* [Patch v2 01/16] CryptoPkg: Document and disable deprecated crypto services
2022-10-20 18:34 [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
@ 2022-10-20 18:34 ` Michael D Kinney
2022-10-20 18:34 ` [Patch v2 02/16] CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format Michael D Kinney
` (16 subsequent siblings)
17 siblings, 0 replies; 21+ messages in thread
From: Michael D Kinney @ 2022-10-20 18:34 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
Also note services that are recommended to be disabled and
update CryptoPkg.dsc PcdCryptoServiceFamilyEnable settings
to disable all deprecated services.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 10 +-
.../Pcd/PcdCryptoServiceFamilyEnable.h | 122 ++++++++++--------
2 files changed, 77 insertions(+), 55 deletions(-)
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 8c6906acf006..032b9e637737 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -151,7 +151,6 @@ [PcdsFixedAtBuild]
!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Md5.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Dh.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
@@ -161,8 +160,10 @@ [PcdsFixedAtBuild]
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tdes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Arc4.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Hkdf.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
@@ -173,7 +174,7 @@ [PcdsFixedAtBuild]
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.ParallelHash.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Bn.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family | 0
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
!endif
!if $(CRYPTO_SERVICES) == MIN_PEI
@@ -217,6 +218,7 @@ [PcdsFixedAtBuild]
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
index f1f5084e70f4..74eaf44cca3e 100644
--- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
+++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
@@ -1,6 +1,26 @@
/** @file
Defines the PCD_CRYPTO_SERVICE_FAMILY_ENABLE structure associated with
- gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable that is used
+ to enable/disable crypto services at either the family scope or the
+ individual service scope. Platforms can minimize the number of enabled
+ services to reduce size.
+
+ The following services have been deprecated and must never be enabled.
+ The associated fields in this data structure are never removed or replaced
+ to preseve the binary layout of the data structure. New services are
+ always added to the end of the data structure.
+ * HmacMd5 family
+ * HmacSha1 family
+ * Md4 family
+ * Md5 family
+ * Tdes family
+ * Arc4 family
+ * Aes.Services.EcbEncrypt service
+ * Aes.Services.EcbDecrypt service
+
+ Is is recommended that the following services always be disabled and may
+ be deprecated in the future.
+ * Sha1 family
Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -25,25 +45,25 @@
typedef struct {
union {
struct {
- UINT8 New : 1;
- UINT8 Free : 1;
- UINT8 SetKey : 1;
- UINT8 Duplicate : 1;
- UINT8 Update : 1;
- UINT8 Final : 1;
+ UINT8 New : 1; // Deprecated
+ UINT8 Free : 1; // Deprecated
+ UINT8 SetKey : 1; // Deprecated
+ UINT8 Duplicate : 1; // Deprecated
+ UINT8 Update : 1; // Deprecated
+ UINT8 Final : 1; // Deprecated
} Services;
- UINT32 Family;
+ UINT32 Family; // Deprecated
} HmacMd5;
union {
struct {
- UINT8 New : 1;
- UINT8 Free : 1;
- UINT8 SetKey : 1;
- UINT8 Duplicate : 1;
- UINT8 Update : 1;
- UINT8 Final : 1;
+ UINT8 New : 1; // Deprecated
+ UINT8 Free : 1; // Deprecated
+ UINT8 SetKey : 1; // Deprecated
+ UINT8 Duplicate : 1; // Deprecated
+ UINT8 Update : 1; // Deprecated
+ UINT8 Final : 1; // Deprecated
} Services;
- UINT32 Family;
+ UINT32 Family; // Deprecated
} HmacSha1;
union {
struct {
@@ -71,26 +91,26 @@ typedef struct {
} HmacSha384;
union {
struct {
- UINT8 GetContextSize : 1;
- UINT8 Init : 1;
- UINT8 Duplicate : 1;
- UINT8 Update : 1;
- UINT8 Final : 1;
- UINT8 HashAll : 1;
+ UINT8 GetContextSize : 1; // Deprecated
+ UINT8 Init : 1; // Deprecated
+ UINT8 Duplicate : 1; // Deprecated
+ UINT8 Update : 1; // Deprecated
+ UINT8 Final : 1; // Deprecated
+ UINT8 HashAll : 1; // Deprecated
} Services;
- UINT32 Family;
+ UINT32 Family; // Deprecated
} Md4;
union {
struct {
- UINT8 GetContextSize : 1;
- UINT8 Init : 1;
- UINT8 Duplicate : 1;
- UINT8 Update : 1;
- UINT8 Final : 1;
- UINT8 HashAll : 1;
+ UINT8 GetContextSize : 1; // Deprecated
+ UINT8 Init : 1; // Deprecated
+ UINT8 Duplicate : 1; // Deprecated
+ UINT8 Update : 1; // Deprecated
+ UINT8 Final : 1; // Deprecated
+ UINT8 HashAll : 1; // Deprecated
} Services;
UINT32 Family;
- } Md5;
+ } Md5; // Deprecated
union {
struct {
UINT8 Pkcs1v2Encrypt : 1;
@@ -143,14 +163,14 @@ typedef struct {
} Rsa;
union {
struct {
- UINT8 GetContextSize : 1;
- UINT8 Init : 1;
- UINT8 Duplicate : 1;
- UINT8 Update : 1;
- UINT8 Final : 1;
- UINT8 HashAll : 1;
+ UINT8 GetContextSize : 1; // Recommend disable
+ UINT8 Init : 1; // Recommend disable
+ UINT8 Duplicate : 1; // Recommend disable
+ UINT8 Update : 1; // Recommend disable
+ UINT8 Final : 1; // Recommend disable
+ UINT8 HashAll : 1; // Recommend disable
} Services;
- UINT32 Family;
+ UINT32 Family; // Recommend disable
} Sha1;
union {
struct {
@@ -216,21 +236,21 @@ typedef struct {
} X509;
union {
struct {
- UINT8 GetContextSize : 1;
- UINT8 Init : 1;
- UINT8 EcbEncrypt : 1;
- UINT8 EcbDecrypt : 1;
- UINT8 CbcEncrypt : 1;
- UINT8 CbcDecrypt : 1;
+ UINT8 GetContextSize : 1; // Deprecated
+ UINT8 Init : 1; // Deprecated
+ UINT8 EcbEncrypt : 1; // Deprecated
+ UINT8 EcbDecrypt : 1; // Deprecated
+ UINT8 CbcEncrypt : 1; // Deprecated
+ UINT8 CbcDecrypt : 1; // Deprecated
} Services;
- UINT32 Family;
+ UINT32 Family; // Deprecated
} Tdes;
union {
struct {
UINT8 GetContextSize : 1;
UINT8 Init : 1;
- UINT8 EcbEncrypt : 1;
- UINT8 EcbDecrypt : 1;
+ UINT8 EcbEncrypt : 1; // Deprecated
+ UINT8 EcbDecrypt : 1; // Deprecated
UINT8 CbcEncrypt : 1;
UINT8 CbcDecrypt : 1;
} Services;
@@ -238,13 +258,13 @@ typedef struct {
} Aes;
union {
struct {
- UINT8 GetContextSize : 1;
- UINT8 Init : 1;
- UINT8 Encrypt : 1;
- UINT8 Decrypt : 1;
- UINT8 Reset : 1;
+ UINT8 GetContextSize : 1; // Deprecated
+ UINT8 Init : 1; // Deprecated
+ UINT8 Encrypt : 1; // Deprecated
+ UINT8 Decrypt : 1; // Deprecated
+ UINT8 Reset : 1; // Deprecated
} Services;
- UINT32 Family;
+ UINT32 Family; // Deprecated
} Arc4;
union {
struct {
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 21+ messages in thread* [Patch v2 02/16] CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format
2022-10-20 18:34 [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
2022-10-20 18:34 ` [Patch v2 01/16] CryptoPkg: Document and disable deprecated crypto services Michael D Kinney
@ 2022-10-20 18:34 ` Michael D Kinney
2022-10-20 18:34 ` [Patch v2 03/16] CryptoPkg/Library/BaseCryptLib: Update internal functions/variables Michael D Kinney
` (15 subsequent siblings)
17 siblings, 0 replies; 21+ messages in thread
From: Michael D Kinney @ 2022-10-20 18:34 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.uni | 2 --
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni | 2 --
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni | 2 --
CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf | 1 +
.../BaseCryptLib/{SmmCryptLib.uni => SecCryptLib.uni} | 11 ++---------
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni | 2 --
6 files changed, 3 insertions(+), 17 deletions(-)
copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni => SecCryptLib.uni} (74%)
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.uni
index ed1852efbe04..d9d53d099c4e 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.uni
@@ -12,8 +12,6 @@
//
// **/
-
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_DRIVER"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow."
-
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
index 20ae64e8bf1a..8cffc00daf5d 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.uni
@@ -18,8 +18,6 @@
//
// **/
-
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for PEIM"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, X.509 certificate handler functions, authenticode signature verification functions, PEM handler functions, and pseudorandom number generator functions are not supported in this instance."
-
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
index 0cf378c5ab84..786738a99d73 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.uni
@@ -17,8 +17,6 @@
//
// **/
-
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for DXE_RUNTIME_DRIVER"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
-
diff --git a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
index 0b1dd31c411c..4f652be46a82 100644
--- a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
@@ -14,6 +14,7 @@
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = SecCryptLib
+ MODULE_UNI_FILE = SecCryptLib.uni
FILE_GUID = 3689D343-0D32-4284-8053-BF10537990E8
MODULE_TYPE = BASE
VERSION_STRING = 1.0
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.uni
similarity index 74%
copy from CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
copy to CryptoPkg/Library/BaseCryptLib/SecCryptLib.uni
index f0c33abbcf22..c0dd1eb0f351 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.uni
@@ -1,24 +1,17 @@
// /** @file
-// Cryptographic Library Instance for SMM driver.
+// Cryptographic Library Instance for SEC driver.
//
// Caution: This module requires additional review when modified.
// This library will have external input - signature.
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
-// Note: AES
-// functions, RSA external functions, PKCS#7 SignedData sign functions,
-// Diffie-Hellman functions, and authenticode signature verification functions are
-// not supported in this instance.
-//
// Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
//
// SPDX-License-Identifier: BSD-2-Clause-Patent
//
// **/
-
-#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver"
+#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SEC driver"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
-
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
index f0c33abbcf22..7e0f55f792e1 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.uni
@@ -17,8 +17,6 @@
//
// **/
-
#string STR_MODULE_ABSTRACT #language en-US "Cryptographic Library Instance for SMM driver"
#string STR_MODULE_DESCRIPTION #language en-US "Caution: This module requires additional review when modified. This library will have external input - signature. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow. Note: AES functions, RSA external functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and authenticode signature verification functions are not supported in this instance."
-
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 21+ messages in thread* [Patch v2 03/16] CryptoPkg/Library/BaseCryptLib: Update internal functions/variables
2022-10-20 18:34 [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
2022-10-20 18:34 ` [Patch v2 01/16] CryptoPkg: Document and disable deprecated crypto services Michael D Kinney
2022-10-20 18:34 ` [Patch v2 02/16] CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format Michael D Kinney
@ 2022-10-20 18:34 ` Michael D Kinney
2022-10-20 18:34 ` [Patch v2 04/16] CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes Michael D Kinney
` (14 subsequent siblings)
17 siblings, 0 replies; 21+ messages in thread
From: Michael D Kinney @ 2022-10-20 18:34 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
* Update BaseCryptLib internal worker functions to be 'STATIC'
* Update BaseCryptLib internal working functions to not use EFIAPI
* Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global variables
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/CryptoPkg.ci.yaml | 3 +-
.../Library/BaseCryptLib/Hmac/CryptHmac.c | 7 +++
.../Library/BaseCryptLib/Kdf/CryptHkdf.c | 5 ++-
.../BaseCryptLib/Pk/CryptAuthenticode.c | 2 +-
.../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 3 +-
.../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 3 ++
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 44 +++++++++++++------
7 files changed, 50 insertions(+), 17 deletions(-)
diff --git a/CryptoPkg/CryptoPkg.ci.yaml b/CryptoPkg/CryptoPkg.ci.yaml
index 2fa3a3d5ee05..ca129d6ae56c 100644
--- a/CryptoPkg/CryptoPkg.ci.yaml
+++ b/CryptoPkg/CryptoPkg.ci.yaml
@@ -24,7 +24,8 @@
"ExceptionList": [
"8001", "IsLeap",
"8001", "OBJ_get0_data",
- "8001", "OBJ_length"
+ "8001", "OBJ_length",
+ "5005", "X509PopCertificate"
],
## Both file path and directory path are accepted.
"IgnoreFiles": [
diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
index 2786267a0be1..1ae33b6709cb 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmac.c
@@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
If the allocations fails, HmacMdNew() returns NULL.
**/
+STATIC
VOID *
HmacMdNew (
VOID
@@ -33,6 +34,7 @@ HmacMdNew (
@param[in] HmacMdCtx Pointer to the HMAC_CTX context to be released.
**/
+STATIC
VOID
HmacMdFree (
IN VOID *HmacMdCtx
@@ -59,6 +61,7 @@ HmacMdFree (
@retval FALSE The Key is set unsuccessfully.
**/
+STATIC
BOOLEAN
HmacMdSetKey (
IN CONST EVP_MD *Md,
@@ -94,6 +97,7 @@ HmacMdSetKey (
@retval FALSE HMAC-MD context copy failed.
**/
+STATIC
BOOLEAN
HmacMdDuplicate (
IN CONST VOID *HmacMdContext,
@@ -132,6 +136,7 @@ HmacMdDuplicate (
@retval FALSE HMAC-MD data digest failed.
**/
+STATIC
BOOLEAN
HmacMdUpdate (
IN OUT VOID *HmacMdContext,
@@ -183,6 +188,7 @@ HmacMdUpdate (
@retval FALSE HMAC-MD digest computation failed.
**/
+STATIC
BOOLEAN
HmacMdFinal (
IN OUT VOID *HmacMdContext,
@@ -233,6 +239,7 @@ HmacMdFinal (
@retval FALSE This interface is not supported.
**/
+STATIC
BOOLEAN
HmacMdAll (
IN CONST EVP_MD *Md,
diff --git a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
index ffaf5fb131ac..34e81246ed0d 100644
--- a/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
+++ b/CryptoPkg/Library/BaseCryptLib/Kdf/CryptHkdf.c
@@ -6,7 +6,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
-#include <Library/BaseCryptLib.h>
+#include "InternalCryptLib.h"
#include <openssl/evp.h>
#include <openssl/kdf.h>
@@ -27,6 +27,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
@retval FALSE Hkdf generation failed.
**/
+STATIC
BOOLEAN
HkdfMdExtractAndExpand (
IN CONST EVP_MD *Md,
@@ -95,6 +96,7 @@ HkdfMdExtractAndExpand (
@retval false Hkdf generation failed.
**/
+STATIC
BOOLEAN
HkdfMdExtract (
IN CONST EVP_MD *Md,
@@ -174,6 +176,7 @@ HkdfMdExtract (
@retval FALSE Hkdf generation failed.
**/
+STATIC
BOOLEAN
HkdfMdExpand (
IN CONST EVP_MD *Md,
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
index aa4a33364d92..6b0dddd4af55 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
@@ -23,7 +23,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
//
// OID ASN.1 Value for SPC_INDIRECT_DATA_OBJID
//
-UINT8 mSpcIndirectOidValue[] = {
+GLOBAL_REMOVE_IF_UNREFERENCED const UINT8 mSpcIndirectOidValue[] = {
0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04
};
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
index f8028181e47f..4e5a14e35210 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
@@ -22,7 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <openssl/x509v3.h>
#include <openssl/pkcs7.h>
-UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
+GLOBAL_REMOVE_IF_UNREFERENCED const UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
/**
Check input P7Data is a wrapped ContentInfo structure or not. If not construct
@@ -145,6 +145,7 @@ WrapPkcs7Data (
@retval FALSE The pop operation failed.
**/
+STATIC
BOOLEAN
X509PopCertificate (
IN VOID *X509Stack,
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
index 833b29ae9755..63cd49434e71 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
@@ -62,6 +62,7 @@
@retval EFI_NOT_FOUND The number of signers found was not 1.
**/
+STATIC
EFI_STATUS
GetSignerCertificate (
IN CONST PKCS7 *CertChain,
@@ -132,6 +133,7 @@ GetSignerCertificate (
@retval EFI_NOT_FOUND One or more EKU's were not found in the signature.
**/
+STATIC
EFI_STATUS
IsEkuInCertificate (
IN CONST X509 *Cert,
@@ -255,6 +257,7 @@ IsEkuInCertificate (
@retval EFI_INVALID_PARAMETER A parameter was invalid.
@retval EFI_NOT_FOUND One or more EKU's were not found in the signature.
**/
+STATIC
EFI_STATUS
CheckEKUs (
IN CONST X509 *SignerCert,
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
index f118f2e9d6aa..027dbb6842dc 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
@@ -21,7 +21,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
//
// OID ASN.1 Value for SPC_RFC3161_OBJID ("1.3.6.1.4.1.311.3.3.1")
//
-UINT8 mSpcRFC3161OidValue[] = {
+GLOBAL_REMOVE_IF_UNREFERENCED const UINT8 mSpcRFC3161OidValue[] = {
0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x03, 0x03, 0x01
};
@@ -43,11 +43,17 @@ typedef struct {
//
// ASN.1 Functions for TS_MESSAGE_IMPRINT
//
-DECLARE_ASN1_FUNCTIONS (TS_MESSAGE_IMPRINT)
-ASN1_SEQUENCE (TS_MESSAGE_IMPRINT) = {
+GLOBAL_REMOVE_IF_UNREFERENCED
+DECLARE_ASN1_FUNCTIONS (
+ TS_MESSAGE_IMPRINT
+ )
+ASN1_SEQUENCE (TS_MESSAGE_IMPRINT) =
+{
ASN1_SIMPLE (TS_MESSAGE_IMPRINT, HashAlgorithm, X509_ALGOR),
ASN1_SIMPLE (TS_MESSAGE_IMPRINT, HashedMessage, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END (TS_MESSAGE_IMPRINT)
+}
+
+ASN1_SEQUENCE_END (TS_MESSAGE_IMPRINT)
IMPLEMENT_ASN1_FUNCTIONS (TS_MESSAGE_IMPRINT)
///
@@ -68,12 +74,18 @@ typedef struct {
//
// ASN.1 Functions for TS_ACCURACY
//
-DECLARE_ASN1_FUNCTIONS (TS_ACCURACY)
-ASN1_SEQUENCE (TS_ACCURACY) = {
+GLOBAL_REMOVE_IF_UNREFERENCED
+DECLARE_ASN1_FUNCTIONS (
+ TS_ACCURACY
+ )
+ASN1_SEQUENCE (TS_ACCURACY) =
+{
ASN1_OPT (TS_ACCURACY, Seconds, ASN1_INTEGER),
ASN1_IMP_OPT (TS_ACCURACY, Millis, ASN1_INTEGER, 0),
ASN1_IMP_OPT (TS_ACCURACY, Micros, ASN1_INTEGER, 1)
-} ASN1_SEQUENCE_END (TS_ACCURACY)
+}
+
+ASN1_SEQUENCE_END (TS_ACCURACY)
IMPLEMENT_ASN1_FUNCTIONS (TS_ACCURACY)
///
@@ -114,8 +126,12 @@ typedef struct {
//
// ASN.1 Functions for TS_TST_INFO
//
-DECLARE_ASN1_FUNCTIONS (TS_TST_INFO)
-ASN1_SEQUENCE (TS_TST_INFO) = {
+GLOBAL_REMOVE_IF_UNREFERENCED
+DECLARE_ASN1_FUNCTIONS (
+ TS_TST_INFO
+ )
+ASN1_SEQUENCE (TS_TST_INFO) =
+{
ASN1_SIMPLE (TS_TST_INFO, Version, ASN1_INTEGER),
ASN1_SIMPLE (TS_TST_INFO, Policy, ASN1_OBJECT),
ASN1_SIMPLE (TS_TST_INFO, MessageImprint, TS_MESSAGE_IMPRINT),
@@ -126,7 +142,9 @@ ASN1_SEQUENCE (TS_TST_INFO) = {
ASN1_OPT (TS_TST_INFO, Nonce, ASN1_INTEGER),
ASN1_EXP_OPT (TS_TST_INFO, Tsa, GENERAL_NAME, 0),
ASN1_IMP_SEQUENCE_OF_OPT (TS_TST_INFO, Extensions, X509_EXTENSION, 1)
-} ASN1_SEQUENCE_END (TS_TST_INFO)
+}
+
+ASN1_SEQUENCE_END (TS_TST_INFO)
IMPLEMENT_ASN1_FUNCTIONS (TS_TST_INFO)
/**
@@ -139,8 +157,8 @@ IMPLEMENT_ASN1_FUNCTIONS (TS_TST_INFO)
@retval FALSE Invalid parameters.
**/
+STATIC
BOOLEAN
-EFIAPI
ConvertAsn1TimeToEfiTime (
IN ASN1_TIME *Asn1Time,
OUT EFI_TIME *EfiTime
@@ -222,8 +240,8 @@ ConvertAsn1TimeToEfiTime (
@retval FALSE Invalid TimeStamp Token Information.
**/
+STATIC
BOOLEAN
-EFIAPI
CheckTSTInfo (
IN CONST TS_TST_INFO *TstInfo,
IN CONST UINT8 *TimestampedData,
@@ -352,8 +370,8 @@ CheckTSTInfo (
@retval FALSE Invalid timestamp token.
**/
+STATIC
BOOLEAN
-EFIAPI
TimestampTokenVerify (
IN CONST UINT8 *TSToken,
IN UINTN TokenSize,
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 21+ messages in thread* [Patch v2 04/16] CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
2022-10-20 18:34 [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (2 preceding siblings ...)
2022-10-20 18:34 ` [Patch v2 03/16] CryptoPkg/Library/BaseCryptLib: Update internal functions/variables Michael D Kinney
@ 2022-10-20 18:34 ` Michael D Kinney
2022-10-20 18:34 ` [Patch v2 05/16] CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib Michael D Kinney
` (13 subsequent siblings)
17 siblings, 0 replies; 21+ messages in thread
From: Michael D Kinney @ 2022-10-20 18:34 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
* Update ImageTimeStampTest to return UNIT_TEST_PASSED instead of
Status. On success Status is TRUE(1), which was returning a unit
test status of UNIT_TEST_ERROR_PREREQUISITE_NOT_MET.
* Update HmacTests to use the *Free() service from the HMAC family
instead of FreePool(). Using FreePool() generates ASSERT() because
the context being freed was not allocated using AllocatePool().
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
.../UnitTest/Library/BaseCryptLib/HmacTests.c | 17 ++++++++++++-----
.../UnitTest/Library/BaseCryptLib/TSTests.c | 2 +-
2 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
index 9c5b39410d0f..b347cb4cb4f8 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/HmacTests.c
@@ -87,6 +87,12 @@ VOID *
VOID
);
+typedef
+VOID
+(EFIAPI *EFI_HMAC_FREE)(
+ IN VOID *HashContext
+ );
+
typedef
BOOLEAN
(EFIAPI *EFI_HMAC_INIT)(
@@ -113,6 +119,7 @@ BOOLEAN
typedef struct {
UINT32 DigestSize;
EFI_HMAC_NEW HmacNew;
+ EFI_HMAC_FREE HmacFree;
EFI_HMAC_INIT HmacInit;
EFI_HMAC_UPDATE HmacUpdate;
EFI_HMAC_FINAL HmacFinal;
@@ -123,10 +130,10 @@ typedef struct {
} HMAC_TEST_CONTEXT;
// These functions have been deprecated but they've been left commented out for future reference
-// HMAC_TEST_CONTEXT mHmacMd5TestCtx = {MD5_DIGEST_SIZE, HmacMd5New, HmacMd5SetKey, HmacMd5Update, HmacMd5Final, HmacMd5Key, sizeof(HmacMd5Key), HmacMd5Digest};
-// HMAC_TEST_CONTEXT mHmacSha1TestCtx = {SHA1_DIGEST_SIZE, HmacSha1New, HmacSha1SetKey, HmacSha1Update, HmacSha1Final, HmacSha1Key, sizeof(HmacSha1Key), HmacSha1Digest};
-HMAC_TEST_CONTEXT mHmacSha256TestCtx = { SHA256_DIGEST_SIZE, HmacSha256New, HmacSha256SetKey, HmacSha256Update, HmacSha256Final, HmacSha256Key, sizeof (HmacSha256Key), HmacSha256Digest };
-HMAC_TEST_CONTEXT mHmacSha384TestCtx = { SHA384_DIGEST_SIZE, HmacSha384New, HmacSha384SetKey, HmacSha384Update, HmacSha384Final, HmacSha384Key, sizeof (HmacSha384Key), HmacSha384Digest };
+// HMAC_TEST_CONTEXT mHmacMd5TestCtx = {MD5_DIGEST_SIZE, HmacMd5New, HmacMd5Free, HmacMd5SetKey, HmacMd5Update, HmacMd5Final, HmacMd5Key, sizeof(HmacMd5Key), HmacMd5Digest};
+// HMAC_TEST_CONTEXT mHmacSha1TestCtx = {SHA1_DIGEST_SIZE, HmacSha1New, HmacSha1Free, HmacSha1SetKey, HmacSha1Update, HmacSha1Final, HmacSha1Key, sizeof(HmacSha1Key), HmacSha1Digest};
+HMAC_TEST_CONTEXT mHmacSha256TestCtx = { SHA256_DIGEST_SIZE, HmacSha256New, HmacSha256Free, HmacSha256SetKey, HmacSha256Update, HmacSha256Final, HmacSha256Key, sizeof (HmacSha256Key), HmacSha256Digest };
+HMAC_TEST_CONTEXT mHmacSha384TestCtx = { SHA384_DIGEST_SIZE, HmacSha384New, HmacSha384Free, HmacSha384SetKey, HmacSha384Update, HmacSha384Final, HmacSha384Key, sizeof (HmacSha384Key), HmacSha384Digest };
UNIT_TEST_STATUS
EFIAPI
@@ -155,7 +162,7 @@ TestVerifyHmacCleanUp (
HmacTestContext = Context;
if (HmacTestContext->HmacCtx != NULL) {
- FreePool (HmacTestContext->HmacCtx);
+ HmacTestContext->HmacFree (HmacTestContext->HmacCtx);
}
}
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TSTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TSTests.c
index 225ec3e59746..226e57e66f04 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TSTests.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TSTests.c
@@ -322,7 +322,7 @@ TestVerifyImageTimestampVerify (
UT_ASSERT_EQUAL (SigningTime.Minute, 50);
UT_ASSERT_EQUAL (SigningTime.Second, 3);
- return Status;
+ return UNIT_TEST_PASSED;
}
TEST_DESC mImageTimestampTest[] = {
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 21+ messages in thread* [Patch v2 05/16] CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
2022-10-20 18:34 [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (3 preceding siblings ...)
2022-10-20 18:34 ` [Patch v2 04/16] CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes Michael D Kinney
@ 2022-10-20 18:34 ` Michael D Kinney
2022-10-20 18:35 ` [Patch v2 06/16] CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs Michael D Kinney
` (12 subsequent siblings)
17 siblings, 0 replies; 21+ messages in thread
From: Michael D Kinney @ 2022-10-20 18:34 UTC (permalink / raw)
To: devel
Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher, Rebecca Cran, Ard Biesheuvel
* Move SysCall/inet_pton.c from BaseCryptLib to TlsLib. The functions
in this file are only used by TlsLib instances and not any CryptLib
instances.
* Fix type mismatch in call to FreePool() in TlsConfig.c
* Remove use of gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled from
TslLib and CryptLib instances
* Add missing *Null.c files to SecCryptLib.inf and RuntimeCryptLib.inf.
* Remove ARM and AARCH64 sections from SmmCryptLib.inf that does not
support those architectures.
* Add missing PrintLib dependencies to [LibraryClasses] sections of
CryptLib INF files
* Remove extra library classes from [LibraryClasses] sections of
CryptLib INF files
* Remove unnecessary warning disables from [BuildOptions] sections of
TlsLib and CryptLib INF files
* Remove RVCT support from SecCryptLib.inf
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Cc: Rebecca Cran <quic_rcran@quicinc.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 10 +---------
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 8 +-------
CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 4 ----
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 4 ----
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 9 ++-------
CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf | 12 ++++--------
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 12 ------------
.../{BaseCryptLib => TlsLib}/SysCall/inet_pton.c | 0
CryptoPkg/Library/TlsLib/TlsConfig.c | 12 ++++--------
CryptoPkg/Library/TlsLib/TlsLib.inf | 12 +-----------
10 files changed, 13 insertions(+), 70 deletions(-)
rename CryptoPkg/Library/{BaseCryptLib => TlsLib}/SysCall/inet_pton.c (100%)
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 8896e47095d2..213813cad971 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -54,15 +54,13 @@ [Sources]
Pk/CryptTs.c
Pk/CryptRsaPss.c
Pk/CryptRsaPssSign.c
- Pk/CryptEcNull.c |*|*|*|!gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- Pk/CryptEc.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ Pk/CryptEc.c
Pem/CryptPem.c
Bn/CryptBn.c
SysCall/CrtWrapper.c
SysCall/TimerWrapper.c
SysCall/BaseMemAllocation.c
- SysCall/inet_pton.c
[Sources.Ia32]
Rand/CryptRandTsc.c
@@ -96,19 +94,13 @@ [LibraryClasses]
IntrinsicLib
PrintLib
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
-
#
# Remove these [BuildOptions] after this library is cleaned up
#
[BuildOptions]
#
# suppress the following warnings so we do not break the build with warnings-as-errors:
- # C4090: 'function' : different 'const' qualifiers
#
- MSFT:*_*_*_CC_FLAGS = /wd4090
-
GCC:*_CLANG35_*_CC_FLAGS = -std=c99
GCC:*_CLANG38_*_CC_FLAGS = -std=c99
GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index 3799780c9f52..b1629647f9c6 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -79,9 +79,7 @@ [LibraryClasses]
DebugLib
OpensslLib
IntrinsicLib
-
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ PrintLib
#
# Remove these [BuildOptions] after this library is cleaned up
@@ -89,11 +87,7 @@ [FixedPcd]
[BuildOptions]
#
# suppress the following warnings so we do not break the build with warnings-as-errors:
- # C4090: 'function' : different 'const' qualifiers
- # C4718: 'function call' : recursive call has no side effects, deleting
#
- MSFT:*_*_*_CC_FLAGS = /wd4090 /wd4718
-
GCC:*_CLANG35_*_CC_FLAGS = -std=c99
GCC:*_CLANG38_*_CC_FLAGS = -std=c99
GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
diff --git a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
index 559a6b4df037..d64cf3d68072 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c
@@ -153,7 +153,6 @@ EcGetPrivateKeyFromPem (
OUT VOID **EcContext
)
{
- #if FixedPcdGetBool (PcdOpensslEcEnabled)
BOOLEAN Status;
BIO *PemBio;
@@ -209,7 +208,4 @@ EcGetPrivateKeyFromPem (
BIO_free (PemBio);
return Status;
- #else
- return FALSE;
- #endif
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
index 1d91ac3b0f44..2333157e0d17 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -881,7 +881,6 @@ EcGetPublicKeyFromX509 (
OUT VOID **EcContext
)
{
- #if FixedPcdGetBool (PcdOpensslEcEnabled)
BOOLEAN Status;
EVP_PKEY *Pkey;
X509 *X509Cert;
@@ -935,9 +934,6 @@ EcGetPublicKeyFromX509 (
}
return Status;
- #else
- return FALSE;
- #endif
}
/**
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index bb66604e320f..07dbc0e7a8bd 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -60,7 +60,9 @@ [Sources]
Pk/CryptTsNull.c
Pk/CryptRsaPssNull.c
Pk/CryptRsaPssSignNull.c
+ Pk/CryptEcNull.c
Pem/CryptPem.c
+ Bn/CryptBnNull.c
SysCall/CrtWrapper.c
SysCall/TimerWrapper.c
@@ -91,26 +93,19 @@ [Packages]
[LibraryClasses]
BaseLib
BaseMemoryLib
- UefiBootServicesTableLib
UefiRuntimeServicesTableLib
DebugLib
OpensslLib
IntrinsicLib
PrintLib
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
-
#
# Remove these [BuildOptions] after this library is cleaned up
#
[BuildOptions]
#
# suppress the following warnings so we do not break the build with warnings-as-errors:
- # C4090: 'function' : different 'const' qualifiers
#
- MSFT:*_*_*_CC_FLAGS = /wd4090
-
GCC:*_CLANG35_*_CC_FLAGS = -std=c99
GCC:*_CLANG38_*_CC_FLAGS = -std=c99
GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
diff --git a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
index 4f652be46a82..4ad59b7bbc59 100644
--- a/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
@@ -38,6 +38,7 @@ [Sources]
Hmac/CryptHmacNull.c
Kdf/CryptHkdfNull.c
Cipher/CryptAesNull.c
+ Cipher/CryptAeadAesGcmNull.c
Pk/CryptRsaBasicNull.c
Pk/CryptRsaExtNull.c
Pk/CryptPkcs1OaepNull.c
@@ -53,6 +54,8 @@ [Sources]
Rand/CryptRandNull.c
Pk/CryptRsaPssNull.c
Pk/CryptRsaPssSignNull.c
+ Pk/CryptEcNull.c
+ Bn/CryptBnNull.c
SysCall/CrtWrapper.c
SysCall/ConstantTimeClock.c
@@ -69,6 +72,7 @@ [LibraryClasses]
DebugLib
OpensslLib
IntrinsicLib
+ PrintLib
#
# Remove these [BuildOptions] after this library is cleaned up
@@ -76,15 +80,7 @@ [LibraryClasses]
[BuildOptions]
#
# suppress the following warnings so we do not break the build with warnings-as-errors:
- # C4090: 'function' : different 'const' qualifiers
- # C4718: 'function call' : recursive call has no side effects, deleting
#
- MSFT:*_*_*_CC_FLAGS = /wd4090 /wd4718
-
- # -JCryptoPkg/Include : To disable the use of the system includes provided by RVCT
- # --diag_remark=1 : Reduce severity of "#1-D: last line of file ends without a newline"
- RVCT:*_*_ARM_CC_FLAGS = -JCryptoPkg/Include --diag_remark=1
-
GCC:*_CLANG35_*_CC_FLAGS = -std=c99
GCC:*_CLANG38_*_CC_FLAGS = -std=c99
GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 9318052a51c5..0af7a3f96e8f 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -74,19 +74,12 @@ [Sources.Ia32]
[Sources.X64]
Rand/CryptRandTsc.c
-[Sources.ARM]
- Rand/CryptRand.c
-
-[Sources.AARCH64]
- Rand/CryptRand.c
-
[Packages]
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec
[LibraryClasses]
BaseLib
- IoLib
BaseMemoryLib
MemoryAllocationLib
OpensslLib
@@ -95,18 +88,13 @@ [LibraryClasses]
MmServicesTableLib
SynchronizationLib
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
-
#
# Remove these [BuildOptions] after this library is cleaned up
#
[BuildOptions]
#
# suppress the following warnings so we do not break the build with warnings-as-errors:
- # C4090: 'function' : different 'const' qualifiers
#
- MSFT:*_*_*_CC_FLAGS = /wd4090
XCODE:*_*_*_CC_FLAGS = -mmmx -msse -std=c99
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c b/CryptoPkg/Library/TlsLib/SysCall/inet_pton.c
similarity index 100%
rename from CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
rename to CryptoPkg/Library/TlsLib/SysCall/inet_pton.c
diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
index dbe1f0652996..60559de4a7f3 100644
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -478,7 +478,7 @@ TlsSetCipherList (
FreePool (CipherString);
FreeMappedCipher:
- FreePool (MappedCipher);
+ FreePool ((VOID *)MappedCipher);
return Status;
}
@@ -1136,9 +1136,6 @@ TlsSetEcCurve (
IN UINTN DataSize
)
{
- #if !FixedPcdGetBool (PcdOpensslEcEnabled)
- return EFI_UNSUPPORTED;
- #else
TLS_CONNECTION *TlsConn;
EC_KEY *EcKey;
INT32 Nid;
@@ -1170,23 +1167,22 @@ TlsSetEcCurve (
}
if (SSL_set1_curves (TlsConn->Ssl, &Nid, 1) != 1) {
- return EFI_INVALID_PARAMETER;
+ return EFI_UNSUPPORTED;
}
EcKey = EC_KEY_new_by_curve_name (Nid);
if (EcKey == NULL) {
- return EFI_INVALID_PARAMETER;
+ return EFI_UNSUPPORTED;
}
Ret = SSL_set_tmp_ecdh (TlsConn->Ssl, EcKey);
EC_KEY_free (EcKey);
if (Ret != 1) {
- return EFI_INVALID_PARAMETER;
+ return EFI_UNSUPPORTED;
}
return EFI_SUCCESS;
- #endif
}
/**
diff --git a/CryptoPkg/Library/TlsLib/TlsLib.inf b/CryptoPkg/Library/TlsLib/TlsLib.inf
index 20b0ea683238..4e7b3e535a45 100644
--- a/CryptoPkg/Library/TlsLib/TlsLib.inf
+++ b/CryptoPkg/Library/TlsLib/TlsLib.inf
@@ -28,6 +28,7 @@ [Sources]
TlsInit.c
TlsConfig.c
TlsProcess.c
+ SysCall/inet_pton.c
[Packages]
MdePkg/MdePkg.dec
@@ -41,14 +42,3 @@ [LibraryClasses]
MemoryAllocationLib
OpensslLib
SafeIntLib
-
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
-
-[BuildOptions]
- #
- # suppress the following warnings so we do not break the build with warnings-as-errors:
- # C4090: 'function' : different 'const' qualifiers
- #
- MSFT:*_*_*_CC_FLAGS = /wd4090
-
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 21+ messages in thread* [Patch v2 06/16] CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs
2022-10-20 18:34 [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (4 preceding siblings ...)
