge 4 performance optimized INFs into OpensslLib*Accel.inf
> > > > > > > * Remove use of PcdOpensslEcEnabled and use
> OpensslLibFull*.inf
> > > > > instead
> > > > > > > * Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private
> library
> > > > > classes
> > > > > > > * Update all OpensslLib instances to always produce all APIs in
> > > > > OpensslLib
> > > > > > > class
> > > > > > > * Move PrintLib dependency from OpensslLib INF files to
> > > BaseCryptLib
> > > > > INF
> > > > > > > files
> > > > > > > * Update CryptoPkg.dsc files to provide full CI test coverage
> across
> > > all
> > > > > the
> > > > > > > supported combinations of OpensslLib, BaseCryptLib, and
> TlsLib
> > > > > instances.
> > > > > > > * Remove PACKAGE profile from CryptoPkg.dsc and add
> > > > > > > TARGET_UNIT_TESTS
> > > > > > > profile. Adding TARGET_UNIT_TESTS profile is required to
> prevent
> > > a
> > > > > few
> > > > > > > unit
> > > > > > > test artifacts being included in non unit test builds of
> components.
> > > > > > > * Add CryptoPkg Readme.md with overview and platform
> > > integration
> > > > > > > details.
> > > > > > > * Update host-based unit tests to always use OpensslLibFull.inf
> and
> > > add
> > > > > > > unit
> > > > > > > test coverage for OpensslLibFullAccel.inf.
> > > > > > > * Add Readme.md with CryptoPkg overview and platform
> > > integration
> > > > > > > documentation
> > > > > > >
> > > > > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > > > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > > > > > Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> > > > > > > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > > > > > > Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
> > > > > > > Cc: Rebecca Cran <quic_rcran@quicinc.com>
> > > > > > > Cc: Ard Biesheuvel <ardb@kernel.org>
> > > > > > > Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> > > > > > >
> > > > > > > Michael D Kinney (12):
> > > > > > > CryptoPkg: Document and disable deprecated crypto services
> > > > > > > CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix
> > > format
> > > > > > > CryptoPkg/Library/BaseCryptLib: Update internal
> > > functions/variables
> > > > > > > CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
> > > > > > > CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
> > > > > > > CryptoPkg/Library/OpensslLib: Combine all performance
> optimized
> > > > > INFs
> > > > > > > CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
> > > > > > > CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
> > > > > > > CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
> > > > > > > CryptoPkg: Update DSC to improve CI test coverage
> > > > > > > CryptoPkg: Fixed host-based unit tests
> > > > > > > CryptoPkg: Add Readme.md
> > > > > > >
> > > > > > > CryptoPkg/CryptoPkg.ci.yaml | 11 +-
> > > > > > > CryptoPkg/CryptoPkg.dec | 42 +-
> > > > > > > CryptoPkg/CryptoPkg.dsc | 460 +++++++++---
> > > > > > > .../Pcd/PcdCryptoServiceFamilyEnable.h | 122 +--
> > > > > > > .../Library/BaseCryptLib/BaseCryptLib.inf | 10 +-
> > > > > > > .../Library/BaseCryptLib/BaseCryptLib.uni | 2 -
> > > > > > > .../Library/BaseCryptLib/Hmac/CryptHmac.c | 7 +
> > > > > > > .../Library/BaseCryptLib/Kdf/CryptHkdf.c | 5 +-
> > > > > > > .../Library/BaseCryptLib/PeiCryptLib.inf | 8 +-
> > > > > > > .../Library/BaseCryptLib/PeiCryptLib.uni | 2 -
> > > > > > > .../BaseCryptLib/Pk/CryptAuthenticode.c | 2 +-
> > > > > > > .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 3 +-
> > > > > > > .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 3 +
> > > > > > > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 44 +-
> > > > > > > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 9 +-
> > > > > > > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 2 -
> > > > > > > .../Library/BaseCryptLib/SecCryptLib.inf | 13 +-
> > > > > > > .../{SmmCryptLib.uni => SecCryptLib.uni} | 11 +-
> > > > > > > .../Library/BaseCryptLib/SmmCryptLib.inf | 12 -
> > > > > > > .../Library/BaseCryptLib/SmmCryptLib.uni | 2 -
> > > > > > > .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 22 +-
> > > > > > > .../Library/Include/openssl/opensslconf.h | 328 +++++++-
> > > > > > > .../Include/openssl/opensslconf_generated.h | 333 ---------
> > > > > > > CryptoPkg/Library/OpensslLib/EcSm2Null.c | 291 ++++++++
> > > > > > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 133 ++--
> > > > > > > CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +-
> > > > > > > ...nsslLibIa32Gcc.inf => OpensslLibAccel.inf} | 189 +++--
> > > > > > > .../Library/OpensslLib/OpensslLibAccel.uni | 14 +
> > > > > > > .../OpensslLib/OpensslLibConstructor.c | 6 +-
> > > > > > > .../Library/OpensslLib/OpensslLibCrypto.inf | 185 +++--
> > > > > > > .../Library/OpensslLib/OpensslLibCrypto.uni | 11 +-
> > > > > > > .../{OpensslLib.inf => OpensslLibFull.inf} | 143 ++--