2022-10-20 18:34 ` [Patch v2 05/16] CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib Michael D Kinney
@ 2022-10-20 18:35 ` Michael D Kinney
2022-10-20 18:35 ` [Patch v2 07/16] CryptoPkg/Library/OpensslLib: Produce consistent set of APIs Michael D Kinney
` (11 subsequent siblings)
17 siblings, 0 replies; 21+ messages in thread
From: Michael D Kinney @ 2022-10-20 18:35 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
* Remove IA32/X64 specific INF files for performance
optimized OpensslLib and combine into OpensslLibAccel.inf
and OpensslLibFullAccel.inf.
* Remove use of PcdOpensslEcEnabled and let the platform
select the EC feature by using either OpensslLibFull.inf
or OpensslLibFullAccel.inf.
* With PcdOpensslEcEnabled removed, roll back style of opensslconf.h
and remove opensslconf_generated.h. Move the choice to disable
EC/SM2 into OpensslLib INF files using OPENSSL_FLAGS define.
* Update OpensslLibContructor() API to be compatible with all
FW phases by using types from Base.h and using RETURN_STATUS
type and values instead of EFI_STATUS type and values.
* Add /wd4718 to VS2015x86 for IA32 and X64 to disable warning
for recursive call with no side effects. This is a false
positive warning that is not produced with VS2017 or VS2019.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/CryptoPkg.ci.yaml | 8 +-
.../Library/Include/openssl/opensslconf.h | 328 +++++++-
.../Include/openssl/opensslconf_generated.h | 333 ---------
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 138 ++--
CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +-
...{OpensslLibX64.inf => OpensslLibAccel.inf} | 199 +++--
.../Library/OpensslLib/OpensslLibAccel.uni | 14 +
.../OpensslLib/OpensslLibConstructor.c | 6 +-
.../Library/OpensslLib/OpensslLibCrypto.inf | 190 +++--
.../Library/OpensslLib/OpensslLibCrypto.uni | 11 +-
...{OpensslLibIa32.inf => OpensslLibFull.inf} | 169 +++--
.../{OpensslLib.uni => OpensslLibFull.uni} | 10 +-
...lLibX64Gcc.inf => OpensslLibFullAccel.inf} | 202 +++--
.../OpensslLib/OpensslLibFullAccel.uni | 14 +
.../Library/OpensslLib/OpensslLibIa32Gcc.inf | 699 ------------------
15 files changed, 904 insertions(+), 1427 deletions(-)
delete mode 100644 CryptoPkg/Library/Include/openssl/opensslconf_generated.h
rename CryptoPkg/Library/OpensslLib/{OpensslLibX64.inf => OpensslLibAccel.inf} (78%)
create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf => OpensslLibFull.inf} (79%)
copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni => OpensslLibFull.uni} (56%)
rename CryptoPkg/Library/OpensslLib/{OpensslLibX64Gcc.inf => OpensslLibFullAccel.inf} (78%)
create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf
diff --git a/CryptoPkg/CryptoPkg.ci.yaml b/CryptoPkg/CryptoPkg.ci.yaml
index ca129d6ae56c..47f29759676d 100644
--- a/CryptoPkg/CryptoPkg.ci.yaml
+++ b/CryptoPkg/CryptoPkg.ci.yaml
@@ -73,13 +73,7 @@
},
"DscCompleteCheck": {
"DscPath": "CryptoPkg.dsc",
- "IgnoreInf": [
- # These are alternatives to OpensslLib.inf
- "CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf",
- "CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf",
- "CryptoPkg/Library/OpensslLib/OpensslLibX64.inf",
- "CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf"
- ]
+ "IgnoreInf": []
},
"GuidCheck": {
"IgnoreGuidName": [],
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 53dd8c3efbe6..b98b068b3d3b 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -9,32 +9,324 @@
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
-#include <Library/PcdLib.h>
-#include <openssl/opensslconf_generated.h>
+
+#include <openssl/opensslv.h>
#ifdef __cplusplus
extern "C" {
#endif
-/* Autogenerated conditional openssl feature list starts here */
-#if !FixedPcdGetBool (PcdOpensslEcEnabled)
-# ifndef OPENSSL_NO_EC
-# define OPENSSL_NO_EC
-# endif
-# ifndef OPENSSL_NO_ECDH
-# define OPENSSL_NO_ECDH
-# endif
-# ifndef OPENSSL_NO_ECDSA
-# define OPENSSL_NO_ECDSA
-# endif
-# ifndef OPENSSL_NO_TLS1_3
-# define OPENSSL_NO_TLS1_3
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+#ifndef OPENSSL_SYS_UEFI
+# define OPENSSL_SYS_UEFI 1
+#endif
+#define OPENSSL_MIN_API 0x10100000L
+#ifndef OPENSSL_NO_BF
+# define OPENSSL_NO_BF
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+# define OPENSSL_NO_BLAKE2
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_CAST
+# define OPENSSL_NO_CAST
+#endif
+#ifndef OPENSSL_NO_CHACHA
+# define OPENSSL_NO_CHACHA
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_CT
+# define OPENSSL_NO_CT
+#endif
+#ifndef OPENSSL_NO_DES
+# define OPENSSL_NO_DES
+#endif
+#ifndef OPENSSL_NO_DSA
+# define OPENSSL_NO_DSA
+#endif
+#ifndef OPENSSL_NO_IDEA
+# define OPENSSL_NO_IDEA
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_MD4
+# define OPENSSL_NO_MD4
+#endif
+#ifndef OPENSSL_NO_MDC2
+# define OPENSSL_NO_MDC2
+#endif
+#ifndef OPENSSL_NO_POLY1305
+# define OPENSSL_NO_POLY1305
+#endif
+#ifndef OPENSSL_NO_RC2
+# define OPENSSL_NO_RC2
+#endif
+#ifndef OPENSSL_NO_RC4
+# define OPENSSL_NO_RC4
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RMD160
+# define OPENSSL_NO_RMD160
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_TS
+# define OPENSSL_NO_TS
+#endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+# define OPENSSL_NO_WHIRLPOOL
+#endif
+#ifndef OPENSSL_RAND_SEED_NONE
+# define OPENSSL_RAND_SEED_NONE
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+#ifndef OPENSSL_NO_APPS
+# define OPENSSL_NO_APPS
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_ASYNC
+# define OPENSSL_NO_ASYNC
+#endif
+#ifndef OPENSSL_NO_AUTOERRINIT
+# define OPENSSL_NO_AUTOERRINIT
+#endif
+#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
+# define OPENSSL_NO_AUTOLOAD_CONFIG
+#endif
+#ifndef OPENSSL_NO_CAPIENG
+# define OPENSSL_NO_CAPIENG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_DEPRECATED
+# define OPENSSL_NO_DEPRECATED
+#endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
+#ifndef OPENSSL_NO_DGRAM
+# define OPENSSL_NO_DGRAM
+#endif
+#ifndef OPENSSL_NO_DTLS
+# define OPENSSL_NO_DTLS
+#endif
+#ifndef OPENSSL_NO_DTLS1
+# define OPENSSL_NO_DTLS1
+#endif
+#ifndef OPENSSL_NO_DTLS1_2
+# define OPENSSL_NO_DTLS1_2
+#endif
+#ifndef OPENSSL_NO_EC2M
+# define OPENSSL_NO_EC2M
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_ENGINE
+# define OPENSSL_NO_ENGINE
+#endif
+#ifndef OPENSSL_NO_ERR
+# define OPENSSL_NO_ERR
+#endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
+#ifndef OPENSSL_NO_FILENAMES
+# define OPENSSL_NO_FILENAMES
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_HW
+# define OPENSSL_NO_HW
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_OCB
+# define OPENSSL_NO_OCB
+#endif
+#ifndef OPENSSL_NO_POSIX_IO
+# define OPENSSL_NO_POSIX_IO
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCRYPT
+# define OPENSSL_NO_SCRYPT
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SOCK
+# define OPENSSL_NO_SOCK
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_SSL3_METHOD
+#endif
+#ifndef OPENSSL_NO_STDIO
+# define OPENSSL_NO_STDIO
+#endif
+#ifndef OPENSSL_NO_TESTS
+# define OPENSSL_NO_TESTS
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UI_CONSOLE
+# define OPENSSL_NO_UI_CONSOLE
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that. This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f) f;
+# ifdef __GNUC__
+# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+# undef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
+# endif
+#elif defined(__SUNPRO_C)
+#if (__SUNPRO_C >= 0x5130)
+#undef DECLARE_DEPRECATED
+#define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
+#endif
# endif
-# ifndef OPENSSL_NO_SM2
-# define OPENSSL_NO_SM2
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+# define OPENSSL_FILE ""
+# define OPENSSL_LINE 0
+# else
+# define OPENSSL_FILE __FILE__
+# define OPENSSL_LINE __LINE__
# endif
#endif
-/* Autogenerated conditional openssl feature list ends here */
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f) f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+# undef BN_LLONG
+/* Only one for the following should be defined */
+# undef SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# define THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned int
#ifdef __cplusplus
}
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf_generated.h b/CryptoPkg/Library/Include/openssl/opensslconf_generated.h
deleted file mode 100644
index 09a6641ffcf9..000000000000
--- a/CryptoPkg/Library/Include/openssl/opensslconf_generated.h
+++ /dev/null
@@ -1,333 +0,0 @@
-/*
- * WARNING: do not edit!
- * Generated from include/openssl/opensslconf.h.in
- *
- * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/opensslv.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# error OPENSSL_ALGORITHM_DEFINES no longer supported
-#endif
-
-/*
- * OpenSSL was configured with the following options:
- */
-
-#ifndef OPENSSL_SYS_UEFI
-# define OPENSSL_SYS_UEFI 1
-#endif
-#define OPENSSL_MIN_API 0x10100000L
-#ifndef OPENSSL_NO_BF
-# define OPENSSL_NO_BF
-#endif
-#ifndef OPENSSL_NO_BLAKE2
-# define OPENSSL_NO_BLAKE2
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAST
-# define OPENSSL_NO_CAST
-#endif
-#ifndef OPENSSL_NO_CHACHA
-# define OPENSSL_NO_CHACHA
-#endif
-#ifndef OPENSSL_NO_CMS
-# define OPENSSL_NO_CMS
-#endif
-#ifndef OPENSSL_NO_CT
-# define OPENSSL_NO_CT
-#endif
-#ifndef OPENSSL_NO_DES
-# define OPENSSL_NO_DES
-#endif
-#ifndef OPENSSL_NO_DSA
-# define OPENSSL_NO_DSA
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_MD4
-# define OPENSSL_NO_MD4
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_POLY1305
-# define OPENSSL_NO_POLY1305
-#endif
-#ifndef OPENSSL_NO_RC2
-# define OPENSSL_NO_RC2
-#endif
-#ifndef OPENSSL_NO_RC4
-# define OPENSSL_NO_RC4
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RMD160
-# define OPENSSL_NO_RMD160
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-#ifndef OPENSSL_NO_SRP
-# define OPENSSL_NO_SRP
-#endif
-#ifndef OPENSSL_NO_TS
-# define OPENSSL_NO_TS
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-# define OPENSSL_NO_WHIRLPOOL
-#endif
-#ifndef OPENSSL_RAND_SEED_NONE
-# define OPENSSL_RAND_SEED_NONE
-#endif
-#ifndef OPENSSL_NO_AFALGENG
-# define OPENSSL_NO_AFALGENG
-#endif
-#ifndef OPENSSL_NO_APPS
-# define OPENSSL_NO_APPS
-#endif
-#ifndef OPENSSL_NO_ASAN
-# define OPENSSL_NO_ASAN
-#endif
-#ifndef OPENSSL_NO_ASYNC
-# define OPENSSL_NO_ASYNC
-#endif
-#ifndef OPENSSL_NO_AUTOERRINIT
-# define OPENSSL_NO_AUTOERRINIT
-#endif
-#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
-# define OPENSSL_NO_AUTOLOAD_CONFIG
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-# define OPENSSL_NO_CRYPTO_MDEBUG
-#endif
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
-# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
-#endif
-#ifndef OPENSSL_NO_DEPRECATED
-# define OPENSSL_NO_DEPRECATED
-#endif
-#ifndef OPENSSL_NO_DEVCRYPTOENG
-# define OPENSSL_NO_DEVCRYPTOENG
-#endif
-#ifndef OPENSSL_NO_DGRAM
-# define OPENSSL_NO_DGRAM
-#endif
-#ifndef OPENSSL_NO_DTLS
-# define OPENSSL_NO_DTLS
-#endif
-#ifndef OPENSSL_NO_DTLS1
-# define OPENSSL_NO_DTLS1
-#endif
-#ifndef OPENSSL_NO_DTLS1_2
-# define OPENSSL_NO_DTLS1_2
-#endif
-#ifndef OPENSSL_NO_EC2M
-# define OPENSSL_NO_EC2M
-#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_EGD
-# define OPENSSL_NO_EGD
-#endif
-#ifndef OPENSSL_NO_ENGINE
-# define OPENSSL_NO_ENGINE
-#endif
-#ifndef OPENSSL_NO_ERR
-# define OPENSSL_NO_ERR
-#endif
-#ifndef OPENSSL_NO_EXTERNAL_TESTS
-# define OPENSSL_NO_EXTERNAL_TESTS
-#endif
-#ifndef OPENSSL_NO_FILENAMES
-# define OPENSSL_NO_FILENAMES
-#endif
-#ifndef OPENSSL_NO_FUZZ_AFL
-# define OPENSSL_NO_FUZZ_AFL
-#endif
-#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
-# define OPENSSL_NO_FUZZ_LIBFUZZER
-#endif
-#ifndef OPENSSL_NO_GOST
-# define OPENSSL_NO_GOST
-#endif
-#ifndef OPENSSL_NO_HEARTBEATS
-# define OPENSSL_NO_HEARTBEATS
-#endif
-#ifndef OPENSSL_NO_HW
-# define OPENSSL_NO_HW
-#endif
-#ifndef OPENSSL_NO_MSAN
-# define OPENSSL_NO_MSAN
-#endif
-#ifndef OPENSSL_NO_OCB
-# define OPENSSL_NO_OCB
-#endif
-#ifndef OPENSSL_NO_POSIX_IO
-# define OPENSSL_NO_POSIX_IO
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_SCRYPT
-# define OPENSSL_NO_SCRYPT
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SOCK
-# define OPENSSL_NO_SOCK
-#endif
-#ifndef OPENSSL_NO_SSL_TRACE
-# define OPENSSL_NO_SSL_TRACE
-#endif
-#ifndef OPENSSL_NO_SSL3
-# define OPENSSL_NO_SSL3
-#endif
-#ifndef OPENSSL_NO_SSL3_METHOD
-# define OPENSSL_NO_SSL3_METHOD
-#endif
-#ifndef OPENSSL_NO_STDIO
-# define OPENSSL_NO_STDIO
-#endif
-#ifndef OPENSSL_NO_TESTS
-# define OPENSSL_NO_TESTS
-#endif
-#ifndef OPENSSL_NO_UBSAN
-# define OPENSSL_NO_UBSAN
-#endif
-#ifndef OPENSSL_NO_UI_CONSOLE
-# define OPENSSL_NO_UI_CONSOLE
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-# define OPENSSL_NO_WEAK_SSL_CIPHERS
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-
-/*
- * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
- * don't like that. This will hopefully silence them.
- */
-#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
-
-/*
- * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
- * declarations of functions deprecated in or before <version>. Otherwise, they
- * still won't see them if the library has been built to disable deprecated
- * functions.
- */
-#ifndef DECLARE_DEPRECATED
-# define DECLARE_DEPRECATED(f) f;
-# ifdef __GNUC__
-# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
-# undef DECLARE_DEPRECATED
-# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
-# endif
-# elif defined(__SUNPRO_C)
-# if (__SUNPRO_C >= 0x5130)
-# undef DECLARE_DEPRECATED
-# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
-# endif
-# endif
-#endif
-
-#ifndef OPENSSL_FILE
-# ifdef OPENSSL_NO_FILENAMES
-# define OPENSSL_FILE ""
-# define OPENSSL_LINE 0
-# else
-# define OPENSSL_FILE __FILE__
-# define OPENSSL_LINE __LINE__
-# endif
-#endif
-
-#ifndef OPENSSL_MIN_API
-# define OPENSSL_MIN_API 0
-#endif
-
-#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
-# undef OPENSSL_API_COMPAT
-# define OPENSSL_API_COMPAT OPENSSL_MIN_API
-#endif
-
-/*
- * Do not deprecate things to be deprecated in version 1.2.0 before the
- * OpenSSL version number matches.
- */
-#if OPENSSL_VERSION_NUMBER < 0x10200000L
-# define DEPRECATEDIN_1_2_0(f) f;
-#elif OPENSSL_API_COMPAT < 0x10200000L
-# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_1_2_0(f)
-#endif
-
-#if OPENSSL_API_COMPAT < 0x10100000L
-# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_1_1_0(f)
-#endif
-
-#if OPENSSL_API_COMPAT < 0x10000000L
-# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_1_0_0(f)
-#endif
-
-#if OPENSSL_API_COMPAT < 0x00908000L
-# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_0_9_8(f)
-#endif
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-/*
- * The following are cipher-specific, but are part of the public API.
- */
-#if !defined(OPENSSL_SYS_UEFI)
-# undef BN_LLONG
-/* Only one for the following should be defined */
-# undef SIXTY_FOUR_BIT_LONG
-# undef SIXTY_FOUR_BIT
-# define THIRTY_TWO_BIT
-#endif
-
-#define RC4_INT unsigned int
-
-#ifdef __cplusplus
-}
-#endif
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index f0ca72eeed4f..25f4f1635ed9 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -1,5 +1,5 @@
## @file
-# This module provides OpenSSL Library implementation.
+# This module provides OpenSSL Library implementation with TLS features.
#
# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
@@ -16,14 +16,18 @@ [Defines]
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
+ CONSTRUCTOR = OpensslLibConstructor
+
DEFINE OPENSSL_PATH = openssl
- DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM
+ DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_TLS1_3 -DOPENSSL_NO_SM2 -DOPENSSL_NO_ASM
+ DEFINE OPENSSL_FLAGS_CONFIG =
#
# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
#
[Sources]
+ OpensslLibConstructor.c
$(OPENSSL_PATH)/e_os.h
$(OPENSSL_PATH)/ms/uplink.h
# Autogenerated files list starts here
@@ -200,43 +204,43 @@ [Sources]
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+# $(OPENSSL_PATH)/crypto/ec/curve25519.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
+# $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+# $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+# $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+# $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+# $(OPENSSL_PATH)/crypto/ec/ec_check.c
+# $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+# $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+# $(OPENSSL_PATH)/crypto/ec/ec_err.c
+# $(OPENSSL_PATH)/crypto/ec/ec_key.c
+# $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
+# $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+# $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+# $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+# $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+# $(OPENSSL_PATH)/crypto/ec/ec_print.c
+# $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
+# $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
+# $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
+# $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
+# $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
+# $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+# $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -422,10 +426,10 @@ [Sources]
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+# $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
+# $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
+# $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
+# $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
$(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -538,15 +542,15 @@ [Sources]
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+# $(OPENSSL_PATH)/crypto/ec/ec_local.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/field.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/word.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -638,15 +642,13 @@ [LibraryClasses]
[LibraryClasses.ARM]
ArmSoftFloatLib
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
-
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought by openssl source,
# so we do not break the build with /WX option:
# C4090: 'function' : different 'const' qualifiers
# C4132: 'object' : const object should be initialized (tls13_enc.c)
+ # C4210: nonstandard extension used: function given file scope
# C4244: conversion from type1 to type2, possible loss of data
# C4245: conversion from type1 to type2, signed/unsigned mismatch
# C4267: conversion from size_t to type, possible loss of data
@@ -658,11 +660,19 @@ [BuildOptions]
# C4706: assignment within conditional expression
# C4819: The file contains a character that cannot be represented in the current code page
#
- MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
- MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
+ MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
+ MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
- INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
- INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
+ #
+ # Disable following Visual Studio 2015 compiler warnings brought by openssl source,
+ # so we do not break the build with /WX option:
+ # C4718: recursive call has no side effects, deleting
+ #
+ MSFT:*_VS2015x86_IA32_CC_FLAGS = /wd4718
+ MSFT:*_VS2015x86_X64_CC_FLAGS = /wd4718
+
+ INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
+ INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
#
# Suppress the following build warnings in openssl so we don't break the build with -Werror
@@ -671,10 +681,10 @@ [BuildOptions]
# types appropriate to the format string specified.
# -Werror=unused-but-set-variable: Warn whenever a local variable is assigned to, but otherwise unused (aside from its declaration).
#
- GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
- GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
+ GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
+ GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
- GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable
+ GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable -Wno-error=format
GCC:*_*_RISCV64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable
GCC:*_*_LOONGARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable
GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
@@ -700,8 +710,8 @@ [BuildOptions]
# 1: ignore "#1-D: last line of file ends without a newline"
# 3017: <entity> may be used before being set (NOTE: This was fixed in OpenSSL 1.1 HEAD with
# commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be dropped then.)
- XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -std=c99 -Wno-error=uninitialized
- XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -std=c99 -Wno-error=uninitialized
+ XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
+ XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
#
# AARCH64 uses strict alignment and avoids SIMD registers for code that may execute
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.uni b/CryptoPkg/Library/OpensslLib/OpensslLib.uni
index abaff8a3c37f..6b62c46040f9 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.uni
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.uni
@@ -1,7 +1,5 @@
// /** @file
-// This module provides openSSL Library implementation.
-//
-// This module provides OpenSSL Library implementation.
+// This module provides OpenSSL Library implementation with TLS features.
//
// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
//
@@ -9,8 +7,6 @@
//
// **/
+#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library implementation with TLS features."
-#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library implementation"
-
-#string STR_MODULE_DESCRIPTION #language en-US "This module provides OpenSSL Library implementation."
-
+#string STR_MODULE_DESCRIPTION #language en-US "This module provides OpenSSL Library implementation with TLS features."
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
similarity index 78%
rename from CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
rename to CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
index 5e92ba0844d5..6d43556a4064 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
@@ -1,5 +1,7 @@
## @file
-# This module provides OpenSSL Library implementation.
+# This module provides OpenSSL Library implementation with TLS features
+# along with performance optimized implementations of SHA1, SHA256, SHA512,
+# AESNI, VPAED, and GHASH for IA32 and X64.
#
# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
@@ -9,39 +11,27 @@
[Defines]
INF_VERSION = 0x00010005
- BASE_NAME = OpensslLibX64
- MODULE_UNI_FILE = OpensslLib.uni
- FILE_GUID = 18125E50-0117-4DD0-BE54-4784AD995FEF
+ BASE_NAME = OpensslLibAccel
+ MODULE_UNI_FILE = OpensslLibAccel.uni
+ FILE_GUID = 96A34760-B04A-44EB-9680-AC7606E9776B
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
+ CONSTRUCTOR = OpensslLibConstructor
+
DEFINE OPENSSL_PATH = openssl
- DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
+ DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_TLS1_3 -DOPENSSL_NO_SM2
DEFINE OPENSSL_FLAGS_CONFIG = -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
- CONSTRUCTOR = OpensslLibConstructor
#
-# VALID_ARCHITECTURES = X64
+# VALID_ARCHITECTURES = IA32 X64
#
-[Sources.X64]
+[Sources]
OpensslLibConstructor.c
$(OPENSSL_PATH)/e_os.h
$(OPENSSL_PATH)/ms/uplink.h
# Autogenerated files list starts here
- X64/crypto/aes/aesni-mb-x86_64.nasm
- X64/crypto/aes/aesni-sha1-x86_64.nasm
- X64/crypto/aes/aesni-sha256-x86_64.nasm
- X64/crypto/aes/aesni-x86_64.nasm
- X64/crypto/aes/vpaes-x86_64.nasm
- X64/crypto/modes/aesni-gcm-x86_64.nasm
- X64/crypto/modes/ghash-x86_64.nasm
- X64/crypto/sha/sha1-mb-x86_64.nasm
- X64/crypto/sha/sha1-x86_64.nasm
- X64/crypto/sha/sha256-mb-x86_64.nasm
- X64/crypto/sha/sha256-x86_64.nasm
- X64/crypto/sha/sha512-x86_64.nasm
- X64/crypto/x86_64cpuid.nasm
$(OPENSSL_PATH)/crypto/aes/aes_cbc.c
$(OPENSSL_PATH)/crypto/aes/aes_cfb.c
$(OPENSSL_PATH)/crypto/aes/aes_core.c
@@ -215,43 +205,43 @@ [Sources.X64]
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+# $(OPENSSL_PATH)/crypto/ec/curve25519.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
+# $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+# $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+# $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+# $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+# $(OPENSSL_PATH)/crypto/ec/ec_check.c
+# $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+# $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+# $(OPENSSL_PATH)/crypto/ec/ec_err.c
+# $(OPENSSL_PATH)/crypto/ec/ec_key.c
+# $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
+# $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+# $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+# $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+# $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+# $(OPENSSL_PATH)/crypto/ec/ec_print.c
+# $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
+# $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
+# $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
+# $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
+# $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
+# $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+# $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -330,6 +320,7 @@ [Sources.X64]
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
$(OPENSSL_PATH)/crypto/md5/md5_one.c
$(OPENSSL_PATH)/crypto/mem.c
+# $(OPENSSL_PATH)/crypto/mem_clr.c # Replaced by assembly optimized NASM/S files
$(OPENSSL_PATH)/crypto/mem_dbg.c
$(OPENSSL_PATH)/crypto/mem_sec.c
$(OPENSSL_PATH)/crypto/modes/cbc128.c
@@ -436,10 +427,10 @@ [Sources.X64]
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+# $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
+# $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
+# $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
+# $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
$(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -552,15 +543,15 @@ [Sources.X64]
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+# $(OPENSSL_PATH)/crypto/ec/ec_local.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/field.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/word.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -638,7 +629,53 @@ [Sources.X64]
buildinf.h
ossl_store.c
rand_pool.c
+
+[Sources.IA32]
+ IA32/crypto/aes/aesni-x86.nasm | MSFT
+ IA32/crypto/aes/vpaes-x86.nasm | MSFT
+ IA32/crypto/modes/ghash-x86.nasm | MSFT
+ IA32/crypto/sha/sha1-586.nasm | MSFT
+ IA32/crypto/sha/sha256-586.nasm | MSFT
+ IA32/crypto/sha/sha512-586.nasm | MSFT
+ IA32/crypto/x86cpuid.nasm | MSFT
+
+ IA32Gcc/crypto/aes/aesni-x86.S | GCC
+ IA32Gcc/crypto/aes/vpaes-x86.S | GCC
+ IA32Gcc/crypto/modes/ghash-x86.S | GCC
+ IA32Gcc/crypto/sha/sha1-586.S | GCC
+ IA32Gcc/crypto/sha/sha256-586.S | GCC
+ IA32Gcc/crypto/sha/sha512-586.S | GCC
+ IA32Gcc/crypto/x86cpuid.S | GCC
+
+[Sources.X64]
X64/ApiHooks.c
+ X64/crypto/aes/aesni-mb-x86_64.nasm | MSFT
+ X64/crypto/aes/aesni-sha1-x86_64.nasm | MSFT
+ X64/crypto/aes/aesni-sha256-x86_64.nasm | MSFT
+ X64/crypto/aes/aesni-x86_64.nasm | MSFT
+ X64/crypto/aes/vpaes-x86_64.nasm | MSFT
+ X64/crypto/modes/aesni-gcm-x86_64.nasm | MSFT
+ X64/crypto/modes/ghash-x86_64.nasm | MSFT
+ X64/crypto/sha/sha1-mb-x86_64.nasm | MSFT
+ X64/crypto/sha/sha1-x86_64.nasm | MSFT
+ X64/crypto/sha/sha256-mb-x86_64.nasm | MSFT
+ X64/crypto/sha/sha256-x86_64.nasm | MSFT
+ X64/crypto/sha/sha512-x86_64.nasm | MSFT
+ X64/crypto/x86_64cpuid.nasm | MSFT
+
+ X64Gcc/crypto/aes/aesni-mb-x86_64.S | GCC
+ X64Gcc/crypto/aes/aesni-sha1-x86_64.S | GCC
+ X64Gcc/crypto/aes/aesni-sha256-x86_64.S | GCC
+ X64Gcc/crypto/aes/aesni-x86_64.S | GCC
+ X64Gcc/crypto/aes/vpaes-x86_64.S | GCC
+ X64Gcc/crypto/modes/aesni-gcm-x86_64.S | GCC
+ X64Gcc/crypto/modes/ghash-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha1-mb-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha1-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha256-mb-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha256-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha512-x86_64.S | GCC
+ X64Gcc/crypto/x86_64cpuid.S | GCC
[Packages]
MdePkg/MdePkg.dec
@@ -650,9 +687,6 @@ [LibraryClasses]
RngLib
PrintLib
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
-
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought by openssl source,
@@ -671,8 +705,18 @@ [BuildOptions]
# C4706: assignment within conditional expression
# C4819: The file contains a character that cannot be represented in the current code page
#
+ MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
+ #
+ # Disable following Visual Studio 2015 compiler warnings brought by openssl source,
+ # so we do not break the build with /WX option:
+ # C4718: recursive call has no side effects, deleting
+ #
+ MSFT:*_VS2015x86_IA32_CC_FLAGS = /wd4718
+ MSFT:*_VS2015x86_X64_CC_FLAGS = /wd4718
+
+ INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
#
@@ -682,7 +726,11 @@ [BuildOptions]
# types appropriate to the format string specified.
# -Werror=unused-but-set-variable: Warn whenever a local variable is assigned to, but otherwise unused (aside from its declaration).
#
- GCC:*_*_X64_CC_FLAGS = -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
+ GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
+ GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
+ GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
+ GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
+ GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized -Wno-error=incompatible-pointer-types -Wno-error=pointer-sign -Wno-error=implicit-function-declaration -Wno-error=ignored-pragma-optimize
# suppress the following warnings in openssl so we don't break the build with warnings-as-errors:
# 1295: Deprecated declaration <entity> - give arg types
@@ -703,4 +751,5 @@ [BuildOptions]
# 1: ignore "#1-D: last line of file ends without a newline"
# 3017: <entity> may be used before being set (NOTE: This was fixed in OpenSSL 1.1 HEAD with
# commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be dropped then.)
+ XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
new file mode 100644
index 000000000000..e547a0c1e816
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
@@ -0,0 +1,14 @@
+// /** @file
+// This module provides OpenSSL Library implementation with TLS features
+// along with performance optimized implementations of SHA1, SHA256, SHA512,
+// AESNI, VPAED, and GHASH for IA32 and X64.
+//
+// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library implementation with TLS features and performance optimizations"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module provides OpenSSL Library implementation with TLS features along with performance optimized implementations of SHA1, SHA256, SHA512, AESNI, VPAED, and GHASH for IA32 and X64."
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c b/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
index 18d8a5612808..5daf73a54710 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
@@ -6,7 +6,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
-#include <Uefi.h>
+#include <Base.h>
/**
An internal OpenSSL function which fetches a local copy of the hardware
@@ -30,7 +30,7 @@ OPENSSL_cpuid_setup (
@retval EFI_SUCCESS The construction succeeded.
**/
-EFI_STATUS
+RETURN_STATUS
EFIAPI
OpensslLibConstructor (
VOID
@@ -38,5 +38,5 @@ OpensslLibConstructor (
{
OPENSSL_cpuid_setup ();
- return EFI_SUCCESS;
+ return RETURN_SUCCESS;
}
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 195016fd3d01..3e344f8515e2 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -1,5 +1,6 @@
## @file
-# This module provides OpenSSL Library implementation.
+# This module provides OpenSSL Library implementation with ECC and TLS
+# features removed and features have performance optimizations enabled.
#
# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
@@ -16,14 +17,18 @@ [Defines]
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
+ CONSTRUCTOR = OpensslLibConstructor
+
DEFINE OPENSSL_PATH = openssl
- DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM
+ DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_TLS1_3 -DOPENSSL_NO_SM2 -DOPENSSL_NO_ASM
+ DEFINE OPENSSL_FLAGS_CONFIG =
#
# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
#
[Sources]
+ OpensslLibConstructor.c
$(OPENSSL_PATH)/e_os.h
$(OPENSSL_PATH)/ms/uplink.h
# Autogenerated files list starts here
@@ -200,43 +205,43 @@ [Sources]
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+# $(OPENSSL_PATH)/crypto/ec/curve25519.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
+# $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
+# $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+# $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+# $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+# $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+# $(OPENSSL_PATH)/crypto/ec/ec_check.c
+# $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+# $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+# $(OPENSSL_PATH)/crypto/ec/ec_err.c
+# $(OPENSSL_PATH)/crypto/ec/ec_key.c
+# $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
+# $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+# $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+# $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+# $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+# $(OPENSSL_PATH)/crypto/ec/ec_print.c
+# $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
+# $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
+# $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
+# $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
+# $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
+# $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+# $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+# $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -422,10 +427,10 @@ [Sources]
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+# $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
+# $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
+# $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
+# $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
$(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -538,15 +543,15 @@ [Sources]
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+# $(OPENSSL_PATH)/crypto/ec/ec_local.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/field.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/word.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
+# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -569,6 +574,57 @@ [Sources]
$(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
+# $(OPENSSL_PATH)/ssl/bio_ssl.c
+# $(OPENSSL_PATH)/ssl/d1_lib.c
+# $(OPENSSL_PATH)/ssl/d1_msg.c
+# $(OPENSSL_PATH)/ssl/d1_srtp.c
+# $(OPENSSL_PATH)/ssl/methods.c
+# $(OPENSSL_PATH)/ssl/packet.c
+# $(OPENSSL_PATH)/ssl/pqueue.c
+# $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c
+# $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c
+# $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c
+# $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c
+# $(OPENSSL_PATH)/ssl/record/ssl3_record.c
+# $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c
+# $(OPENSSL_PATH)/ssl/s3_cbc.c
+# $(OPENSSL_PATH)/ssl/s3_enc.c
+# $(OPENSSL_PATH)/ssl/s3_lib.c
+# $(OPENSSL_PATH)/ssl/s3_msg.c
+# $(OPENSSL_PATH)/ssl/ssl_asn1.c
+# $(OPENSSL_PATH)/ssl/ssl_cert.c
+# $(OPENSSL_PATH)/ssl/ssl_ciph.c
+# $(OPENSSL_PATH)/ssl/ssl_conf.c
+# $(OPENSSL_PATH)/ssl/ssl_err.c
+# $(OPENSSL_PATH)/ssl/ssl_init.c
+# $(OPENSSL_PATH)/ssl/ssl_lib.c
+# $(OPENSSL_PATH)/ssl/ssl_mcnf.c
+# $(OPENSSL_PATH)/ssl/ssl_rsa.c
+# $(OPENSSL_PATH)/ssl/ssl_sess.c
+# $(OPENSSL_PATH)/ssl/ssl_stat.c
+# $(OPENSSL_PATH)/ssl/ssl_txt.c
+# $(OPENSSL_PATH)/ssl/ssl_utst.c
+# $(OPENSSL_PATH)/ssl/statem/extensions.c
+# $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c
+# $(OPENSSL_PATH)/ssl/statem/extensions_cust.c
+# $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c
+# $(OPENSSL_PATH)/ssl/statem/statem.c
+# $(OPENSSL_PATH)/ssl/statem/statem_clnt.c
+# $(OPENSSL_PATH)/ssl/statem/statem_dtls.c
+# $(OPENSSL_PATH)/ssl/statem/statem_lib.c
+# $(OPENSSL_PATH)/ssl/statem/statem_srvr.c
+# $(OPENSSL_PATH)/ssl/t1_enc.c
+# $(OPENSSL_PATH)/ssl/t1_lib.c
+# $(OPENSSL_PATH)/ssl/t1_trce.c
+# $(OPENSSL_PATH)/ssl/tls13_enc.c
+# $(OPENSSL_PATH)/ssl/tls_srp.c
+# $(OPENSSL_PATH)/ssl/packet_local.h
+# $(OPENSSL_PATH)/ssl/ssl_cert_table.h
+# $(OPENSSL_PATH)/ssl/ssl_local.h
+# $(OPENSSL_PATH)/ssl/record/record.h
+# $(OPENSSL_PATH)/ssl/record/record_local.h
+# $(OPENSSL_PATH)/ssl/statem/statem.h
+# $(OPENSSL_PATH)/ssl/statem/statem_local.h
# Autogenerated files list ends here
buildinf.h
ossl_store.c
@@ -587,15 +643,13 @@ [LibraryClasses]
[LibraryClasses.ARM]
ArmSoftFloatLib
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
-
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought by openssl source,
# so we do not break the build with /WX option:
# C4090: 'function' : different 'const' qualifiers
# C4132: 'object' : const object should be initialized (tls13_enc.c)
+ # C4210: nonstandard extension used: function given file scope
# C4244: conversion from type1 to type2, possible loss of data
# C4245: conversion from type1 to type2, signed/unsigned mismatch
# C4267: conversion from size_t to type, possible loss of data
@@ -607,11 +661,19 @@ [BuildOptions]
# C4706: assignment within conditional expression
# C4819: The file contains a character that cannot be represented in the current code page
#
- MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
- MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) /wd4090 /wd4132 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
+ MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
+ MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
- INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
- INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) /w
+ #
+ # Disable following Visual Studio 2015 compiler warnings brought by openssl source,
+ # so we do not break the build with /WX option:
+ # C4718: recursive call has no side effects, deleting
+ #
+ MSFT:*_VS2015x86_IA32_CC_FLAGS = /wd4718
+ MSFT:*_VS2015x86_X64_CC_FLAGS = /wd4718
+
+ INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
+ INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
#
# Suppress the following build warnings in openssl so we don't break the build with -Werror
@@ -620,10 +682,10 @@ [BuildOptions]
# types appropriate to the format string specified.
# -Werror=unused-but-set-variable: Warn whenever a local variable is assigned to, but otherwise unused (aside from its declaration).
#
- GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
- GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
+ GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
+ GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
- GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable
+ GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable -Wno-error=format
GCC:*_*_RISCV64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable
GCC:*_*_LOONGARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable
GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
@@ -649,8 +711,8 @@ [BuildOptions]
# 1: ignore "#1-D: last line of file ends without a newline"
# 3017: <entity> may be used before being set (NOTE: This was fixed in OpenSSL 1.1 HEAD with
# commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be dropped then.)
- XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -std=c99 -Wno-error=uninitialized
- XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w -std=c99 -Wno-error=uninitialized
+ XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
+ XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
#
# AARCH64 uses strict alignment and avoids SIMD registers for code that may execute
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni
index d3f12e178cae..462ccf4355f7 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.uni
@@ -1,7 +1,6 @@
// /** @file
-// This module provides openSSL Library implementation (libcrypto only, no libssl).
-//
-// This module provides OpenSSL Library implementation (libcrypto only, no libssl).
+// This module provides OpenSSL Library implementation (libcrypto only, no
+// libssl or ecc).
//
// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
//
@@ -9,8 +8,6 @@
//
// **/
+#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library implementation (libcrypto only, no libssl or ecc)"
-#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library implementation (libcrypto only, no libssl)"
-
-#string STR_MODULE_DESCRIPTION #language en-US "This module provides OpenSSL Library implementation (libcrypto only, no libssl)."
-
+#string STR_MODULE_DESCRIPTION #language en-US "This module provides OpenSSL Library implementation (libcrypto only, no libssl or ecc)."
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
similarity index 79%
rename from CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf
rename to CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
index b6ee718edeff..c3b78a448a26 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
@@ -1,5 +1,11 @@
## @file
-# This module provides OpenSSL Library implementation.
+# This module provides OpenSSL Library implementation with ECC and TLS
+# features.
+#
+# This library should be used if a module module needs ECC in TLS, or
+# asymmetric cryptography services such as X509 certificate or PEM format
+# data processing. This library increases the size overhead up to ~115 KB
+# compared to OpensslLib.inf library instance.
#
# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
@@ -9,33 +15,27 @@
[Defines]
INF_VERSION = 0x00010005
- BASE_NAME = OpensslLibIa32
- MODULE_UNI_FILE = OpensslLib.uni
- FILE_GUID = 5805D1D4-F8EE-4FBA-BDD8-74465F16A534
+ BASE_NAME = OpensslLibFull
+ MODULE_UNI_FILE = OpensslLibFull.uni
+ FILE_GUID = AB9E2231-D8FC-433F-9F27-FA293B64FB2C
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
- DEFINE OPENSSL_PATH = openssl
- DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
- DEFINE OPENSSL_FLAGS_CONFIG = -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
CONSTRUCTOR = OpensslLibConstructor
+ DEFINE OPENSSL_PATH = openssl
+ DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM
+ DEFINE OPENSSL_FLAGS_CONFIG =
+
#
-# VALID_ARCHITECTURES = IA32
+# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
#
-[Sources.IA32]
+[Sources]
OpensslLibConstructor.c
$(OPENSSL_PATH)/e_os.h
$(OPENSSL_PATH)/ms/uplink.h
# Autogenerated files list starts here
- IA32/crypto/aes/aesni-x86.nasm
- IA32/crypto/aes/vpaes-x86.nasm
- IA32/crypto/modes/ghash-x86.nasm
- IA32/crypto/sha/sha1-586.nasm
- IA32/crypto/sha/sha256-586.nasm
- IA32/crypto/sha/sha512-586.nasm
- IA32/crypto/x86cpuid.nasm
$(OPENSSL_PATH)/crypto/aes/aes_cbc.c
$(OPENSSL_PATH)/crypto/aes/aes_cfb.c
$(OPENSSL_PATH)/crypto/aes/aes_core.c
@@ -209,43 +209,43 @@ [Sources.IA32]
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -324,6 +324,7 @@ [Sources.IA32]
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
$(OPENSSL_PATH)/crypto/md5/md5_one.c
$(OPENSSL_PATH)/crypto/mem.c
+ $(OPENSSL_PATH)/crypto/mem_clr.c
$(OPENSSL_PATH)/crypto/mem_dbg.c
$(OPENSSL_PATH)/crypto/mem_sec.c
$(OPENSSL_PATH)/crypto/modes/cbc128.c
@@ -430,10 +431,10 @@ [Sources.IA32]
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
$(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -546,15 +547,15 @@ [Sources.IA32]
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -643,8 +644,8 @@ [LibraryClasses]
RngLib
PrintLib
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
+[LibraryClasses.ARM]
+ ArmSoftFloatLib
[BuildOptions]
#
@@ -665,8 +666,18 @@ [BuildOptions]
# C4819: The file contains a character that cannot be represented in the current code page
#
MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
+ MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
+
+ #
+ # Disable following Visual Studio 2015 compiler warnings brought by openssl source,
+ # so we do not break the build with /WX option:
+ # C4718: recursive call has no side effects, deleting
+ #
+ MSFT:*_VS2015x86_IA32_CC_FLAGS = /wd4718
+ MSFT:*_VS2015x86_X64_CC_FLAGS = /wd4718
INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
+ INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
#
# Suppress the following build warnings in openssl so we don't break the build with -Werror
@@ -675,7 +686,15 @@ [BuildOptions]
# types appropriate to the format string specified.
# -Werror=unused-but-set-variable: Warn whenever a local variable is assigned to, but otherwise unused (aside from its declaration).
#
- GCC:*_*_IA32_CC_FLAGS = -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
+ GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
+ GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
+ GCC:*_*_ARM_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
+ GCC:*_*_AARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable -Wno-error=format
+ GCC:*_*_RISCV64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable
+ GCC:*_*_LOONGARCH64_CC_FLAGS = $(OPENSSL_FLAGS) -Wno-error=maybe-uninitialized -Wno-format -Wno-error=unused-but-set-variable
+ GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
+ GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
+ GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized -Wno-error=incompatible-pointer-types -Wno-error=pointer-sign -Wno-error=implicit-function-declaration -Wno-error=ignored-pragma-optimize
# suppress the following warnings in openssl so we don't break the build with warnings-as-errors:
# 1295: Deprecated declaration <entity> - give arg types
@@ -697,3 +716,15 @@ [BuildOptions]
# 3017: <entity> may be used before being set (NOTE: This was fixed in OpenSSL 1.1 HEAD with
# commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be dropped then.)
XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
+ XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
+
+ #
+ # AARCH64 uses strict alignment and avoids SIMD registers for code that may execute
+ # with the MMU off. This involves SEC, PEI_CORE and PEIM modules as well as BASE
+ # libraries, given that they may be included into such modules.
+ # This library, even though of the BASE type, is never used in such cases, and
+ # avoiding the SIMD register file (which is shared with the FPU) prevents the
+ # compiler from successfully building some of the OpenSSL source files that
+ # use floating point types, so clear the flags here.
+ #
+ GCC:*_*_AARCH64_CC_XIPFLAGS ==
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.uni b/CryptoPkg/Library/OpensslLib/OpensslLibFull.uni
similarity index 56%
copy from CryptoPkg/Library/OpensslLib/OpensslLib.uni
copy to CryptoPkg/Library/OpensslLib/OpensslLibFull.uni
index abaff8a3c37f..ec50adba9f83 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.uni
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.uni
@@ -1,7 +1,5 @@
// /** @file
-// This module provides openSSL Library implementation.
-//
-// This module provides OpenSSL Library implementation.
+// This module provides OpenSSL Library implementation with TLS and ECC features.
//
// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
//
@@ -9,8 +7,6 @@
//
// **/
+#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library implementation with TLS and ECC features"
-#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library implementation"
-
-#string STR_MODULE_DESCRIPTION #language en-US "This module provides OpenSSL Library implementation."
-
+#string STR_MODULE_DESCRIPTION #language en-US "This module provides OpenSSL Library implementation with TLS and ECC features."
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
similarity index 78%
rename from CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
rename to CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
index 0f1b4b16f8b1..ec53a5911b58 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
@@ -1,5 +1,12 @@
## @file
-# This module provides OpenSSL Library implementation.
+# This module provides OpenSSL Library implementation with ECC and TLS
+# features along with performance optimized implementations of SHA1,
+# SHA256, SHA512 AESNI, VPAED, and GHASH for IA32 and X64.
+#
+# This library should be used if a module module needs ECC in TLS, or
+# asymmetric cryptography services such as X509 certificate or PEM format
+# data processing. This library increases the size overhead up to ~115 KB
+# compared to OpensslLibAccel.inf library instance.
#
# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
@@ -9,39 +16,27 @@
[Defines]
INF_VERSION = 0x00010005
- BASE_NAME = OpensslLibX64Gcc
- MODULE_UNI_FILE = OpensslLib.uni
- FILE_GUID = DD90DB9D-6A3F-4F2B-87BF-A8F2BBEF982F
+ BASE_NAME = OpensslLibFullAccel
+ MODULE_UNI_FILE = OpensslLibFullAccel.uni
+ FILE_GUID = AC649FB2-ADCF-450A-9C61-ED3CAFF12864
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = OpensslLib
+ CONSTRUCTOR = OpensslLibConstructor
+
DEFINE OPENSSL_PATH = openssl
DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
DEFINE OPENSSL_FLAGS_CONFIG = -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
- CONSTRUCTOR = OpensslLibConstructor
#
-# VALID_ARCHITECTURES = X64
+# VALID_ARCHITECTURES = IA32 X64
#
-[Sources.X64]
+[Sources]
OpensslLibConstructor.c
$(OPENSSL_PATH)/e_os.h
$(OPENSSL_PATH)/ms/uplink.h
# Autogenerated files list starts here
- X64Gcc/crypto/aes/aesni-mb-x86_64.S
- X64Gcc/crypto/aes/aesni-sha1-x86_64.S
- X64Gcc/crypto/aes/aesni-sha256-x86_64.S
- X64Gcc/crypto/aes/aesni-x86_64.S
- X64Gcc/crypto/aes/vpaes-x86_64.S
- X64Gcc/crypto/modes/aesni-gcm-x86_64.S
- X64Gcc/crypto/modes/ghash-x86_64.S
- X64Gcc/crypto/sha/sha1-mb-x86_64.S
- X64Gcc/crypto/sha/sha1-x86_64.S
- X64Gcc/crypto/sha/sha256-mb-x86_64.S
- X64Gcc/crypto/sha/sha256-x86_64.S
- X64Gcc/crypto/sha/sha512-x86_64.S
- X64Gcc/crypto/x86_64cpuid.S
$(OPENSSL_PATH)/crypto/aes/aes_cbc.c
$(OPENSSL_PATH)/crypto/aes/aes_cfb.c
$(OPENSSL_PATH)/crypto/aes/aes_core.c
@@ -215,43 +210,43 @@ [Sources.X64]
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -330,6 +325,7 @@ [Sources.X64]
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
$(OPENSSL_PATH)/crypto/md5/md5_one.c
$(OPENSSL_PATH)/crypto/mem.c
+# $(OPENSSL_PATH)/crypto/mem_clr.c # Replaced by assembly optimized NASM/S files
$(OPENSSL_PATH)/crypto/mem_dbg.c
$(OPENSSL_PATH)/crypto/mem_sec.c
$(OPENSSL_PATH)/crypto/modes/cbc128.c
@@ -436,10 +432,10 @@ [Sources.X64]
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
$(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -552,15 +548,15 @@ [Sources.X64]
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -638,7 +634,53 @@ [Sources.X64]
buildinf.h
ossl_store.c
rand_pool.c
+
+[Sources.IA32]
+ IA32/crypto/aes/aesni-x86.nasm | MSFT
+ IA32/crypto/aes/vpaes-x86.nasm | MSFT
+ IA32/crypto/modes/ghash-x86.nasm | MSFT
+ IA32/crypto/sha/sha1-586.nasm | MSFT
+ IA32/crypto/sha/sha256-586.nasm | MSFT
+ IA32/crypto/sha/sha512-586.nasm | MSFT
+ IA32/crypto/x86cpuid.nasm | MSFT
+
+ IA32Gcc/crypto/aes/aesni-x86.S | GCC
+ IA32Gcc/crypto/aes/vpaes-x86.S | GCC
+ IA32Gcc/crypto/modes/ghash-x86.S | GCC
+ IA32Gcc/crypto/sha/sha1-586.S | GCC
+ IA32Gcc/crypto/sha/sha256-586.S | GCC
+ IA32Gcc/crypto/sha/sha512-586.S | GCC
+ IA32Gcc/crypto/x86cpuid.S | GCC
+
+[Sources.X64]
X64/ApiHooks.c
+ X64/crypto/aes/aesni-mb-x86_64.nasm | MSFT
+ X64/crypto/aes/aesni-sha1-x86_64.nasm | MSFT
+ X64/crypto/aes/aesni-sha256-x86_64.nasm | MSFT
+ X64/crypto/aes/aesni-x86_64.nasm | MSFT
+ X64/crypto/aes/vpaes-x86_64.nasm | MSFT
+ X64/crypto/modes/aesni-gcm-x86_64.nasm | MSFT
+ X64/crypto/modes/ghash-x86_64.nasm | MSFT
+ X64/crypto/sha/sha1-mb-x86_64.nasm | MSFT
+ X64/crypto/sha/sha1-x86_64.nasm | MSFT
+ X64/crypto/sha/sha256-mb-x86_64.nasm | MSFT
+ X64/crypto/sha/sha256-x86_64.nasm | MSFT
+ X64/crypto/sha/sha512-x86_64.nasm | MSFT
+ X64/crypto/x86_64cpuid.nasm | MSFT
+
+ X64Gcc/crypto/aes/aesni-mb-x86_64.S | GCC
+ X64Gcc/crypto/aes/aesni-sha1-x86_64.S | GCC
+ X64Gcc/crypto/aes/aesni-sha256-x86_64.S | GCC
+ X64Gcc/crypto/aes/aesni-x86_64.S | GCC
+ X64Gcc/crypto/aes/vpaes-x86_64.S | GCC
+ X64Gcc/crypto/modes/aesni-gcm-x86_64.S | GCC
+ X64Gcc/crypto/modes/ghash-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha1-mb-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha1-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha256-mb-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha256-x86_64.S | GCC
+ X64Gcc/crypto/sha/sha512-x86_64.S | GCC
+ X64Gcc/crypto/x86_64cpuid.S | GCC
[Packages]
MdePkg/MdePkg.dec
@@ -650,9 +692,6 @@ [LibraryClasses]
RngLib
PrintLib
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
-
[BuildOptions]
#
# Disables the following Visual Studio compiler warnings brought by openssl source,
@@ -671,8 +710,18 @@ [BuildOptions]
# C4706: assignment within conditional expression
# C4819: The file contains a character that cannot be represented in the current code page
#
+ MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389 /wd4702 /wd4706 /wd4819
+ #
+ # Disable following Visual Studio 2015 compiler warnings brought by openssl source,
+ # so we do not break the build with /WX option:
+ # C4718: recursive call has no side effects, deleting
+ #
+ MSFT:*_VS2015x86_IA32_CC_FLAGS = /wd4718
+ MSFT:*_VS2015x86_X64_CC_FLAGS = /wd4718
+
+ INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
#
@@ -682,7 +731,11 @@ [BuildOptions]
# types appropriate to the format string specified.
# -Werror=unused-but-set-variable: Warn whenever a local variable is assigned to, but otherwise unused (aside from its declaration).
#
- GCC:*_*_X64_CC_FLAGS = -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
+ GCC:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
+ GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=format -Wno-format -Wno-error=unused-but-set-variable -DNO_MSABI_VA_FUNCS
+ GCC:*_CLANG35_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
+ GCC:*_CLANG38_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized
+ GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=uninitialized -Wno-error=incompatible-pointer-types -Wno-error=pointer-sign -Wno-error=implicit-function-declaration -Wno-error=ignored-pragma-optimize
# suppress the following warnings in openssl so we don't break the build with warnings-as-errors:
# 1295: Deprecated declaration <entity> - give arg types
@@ -703,4 +756,5 @@ [BuildOptions]
# 1: ignore "#1-D: last line of file ends without a newline"
# 3017: <entity> may be used before being set (NOTE: This was fixed in OpenSSL 1.1 HEAD with
# commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be dropped then.)
+ XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
new file mode 100644
index 000000000000..b8453b6c902e
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
@@ -0,0 +1,14 @@
+// /** @file
+// This module provides openSSL Library implementation with ECC and TLS
+// features along with performance optimized implementations of SHA1,
+// SHA256, SHA512 AESNI, VPAED, and GHASH for IA32 and X64.
+//
+// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_MODULE_ABSTRACT #language en-US "OpenSSL Library implementation with TLS and ECC features and performance optimizations"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module provides OpenSSL Library implementation with TLS and ECC features and performance optimizations."
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf b/CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf
deleted file mode 100644
index 150a82ec7af1..000000000000
--- a/CryptoPkg/Library/OpensslLib/OpensslLibIa32Gcc.inf
+++ /dev/null
@@ -1,699 +0,0 @@
-## @file
-# This module provides OpenSSL Library implementation.
-#
-# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
-# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
-# SPDX-License-Identifier: BSD-2-Clause-Patent
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = OpensslLibIa32Gcc
- MODULE_UNI_FILE = OpensslLib.uni
- FILE_GUID = B1B32F26-A4E1-4D38-9E34-53A148B8EB11
- MODULE_TYPE = BASE
- VERSION_STRING = 1.0
- LIBRARY_CLASS = OpensslLib
- DEFINE OPENSSL_PATH = openssl
- DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
- DEFINE OPENSSL_FLAGS_CONFIG = -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
- CONSTRUCTOR = OpensslLibConstructor
-
-#
-# VALID_ARCHITECTURES = IA32
-#
-
-[Sources.IA32]
- OpensslLibConstructor.c
- $(OPENSSL_PATH)/e_os.h
- $(OPENSSL_PATH)/ms/uplink.h
-# Autogenerated files list starts here
- IA32Gcc/crypto/aes/aesni-x86.S
- IA32Gcc/crypto/aes/vpaes-x86.S
- IA32Gcc/crypto/modes/ghash-x86.S
- IA32Gcc/crypto/sha/sha1-586.S
- IA32Gcc/crypto/sha/sha256-586.S
- IA32Gcc/crypto/sha/sha512-586.S
- IA32Gcc/crypto/x86cpuid.S
- $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
- $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
- $(OPENSSL_PATH)/crypto/aes/aes_core.c
- $(OPENSSL_PATH)/crypto/aes/aes_ige.c
- $(OPENSSL_PATH)/crypto/aes/aes_misc.c
- $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
- $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
- $(OPENSSL_PATH)/crypto/aria/aria.c
- $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
- $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
- $(OPENSSL_PATH)/crypto/asn1/a_digest.c
- $(OPENSSL_PATH)/crypto/asn1/a_dup.c
- $(OPENSSL_PATH)/crypto/asn1/a_gentm.c
- $(OPENSSL_PATH)/crypto/asn1/a_i2d_fp.c
- $(OPENSSL_PATH)/crypto/asn1/a_int.c
- $(OPENSSL_PATH)/crypto/asn1/a_mbstr.c
- $(OPENSSL_PATH)/crypto/asn1/a_object.c
- $(OPENSSL_PATH)/crypto/asn1/a_octet.c
- $(OPENSSL_PATH)/crypto/asn1/a_print.c
- $(OPENSSL_PATH)/crypto/asn1/a_sign.c
- $(OPENSSL_PATH)/crypto/asn1/a_strex.c
- $(OPENSSL_PATH)/crypto/asn1/a_strnid.c
- $(OPENSSL_PATH)/crypto/asn1/a_time.c
- $(OPENSSL_PATH)/crypto/asn1/a_type.c
- $(OPENSSL_PATH)/crypto/asn1/a_utctm.c
- $(OPENSSL_PATH)/crypto/asn1/a_utf8.c
- $(OPENSSL_PATH)/crypto/asn1/a_verify.c
- $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_err.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c
- $(OPENSSL_PATH)/crypto/asn1/asn1_par.c
- $(OPENSSL_PATH)/crypto/asn1/asn_mime.c
- $(OPENSSL_PATH)/crypto/asn1/asn_moid.c
- $(OPENSSL_PATH)/crypto/asn1/asn_mstbl.c
- $(OPENSSL_PATH)/crypto/asn1/asn_pack.c
- $(OPENSSL_PATH)/crypto/asn1/bio_asn1.c
- $(OPENSSL_PATH)/crypto/asn1/bio_ndef.c
- $(OPENSSL_PATH)/crypto/asn1/d2i_pr.c
- $(OPENSSL_PATH)/crypto/asn1/d2i_pu.c
- $(OPENSSL_PATH)/crypto/asn1/evp_asn1.c
- $(OPENSSL_PATH)/crypto/asn1/f_int.c
- $(OPENSSL_PATH)/crypto/asn1/f_string.c
- $(OPENSSL_PATH)/crypto/asn1/i2d_pr.c
- $(OPENSSL_PATH)/crypto/asn1/i2d_pu.c
- $(OPENSSL_PATH)/crypto/asn1/n_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/nsseq.c
- $(OPENSSL_PATH)/crypto/asn1/p5_pbe.c
- $(OPENSSL_PATH)/crypto/asn1/p5_pbev2.c
- $(OPENSSL_PATH)/crypto/asn1/p5_scrypt.c
- $(OPENSSL_PATH)/crypto/asn1/p8_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/t_bitst.c
- $(OPENSSL_PATH)/crypto/asn1/t_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/t_spki.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_dec.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_enc.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_fre.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_new.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_prn.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_scn.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_typ.c
- $(OPENSSL_PATH)/crypto/asn1/tasn_utl.c
- $(OPENSSL_PATH)/crypto/asn1/x_algor.c
- $(OPENSSL_PATH)/crypto/asn1/x_bignum.c
- $(OPENSSL_PATH)/crypto/asn1/x_info.c
- $(OPENSSL_PATH)/crypto/asn1/x_int64.c
- $(OPENSSL_PATH)/crypto/asn1/x_long.c
- $(OPENSSL_PATH)/crypto/asn1/x_pkey.c
- $(OPENSSL_PATH)/crypto/asn1/x_sig.c
- $(OPENSSL_PATH)/crypto/asn1/x_spki.c
- $(OPENSSL_PATH)/crypto/asn1/x_val.c
- $(OPENSSL_PATH)/crypto/async/arch/async_null.c
- $(OPENSSL_PATH)/crypto/async/arch/async_posix.c
- $(OPENSSL_PATH)/crypto/async/arch/async_win.c
- $(OPENSSL_PATH)/crypto/async/async.c
- $(OPENSSL_PATH)/crypto/async/async_err.c
- $(OPENSSL_PATH)/crypto/async/async_wait.c
- $(OPENSSL_PATH)/crypto/bio/b_addr.c
- $(OPENSSL_PATH)/crypto/bio/b_dump.c
- $(OPENSSL_PATH)/crypto/bio/b_sock.c
- $(OPENSSL_PATH)/crypto/bio/b_sock2.c
- $(OPENSSL_PATH)/crypto/bio/bf_buff.c
- $(OPENSSL_PATH)/crypto/bio/bf_lbuf.c
- $(OPENSSL_PATH)/crypto/bio/bf_nbio.c
- $(OPENSSL_PATH)/crypto/bio/bf_null.c
- $(OPENSSL_PATH)/crypto/bio/bio_cb.c
- $(OPENSSL_PATH)/crypto/bio/bio_err.c
- $(OPENSSL_PATH)/crypto/bio/bio_lib.c
- $(OPENSSL_PATH)/crypto/bio/bio_meth.c
- $(OPENSSL_PATH)/crypto/bio/bss_acpt.c
- $(OPENSSL_PATH)/crypto/bio/bss_bio.c
- $(OPENSSL_PATH)/crypto/bio/bss_conn.c
- $(OPENSSL_PATH)/crypto/bio/bss_dgram.c
- $(OPENSSL_PATH)/crypto/bio/bss_fd.c
- $(OPENSSL_PATH)/crypto/bio/bss_file.c
- $(OPENSSL_PATH)/crypto/bio/bss_log.c
- $(OPENSSL_PATH)/crypto/bio/bss_mem.c
- $(OPENSSL_PATH)/crypto/bio/bss_null.c
- $(OPENSSL_PATH)/crypto/bio/bss_sock.c
- $(OPENSSL_PATH)/crypto/bn/bn_add.c
- $(OPENSSL_PATH)/crypto/bn/bn_asm.c
- $(OPENSSL_PATH)/crypto/bn/bn_blind.c
- $(OPENSSL_PATH)/crypto/bn/bn_const.c
- $(OPENSSL_PATH)/crypto/bn/bn_ctx.c
- $(OPENSSL_PATH)/crypto/bn/bn_depr.c
- $(OPENSSL_PATH)/crypto/bn/bn_dh.c
- $(OPENSSL_PATH)/crypto/bn/bn_div.c
- $(OPENSSL_PATH)/crypto/bn/bn_err.c
- $(OPENSSL_PATH)/crypto/bn/bn_exp.c
- $(OPENSSL_PATH)/crypto/bn/bn_exp2.c
- $(OPENSSL_PATH)/crypto/bn/bn_gcd.c
- $(OPENSSL_PATH)/crypto/bn/bn_gf2m.c
- $(OPENSSL_PATH)/crypto/bn/bn_intern.c
- $(OPENSSL_PATH)/crypto/bn/bn_kron.c
- $(OPENSSL_PATH)/crypto/bn/bn_lib.c
- $(OPENSSL_PATH)/crypto/bn/bn_mod.c
- $(OPENSSL_PATH)/crypto/bn/bn_mont.c
- $(OPENSSL_PATH)/crypto/bn/bn_mpi.c
- $(OPENSSL_PATH)/crypto/bn/bn_mul.c
- $(OPENSSL_PATH)/crypto/bn/bn_nist.c
- $(OPENSSL_PATH)/crypto/bn/bn_prime.c
- $(OPENSSL_PATH)/crypto/bn/bn_print.c
- $(OPENSSL_PATH)/crypto/bn/bn_rand.c
- $(OPENSSL_PATH)/crypto/bn/bn_recp.c
- $(OPENSSL_PATH)/crypto/bn/bn_shift.c
- $(OPENSSL_PATH)/crypto/bn/bn_sqr.c
- $(OPENSSL_PATH)/crypto/bn/bn_sqrt.c
- $(OPENSSL_PATH)/crypto/bn/bn_srp.c
- $(OPENSSL_PATH)/crypto/bn/bn_word.c
- $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
- $(OPENSSL_PATH)/crypto/buffer/buf_err.c
- $(OPENSSL_PATH)/crypto/buffer/buffer.c
- $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
- $(OPENSSL_PATH)/crypto/cmac/cm_pmeth.c
- $(OPENSSL_PATH)/crypto/cmac/cmac.c
- $(OPENSSL_PATH)/crypto/comp/c_zlib.c
- $(OPENSSL_PATH)/crypto/comp/comp_err.c
- $(OPENSSL_PATH)/crypto/comp/comp_lib.c
- $(OPENSSL_PATH)/crypto/conf/conf_api.c
- $(OPENSSL_PATH)/crypto/conf/conf_def.c
- $(OPENSSL_PATH)/crypto/conf/conf_err.c
- $(OPENSSL_PATH)/crypto/conf/conf_lib.c
- $(OPENSSL_PATH)/crypto/conf/conf_mall.c
- $(OPENSSL_PATH)/crypto/conf/conf_mod.c
- $(OPENSSL_PATH)/crypto/conf/conf_sap.c
- $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
- $(OPENSSL_PATH)/crypto/cpt_err.c
- $(OPENSSL_PATH)/crypto/cryptlib.c
- $(OPENSSL_PATH)/crypto/ctype.c
- $(OPENSSL_PATH)/crypto/cversion.c
- $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
- $(OPENSSL_PATH)/crypto/dh/dh_asn1.c
- $(OPENSSL_PATH)/crypto/dh/dh_check.c
- $(OPENSSL_PATH)/crypto/dh/dh_depr.c
- $(OPENSSL_PATH)/crypto/dh/dh_err.c
- $(OPENSSL_PATH)/crypto/dh/dh_gen.c
- $(OPENSSL_PATH)/crypto/dh/dh_kdf.c
- $(OPENSSL_PATH)/crypto/dh/dh_key.c
- $(OPENSSL_PATH)/crypto/dh/dh_lib.c
- $(OPENSSL_PATH)/crypto/dh/dh_meth.c
- $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c
- $(OPENSSL_PATH)/crypto/dh/dh_prn.c
- $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
- $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
- $(OPENSSL_PATH)/crypto/dso/dso_dl.c
- $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
- $(OPENSSL_PATH)/crypto/dso/dso_err.c
- $(OPENSSL_PATH)/crypto/dso/dso_lib.c
- $(OPENSSL_PATH)/crypto/dso/dso_openssl.c
- $(OPENSSL_PATH)/crypto/dso/dso_vms.c
- $(OPENSSL_PATH)/crypto/dso/dso_win32.c
- $(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_check.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_key.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ec_print.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/err/err.c
- $(OPENSSL_PATH)/crypto/err/err_prn.c
- $(OPENSSL_PATH)/crypto/evp/bio_b64.c
- $(OPENSSL_PATH)/crypto/evp/bio_enc.c
- $(OPENSSL_PATH)/crypto/evp/bio_md.c
- $(OPENSSL_PATH)/crypto/evp/bio_ok.c
- $(OPENSSL_PATH)/crypto/evp/c_allc.c
- $(OPENSSL_PATH)/crypto/evp/c_alld.c
- $(OPENSSL_PATH)/crypto/evp/cmeth_lib.c
- $(OPENSSL_PATH)/crypto/evp/digest.c
- $(OPENSSL_PATH)/crypto/evp/e_aes.c
- $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c
- $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c
- $(OPENSSL_PATH)/crypto/evp/e_aria.c
- $(OPENSSL_PATH)/crypto/evp/e_bf.c
- $(OPENSSL_PATH)/crypto/evp/e_camellia.c
- $(OPENSSL_PATH)/crypto/evp/e_cast.c
- $(OPENSSL_PATH)/crypto/evp/e_chacha20_poly1305.c
- $(OPENSSL_PATH)/crypto/evp/e_des.c
- $(OPENSSL_PATH)/crypto/evp/e_des3.c
- $(OPENSSL_PATH)/crypto/evp/e_idea.c
- $(OPENSSL_PATH)/crypto/evp/e_null.c
- $(OPENSSL_PATH)/crypto/evp/e_old.c
- $(OPENSSL_PATH)/crypto/evp/e_rc2.c
- $(OPENSSL_PATH)/crypto/evp/e_rc4.c
- $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c
- $(OPENSSL_PATH)/crypto/evp/e_rc5.c
- $(OPENSSL_PATH)/crypto/evp/e_seed.c
- $(OPENSSL_PATH)/crypto/evp/e_sm4.c
- $(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c
- $(OPENSSL_PATH)/crypto/evp/encode.c
- $(OPENSSL_PATH)/crypto/evp/evp_cnf.c
- $(OPENSSL_PATH)/crypto/evp/evp_enc.c
- $(OPENSSL_PATH)/crypto/evp/evp_err.c
- $(OPENSSL_PATH)/crypto/evp/evp_key.c
- $(OPENSSL_PATH)/crypto/evp/evp_lib.c
- $(OPENSSL_PATH)/crypto/evp/evp_pbe.c
- $(OPENSSL_PATH)/crypto/evp/evp_pkey.c
- $(OPENSSL_PATH)/crypto/evp/m_md2.c
- $(OPENSSL_PATH)/crypto/evp/m_md4.c
- $(OPENSSL_PATH)/crypto/evp/m_md5.c
- $(OPENSSL_PATH)/crypto/evp/m_md5_sha1.c
- $(OPENSSL_PATH)/crypto/evp/m_mdc2.c
- $(OPENSSL_PATH)/crypto/evp/m_null.c
- $(OPENSSL_PATH)/crypto/evp/m_ripemd.c
- $(OPENSSL_PATH)/crypto/evp/m_sha1.c
- $(OPENSSL_PATH)/crypto/evp/m_sha3.c
- $(OPENSSL_PATH)/crypto/evp/m_sigver.c
- $(OPENSSL_PATH)/crypto/evp/m_wp.c
- $(OPENSSL_PATH)/crypto/evp/names.c
- $(OPENSSL_PATH)/crypto/evp/p5_crpt.c
- $(OPENSSL_PATH)/crypto/evp/p5_crpt2.c
- $(OPENSSL_PATH)/crypto/evp/p_dec.c
- $(OPENSSL_PATH)/crypto/evp/p_enc.c
- $(OPENSSL_PATH)/crypto/evp/p_lib.c
- $(OPENSSL_PATH)/crypto/evp/p_open.c
- $(OPENSSL_PATH)/crypto/evp/p_seal.c
- $(OPENSSL_PATH)/crypto/evp/p_sign.c
- $(OPENSSL_PATH)/crypto/evp/p_verify.c
- $(OPENSSL_PATH)/crypto/evp/pbe_scrypt.c
- $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
- $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
- $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
- $(OPENSSL_PATH)/crypto/ex_data.c
- $(OPENSSL_PATH)/crypto/getenv.c
- $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
- $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
- $(OPENSSL_PATH)/crypto/hmac/hmac.c
- $(OPENSSL_PATH)/crypto/init.c
- $(OPENSSL_PATH)/crypto/kdf/hkdf.c
- $(OPENSSL_PATH)/crypto/kdf/kdf_err.c
- $(OPENSSL_PATH)/crypto/kdf/scrypt.c
- $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
- $(OPENSSL_PATH)/crypto/lhash/lh_stats.c
- $(OPENSSL_PATH)/crypto/lhash/lhash.c
- $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
- $(OPENSSL_PATH)/crypto/md5/md5_one.c
- $(OPENSSL_PATH)/crypto/mem.c
- $(OPENSSL_PATH)/crypto/mem_dbg.c
- $(OPENSSL_PATH)/crypto/mem_sec.c
- $(OPENSSL_PATH)/crypto/modes/cbc128.c
- $(OPENSSL_PATH)/crypto/modes/ccm128.c
- $(OPENSSL_PATH)/crypto/modes/cfb128.c
- $(OPENSSL_PATH)/crypto/modes/ctr128.c
- $(OPENSSL_PATH)/crypto/modes/cts128.c
- $(OPENSSL_PATH)/crypto/modes/gcm128.c
- $(OPENSSL_PATH)/crypto/modes/ocb128.c
- $(OPENSSL_PATH)/crypto/modes/ofb128.c
- $(OPENSSL_PATH)/crypto/modes/wrap128.c
- $(OPENSSL_PATH)/crypto/modes/xts128.c
- $(OPENSSL_PATH)/crypto/o_dir.c
- $(OPENSSL_PATH)/crypto/o_fips.c
- $(OPENSSL_PATH)/crypto/o_fopen.c
- $(OPENSSL_PATH)/crypto/o_init.c
- $(OPENSSL_PATH)/crypto/o_str.c
- $(OPENSSL_PATH)/crypto/o_time.c
- $(OPENSSL_PATH)/crypto/objects/o_names.c
- $(OPENSSL_PATH)/crypto/objects/obj_dat.c
- $(OPENSSL_PATH)/crypto/objects/obj_err.c
- $(OPENSSL_PATH)/crypto/objects/obj_lib.c
- $(OPENSSL_PATH)/crypto/objects/obj_xref.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
- $(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
- $(OPENSSL_PATH)/crypto/pem/pem_all.c
- $(OPENSSL_PATH)/crypto/pem/pem_err.c
- $(OPENSSL_PATH)/crypto/pem/pem_info.c
- $(OPENSSL_PATH)/crypto/pem/pem_lib.c
- $(OPENSSL_PATH)/crypto/pem/pem_oth.c
- $(OPENSSL_PATH)/crypto/pem/pem_pk8.c
- $(OPENSSL_PATH)/crypto/pem/pem_pkey.c
- $(OPENSSL_PATH)/crypto/pem/pem_sign.c
- $(OPENSSL_PATH)/crypto/pem/pem_x509.c
- $(OPENSSL_PATH)/crypto/pem/pem_xaux.c
- $(OPENSSL_PATH)/crypto/pem/pvkfmt.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_add.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_attr.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_crpt.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_crt.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_decr.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_init.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_key.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_kiss.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_mutl.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_npas.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_sbag.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c
- $(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
- $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_doit.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
- $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
- $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
- $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
- $(OPENSSL_PATH)/crypto/rand/drbg_lib.c
- $(OPENSSL_PATH)/crypto/rand/rand_egd.c
- $(OPENSSL_PATH)/crypto/rand/rand_err.c
- $(OPENSSL_PATH)/crypto/rand/rand_lib.c
- $(OPENSSL_PATH)/crypto/rand/rand_unix.c
- $(OPENSSL_PATH)/crypto/rand/rand_vms.c
- $(OPENSSL_PATH)/crypto/rand/rand_win.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_crpt.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_depr.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_err.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_meth.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_mp.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_none.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_ossl.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_pmeth.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_prn.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_pss.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_saos.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_sign.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
- $(OPENSSL_PATH)/crypto/sha/keccak1600.c
- $(OPENSSL_PATH)/crypto/sha/sha1_one.c
- $(OPENSSL_PATH)/crypto/sha/sha1dgst.c
- $(OPENSSL_PATH)/crypto/sha/sha256.c
- $(OPENSSL_PATH)/crypto/sha/sha512.c
- $(OPENSSL_PATH)/crypto/siphash/siphash.c
- $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
- $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_err.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
- $(OPENSSL_PATH)/crypto/sm3/sm3.c
- $(OPENSSL_PATH)/crypto/sm4/sm4.c
- $(OPENSSL_PATH)/crypto/stack/stack.c
- $(OPENSSL_PATH)/crypto/threads_none.c
- $(OPENSSL_PATH)/crypto/threads_pthread.c
- $(OPENSSL_PATH)/crypto/threads_win.c
- $(OPENSSL_PATH)/crypto/txt_db/txt_db.c
- $(OPENSSL_PATH)/crypto/ui/ui_err.c
- $(OPENSSL_PATH)/crypto/ui/ui_lib.c
- $(OPENSSL_PATH)/crypto/ui/ui_null.c
- $(OPENSSL_PATH)/crypto/ui/ui_openssl.c
- $(OPENSSL_PATH)/crypto/ui/ui_util.c
- $(OPENSSL_PATH)/crypto/uid.c
- $(OPENSSL_PATH)/crypto/x509/by_dir.c
- $(OPENSSL_PATH)/crypto/x509/by_file.c
- $(OPENSSL_PATH)/crypto/x509/t_crl.c
- $(OPENSSL_PATH)/crypto/x509/t_req.c
- $(OPENSSL_PATH)/crypto/x509/t_x509.c
- $(OPENSSL_PATH)/crypto/x509/x509_att.c
- $(OPENSSL_PATH)/crypto/x509/x509_cmp.c
- $(OPENSSL_PATH)/crypto/x509/x509_d2.c
- $(OPENSSL_PATH)/crypto/x509/x509_def.c
- $(OPENSSL_PATH)/crypto/x509/x509_err.c
- $(OPENSSL_PATH)/crypto/x509/x509_ext.c
- $(OPENSSL_PATH)/crypto/x509/x509_lu.c
- $(OPENSSL_PATH)/crypto/x509/x509_meth.c
- $(OPENSSL_PATH)/crypto/x509/x509_obj.c
- $(OPENSSL_PATH)/crypto/x509/x509_r2x.c
- $(OPENSSL_PATH)/crypto/x509/x509_req.c
- $(OPENSSL_PATH)/crypto/x509/x509_set.c
- $(OPENSSL_PATH)/crypto/x509/x509_trs.c
- $(OPENSSL_PATH)/crypto/x509/x509_txt.c
- $(OPENSSL_PATH)/crypto/x509/x509_v3.c
- $(OPENSSL_PATH)/crypto/x509/x509_vfy.c
- $(OPENSSL_PATH)/crypto/x509/x509_vpm.c
- $(OPENSSL_PATH)/crypto/x509/x509cset.c
- $(OPENSSL_PATH)/crypto/x509/x509name.c
- $(OPENSSL_PATH)/crypto/x509/x509rset.c
- $(OPENSSL_PATH)/crypto/x509/x509spki.c
- $(OPENSSL_PATH)/crypto/x509/x509type.c
- $(OPENSSL_PATH)/crypto/x509/x_all.c
- $(OPENSSL_PATH)/crypto/x509/x_attrib.c
- $(OPENSSL_PATH)/crypto/x509/x_crl.c
- $(OPENSSL_PATH)/crypto/x509/x_exten.c
- $(OPENSSL_PATH)/crypto/x509/x_name.c
- $(OPENSSL_PATH)/crypto/x509/x_pubkey.c
- $(OPENSSL_PATH)/crypto/x509/x_req.c
- $(OPENSSL_PATH)/crypto/x509/x_x509.c
- $(OPENSSL_PATH)/crypto/x509/x_x509a.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_map.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c
- $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_admis.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_asid.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_bcons.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_bitst.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_conf.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_cpols.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_crld.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_enum.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_extku.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_genn.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_ia5.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_info.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_int.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_lib.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_ncons.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pci.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pcia.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pcons.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pku.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_pmaps.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_prn.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_purp.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_skey.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_sxnet.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
- $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
- $(OPENSSL_PATH)/crypto/x509v3/v3err.c
- $(OPENSSL_PATH)/crypto/arm_arch.h
- $(OPENSSL_PATH)/crypto/mips_arch.h
- $(OPENSSL_PATH)/crypto/ppc_arch.h
- $(OPENSSL_PATH)/crypto/s390x_arch.h
- $(OPENSSL_PATH)/crypto/sparc_arch.h
- $(OPENSSL_PATH)/crypto/vms_rms.h
- $(OPENSSL_PATH)/crypto/aes/aes_local.h
- $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
- $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
- $(OPENSSL_PATH)/crypto/asn1/charmap.h
- $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
- $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
- $(OPENSSL_PATH)/crypto/async/async_local.h
- $(OPENSSL_PATH)/crypto/async/arch/async_null.h
- $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
- $(OPENSSL_PATH)/crypto/async/arch/async_win.h
- $(OPENSSL_PATH)/crypto/bio/bio_local.h
- $(OPENSSL_PATH)/crypto/bn/bn_local.h
- $(OPENSSL_PATH)/crypto/bn/bn_prime.h
- $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
- $(OPENSSL_PATH)/crypto/comp/comp_local.h
- $(OPENSSL_PATH)/crypto/conf/conf_def.h
- $(OPENSSL_PATH)/crypto/conf/conf_local.h
- $(OPENSSL_PATH)/crypto/dh/dh_local.h
- $(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- $(OPENSSL_PATH)/crypto/evp/evp_local.h
- $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
- $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
- $(OPENSSL_PATH)/crypto/md5/md5_local.h
- $(OPENSSL_PATH)/crypto/modes/modes_local.h
- $(OPENSSL_PATH)/crypto/objects/obj_dat.h
- $(OPENSSL_PATH)/crypto/objects/obj_local.h
- $(OPENSSL_PATH)/crypto/objects/obj_xref.h
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
- $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
- $(OPENSSL_PATH)/crypto/rand/rand_local.h
- $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
- $(OPENSSL_PATH)/crypto/sha/sha_local.h
- $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
- $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
- $(OPENSSL_PATH)/crypto/store/store_local.h
- $(OPENSSL_PATH)/crypto/ui/ui_local.h
- $(OPENSSL_PATH)/crypto/x509/x509_local.h
- $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
- $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
- $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
- $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
- $(OPENSSL_PATH)/ssl/bio_ssl.c
- $(OPENSSL_PATH)/ssl/d1_lib.c
- $(OPENSSL_PATH)/ssl/d1_msg.c
- $(OPENSSL_PATH)/ssl/d1_srtp.c
- $(OPENSSL_PATH)/ssl/methods.c
- $(OPENSSL_PATH)/ssl/packet.c
- $(OPENSSL_PATH)/ssl/pqueue.c
- $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c
- $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c
- $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c
- $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c
- $(OPENSSL_PATH)/ssl/record/ssl3_record.c
- $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c
- $(OPENSSL_PATH)/ssl/s3_cbc.c
- $(OPENSSL_PATH)/ssl/s3_enc.c
- $(OPENSSL_PATH)/ssl/s3_lib.c
- $(OPENSSL_PATH)/ssl/s3_msg.c
- $(OPENSSL_PATH)/ssl/ssl_asn1.c
- $(OPENSSL_PATH)/ssl/ssl_cert.c
- $(OPENSSL_PATH)/ssl/ssl_ciph.c
- $(OPENSSL_PATH)/ssl/ssl_conf.c
- $(OPENSSL_PATH)/ssl/ssl_err.c
- $(OPENSSL_PATH)/ssl/ssl_init.c
- $(OPENSSL_PATH)/ssl/ssl_lib.c
- $(OPENSSL_PATH)/ssl/ssl_mcnf.c
- $(OPENSSL_PATH)/ssl/ssl_rsa.c
- $(OPENSSL_PATH)/ssl/ssl_sess.c
- $(OPENSSL_PATH)/ssl/ssl_stat.c
- $(OPENSSL_PATH)/ssl/ssl_txt.c
- $(OPENSSL_PATH)/ssl/ssl_utst.c
- $(OPENSSL_PATH)/ssl/statem/extensions.c
- $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c
- $(OPENSSL_PATH)/ssl/statem/extensions_cust.c
- $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c
- $(OPENSSL_PATH)/ssl/statem/statem.c
- $(OPENSSL_PATH)/ssl/statem/statem_clnt.c
- $(OPENSSL_PATH)/ssl/statem/statem_dtls.c
- $(OPENSSL_PATH)/ssl/statem/statem_lib.c
- $(OPENSSL_PATH)/ssl/statem/statem_srvr.c
- $(OPENSSL_PATH)/ssl/t1_enc.c
- $(OPENSSL_PATH)/ssl/t1_lib.c
- $(OPENSSL_PATH)/ssl/t1_trce.c
- $(OPENSSL_PATH)/ssl/tls13_enc.c
- $(OPENSSL_PATH)/ssl/tls_srp.c
- $(OPENSSL_PATH)/ssl/packet_local.h
- $(OPENSSL_PATH)/ssl/ssl_cert_table.h
- $(OPENSSL_PATH)/ssl/ssl_local.h
- $(OPENSSL_PATH)/ssl/record/record.h
- $(OPENSSL_PATH)/ssl/record/record_local.h
- $(OPENSSL_PATH)/ssl/statem/statem.h
- $(OPENSSL_PATH)/ssl/statem/statem_local.h
-# Autogenerated files list ends here
- buildinf.h
- ossl_store.c
- rand_pool.c
-
-[Packages]
- MdePkg/MdePkg.dec
- CryptoPkg/CryptoPkg.dec
-
-[LibraryClasses]
- BaseLib
- DebugLib
- RngLib
- PrintLib
-
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled ## CONSUMES
-
-[BuildOptions]
- #
- # Disables the following Visual Studio compiler warnings brought by openssl source,
- # so we do not break the build with /WX option:
- # C4090: 'function' : different 'const' qualifiers
- # C4132: 'object' : const object should be initialized (tls13_enc.c)
- # C4210: nonstandard extension used: function given file scope
- # C4244: conversion from type1 to type2, possible loss of data
- # C4245: conversion from type1 to type2, signed/unsigned mismatch
- # C4267: conversion from size_t to type, possible loss of data
- # C4306: 'identifier' : conversion from 'type1' to 'type2' of greater size
- # C4310: cast truncates constant value
- # C4389: 'operator' : signed/unsigned mismatch (xxxx)
- # C4700: uninitialized local variable 'name' used. (conf_sap.c(71))
- # C4702: unreachable code
- # C4706: assignment within conditional expression
- # C4819: The file contains a character that cannot be represented in the current code page
- #
- MSFT:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132 /wd4210 /wd4244 /wd4245 /wd4267 /wd4310 /wd4389 /wd4700 /wd4702 /wd4706 /wd4819
-
- INTEL:*_*_IA32_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -U__ICC $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w
-
- #
- # Suppress the following build warnings in openssl so we don't break the build with -Werror
- # -Werror=maybe-uninitialized: there exist some other paths for which the variable is not initialized.
- # -Werror=format: Check calls to printf and scanf, etc., to make sure that the arguments supplied have
- # types appropriate to the format string specified.
- # -Werror=unused-but-set-variable: Warn whenever a local variable is assigned to, but otherwise unused (aside from its declaration).
- #
- GCC:*_*_IA32_CC_FLAGS = -UWIN32 -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-error=unused-but-set-variable
-
- # suppress the following warnings in openssl so we don't break the build with warnings-as-errors:
- # 1295: Deprecated declaration <entity> - give arg types
- # 550: <entity> was set but never used
- # 1293: assignment in condition
- # 111: statement is unreachable (invariably "break;" after "return X;" in case statement)
- # 68: integer conversion resulted in a change of sign ("if (Status == -1)")
- # 177: <entity> was declared but never referenced
- # 223: function <entity> declared implicitly
- # 144: a value of type <type> cannot be used to initialize an entity of type <type>
- # 513: a value of type <type> cannot be assigned to an entity of type <type>
- # 188: enumerated type mixed with another type (i.e. passing an integer as an enum without a cast)
- # 1296: Extended constant initialiser used
- # 128: loop is not reachable - may be emitted inappropriately if code follows a conditional return
- # from the function that evaluates to true at compile time
- # 546: transfer of control bypasses initialization - may be emitted inappropriately if the uninitialized
- # variable is never referenced after the jump
- # 1: ignore "#1-D: last line of file ends without a newline"
- # 3017: <entity> may be used before being set (NOTE: This was fixed in OpenSSL 1.1 HEAD with
- # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and can be dropped then.)
- XCODE:*_*_IA32_CC_FLAGS = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-error=uninitialized
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 21+ messages in thread* [Patch v2 07/16] CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
2022-10-20 18:34 [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (5 preceding siblings ...)
2022-10-20 18:35 ` [Patch v2 06/16] CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs Michael D Kinney
@ 2022-10-20 18:35 ` Michael D Kinney
2022-10-20 18:35 ` [Patch v2 08/16] CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files Michael D Kinney
` (10 subsequent siblings)
17 siblings, 0 replies; 21+ messages in thread
From: Michael D Kinney @ 2022-10-20 18:35 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
Update all OpensslLib instances so they produce all the APIs used
by the BaseCryptLib instances. Not producing the same set of APIs
for a library class does not follow the EDK II library class rules
and breaks the assumptions that consumers of the OpensslLib may
make about which services are present.
* Add missing declaration of the private library class OpensslLib
to CryptoPkg.dec.
* Add SslNull.c with NULL implementations of SSL functions
* Add EcSm2Null.c with NULL implementations of EC/SM2 functions.
* Update OpensslLibCrypto.inf to include both SslNull.c and
EcSm2Null.c so this library instance produces all the opensll
APIs used by the BaseCryptLib instances.
* Update OpensslLib.inf and OpensslLibAccel.inf to include
EcSm2Null.c so these library instances produce all the opensll
APIs used by the BaseCryptLib instances.
* Add missing declaration of the private library class IntrinsicLib
to CryptoPkg.dec
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/CryptoPkg.dec | 9 +
CryptoPkg/Library/OpensslLib/EcSm2Null.c | 383 +++++++++++++++++
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 +
.../Library/OpensslLib/OpensslLibAccel.inf | 2 +
.../Library/OpensslLib/OpensslLibCrypto.inf | 2 +
.../Library/OpensslLib/OpensslLibFull.inf | 2 +
.../OpensslLib/OpensslLibFullAccel.inf | 2 +
CryptoPkg/Library/OpensslLib/SslNull.c | 405 ++++++++++++++++++
CryptoPkg/Private/Library/IntrinsicLib.h | 16 +
CryptoPkg/Private/Library/OpensslLib.h | 14 +
10 files changed, 837 insertions(+)
create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index 217e73c3bcd2..f326c6324013 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -37,6 +37,15 @@ [LibraryClasses]
#
HashApiLib|Include/Library/HashApiLib.h
+[LibraryClasses.common.Private]
+ ## @libraryclass Provides library functions from the openssl project.
+ #
+ OpensslLib|Private/Library/OpensslLib.h
+
+ ## @libraryclass Provides compiler intrinsic functions required to link openssl project.
+ #
+ InstrinsicLib|Private/Library/IntrinsicLib.h
+
[Protocols]
## EDK II Crypto DXE protocol
# 2C2275C9-3A7B-426F-BE54-2D22BD9D1092
diff --git a/CryptoPkg/Library/OpensslLib/EcSm2Null.c b/CryptoPkg/Library/OpensslLib/EcSm2Null.c
new file mode 100644
index 000000000000..6d5ab2d4cc88
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/EcSm2Null.c
@@ -0,0 +1,383 @@
+/** @file
+ Null implementation of EC and SM2 functions called by BaseCryptLib.
+
+ Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <Library/DebugLib.h>
+
+#undef OPENSSL_NO_EC
+
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/pem.h>
+
+void
+EC_GROUP_free (
+ EC_GROUP *group
+ )
+{
+ ASSERT (FALSE);
+}
+
+int
+EC_GROUP_get_order (
+ const EC_GROUP *group,
+ BIGNUM *order,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_GROUP_get_curve_name (
+ const EC_GROUP *group
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_GROUP_get_curve (
+ const EC_GROUP *group,
+ BIGNUM *p,
+ BIGNUM *a,
+ BIGNUM *b,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_GROUP_get_degree (
+ const EC_GROUP *group
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+EC_GROUP *
+EC_GROUP_new_by_curve_name (
+ int nid
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+EC_POINT *
+EC_POINT_new (
+ const EC_GROUP *group
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+void
+EC_POINT_free (
+ EC_POINT *point
+ )
+{
+ ASSERT (FALSE);
+}
+
+void
+EC_POINT_clear_free (
+ EC_POINT *point
+ )
+{
+ ASSERT (FALSE);
+}
+
+int
+EC_POINT_set_affine_coordinates (
+ const EC_GROUP *group,
+ EC_POINT *p,
+ const BIGNUM *x,
+ const BIGNUM *y,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_POINT_get_affine_coordinates (
+ const EC_GROUP *group,
+ const EC_POINT *p,
+ BIGNUM *x,
+ BIGNUM *y,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_POINT_set_compressed_coordinates (
+ const EC_GROUP *group,
+ EC_POINT *p,
+ const BIGNUM *x,
+ int y_bit,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_POINT_add (
+ const EC_GROUP *group,
+ EC_POINT *r,
+ const EC_POINT *a,
+ const EC_POINT *b,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_POINT_invert (
+ const EC_GROUP *group,
+ EC_POINT *a,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_POINT_is_at_infinity (
+ const EC_GROUP *group,
+ const EC_POINT *p
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_POINT_is_on_curve (
+ const EC_GROUP *group,
+ const EC_POINT *point,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return -1;
+}
+
+int
+EC_POINT_cmp (
+ const EC_GROUP *group,
+ const EC_POINT *a,
+ const EC_POINT *b,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return -1;
+}
+
+int
+EC_POINT_mul (
+ const EC_GROUP *group,
+ EC_POINT *r,
+ const BIGNUM *n,
+ const EC_POINT *q,
+ const BIGNUM *m,
+ BN_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return -0;
+}
+
+EC_KEY *
+EC_KEY_new_by_curve_name (
+ int nid
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+void
+EC_KEY_free (
+ EC_KEY *key
+ )
+{
+ ASSERT (FALSE);
+}
+
+EC_KEY *
+EC_KEY_dup (
+ const EC_KEY *src
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+const EC_GROUP *
+EC_KEY_get0_group (
+ const EC_KEY *key
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+const EC_POINT *
+EC_KEY_get0_public_key (
+ const EC_KEY *key
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+int
+EC_KEY_set_public_key (
+ EC_KEY *key,
+ const EC_POINT *pub
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_KEY_generate_key (
+ EC_KEY *key
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+EC_KEY_check_key (
+ const EC_KEY *key
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+int
+ECDH_compute_key (
+ void *out,
+ size_t outlen,
+ const EC_POINT *pub_key,
+ const EC_KEY *ecdh,
+ void *(*KDF)(
+ const void *in,
+ size_t inlen,
+ void *out,
+ size_t *outlen
+ )
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+struct ec_key_st *
+EVP_PKEY_get0_EC_KEY (
+ EVP_PKEY *pkey
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+EC_KEY *
+PEM_read_bio_ECPrivateKey (
+ BIO *bp,
+ EC_KEY **key,
+ pem_password_cb *cb,
+ void *u
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+ECDSA_SIG *
+ECDSA_SIG_new (
+ void
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+void
+ECDSA_SIG_free (
+ ECDSA_SIG *sig
+ )
+{
+ ASSERT (FALSE);
+}
+
+void
+ECDSA_SIG_get0 (
+ const ECDSA_SIG *sig,
+ const BIGNUM **pr,
+ const BIGNUM **ps
+ )
+{
+ ASSERT (FALSE);
+}
+
+int
+ECDSA_SIG_set0 (
+ ECDSA_SIG *sig,
+ BIGNUM *r,
+ BIGNUM *s
+ )
+{
+ return 0;
+ ASSERT (FALSE);
+}
+
+ECDSA_SIG *
+ECDSA_do_sign (
+ const unsigned char *dgst,
+ int dgst_len,
+ EC_KEY *eckey
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+int
+ECDSA_do_verify (
+ const unsigned char *dgst,
+ int