> > > > > > > .../{OpensslLib.uni => OpensslLibFull.uni} | 10 +-
> > > > > > > ...sslLibIa32.inf => OpensslLibFullAccel.inf} | 192 +++--
> > > > > > > .../OpensslLib/OpensslLibFullAccel.uni | 14 +
> > > > > > > .../Library/OpensslLib/OpensslLibX64.inf | 706 ------------------
> > > > > > > .../Library/OpensslLib/OpensslLibX64Gcc.inf | 706 -----------------
> -
> > > > > > > CryptoPkg/Library/OpensslLib/SslNull.c | 405 ++++++++++
> > > > > > > .../SysCall/inet_pton.c | 0
> > > > > > > CryptoPkg/Library/TlsLib/TlsConfig.c | 2 +-
> > > > > > > CryptoPkg/Library/TlsLib/TlsLib.inf | 12 +-
> > > > > > > CryptoPkg/Private/Library/IntrinsicLib.h | 16 +
> > > > > > > CryptoPkg/Private/Library/OpensslLib.h | 14 +
> > > > > > > CryptoPkg/Readme.md | 498 ++++++++++++
> > > > > > > CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 17 +-
> > > > > > > .../UnitTest/Library/BaseCryptLib/HmacTests.c | 17 +-
> > > > > > > .../UnitTest/Library/BaseCryptLib/TSTests.c | 2 +-
> > > > > > > .../TestBaseCryptLibHostAccel.inf | 55 ++
> > > > > > > 48 files changed, 2667 insertions(+), 2434 deletions(-)
> > > > > > > copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni =>
> > > > > > > SecCryptLib.uni} (74%)
> > > > > > > delete mode 100644
> > > > > > > CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> > > > > > > create mode 100644
> CryptoPkg/Library/OpensslLib/EcSm2Null.c
> > > > > > > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =>
> > > > > > > OpensslLibAccel.inf} (79%)
> > > > > > > create mode 100644
> > > > > CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> > > > > > > copy CryptoPkg/Library/OpensslLib/{OpensslLib.inf =>
> > > > > OpensslLibFull.inf}
> > > > > > > (80%)
> > > > > > > copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni =>
> > > > > OpensslLibFull.uni}
> > > > > > > (56%)
> > > > > > > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =>
> > > > > > > OpensslLibFullAccel.inf} (79%)
> > > > > > > create mode 100644
> > > > > > > CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> > > > > > > delete mode 100644
> > > CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> > > > > > > delete mode 100644
> > > > > CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
> > > > > > > create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
> > > > > > > rename CryptoPkg/Library/{BaseCryptLib =>
> > > TlsLib}/SysCall/inet_pton.c
> > > > > > > (100%)
> > > > > > > create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
> > > > > > > create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
> > > > > > > create mode 100644 CryptoPkg/Readme.md
> > > > > > > create mode 100644
> > > > > > >
> > > > >
> > >
> CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.i
> > > > > > > nf
> > > > > > >
> > > > > > > --
> > > > > > > 2.37.1.windows.1
^ permalink raw reply [flat|nested] 23+ messages in thread
end of thread, other threads:[~2022-10-12 8:33 UTC | newest]
Thread overview: 23+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-10-11 15:03 [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
2022-10-11 15:03 ` [Patch 01/12] CryptoPkg: Document and disable deprecated crypto services Michael D Kinney
2022-10-11 15:03 ` [Patch 02/12] CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format Michael D Kinney
2022-10-11 15:03 ` [Patch 03/12] CryptoPkg/Library/BaseCryptLib: Update internal functions/variables Michael D Kinney
2022-10-11 15:03 ` [Patch 04/12] CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes Michael D Kinney
2022-10-11 15:03 ` [Patch 05/12] CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib Michael D Kinney
2022-10-11 15:03 ` [Patch 06/12] CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs Michael D Kinney
2022-10-11 23:20 ` [edk2-devel] " Christopher Zurcher
2022-10-11 23:58 ` Michael D Kinney
2022-10-11 15:03 ` [Patch 07/12] CryptoPkg/Library/OpensslLib: Produce consistent set of APIs Michael D Kinney
2022-10-11 15:03 ` [Patch 08/12] CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files Michael D Kinney
2022-10-11 15:03 ` [Patch 09/12] CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec Michael D Kinney
2022-10-11 15:03 ` [Patch 10/12] CryptoPkg: Update DSC to improve CI test coverage Michael D Kinney
2022-10-11 15:03 ` [Patch 11/12] CryptoPkg: Fixed host-based unit tests Michael D Kinney
2022-10-11 15:03 ` [Patch 12/12] CryptoPkg: Add Readme.md Michael D Kinney
2022-10-12 1:08 ` [Patch 00/12] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Yao, Jiewen
2022-10-12 1:24 ` Michael D Kinney
2022-10-12 1:36 ` Yao, Jiewen
2022-10-12 1:55 ` Michael D Kinney
2022-10-12 2:07 ` Yao, Jiewen
2022-10-12 2:23 ` Michael D Kinney
2022-10-12 8:33 ` Yao, Jiewen
[not found] ` <171D30322FF3DC63.20882@groups.io>
2022-10-12 2:12 ` [edk2-devel] " Yao, Jiewen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox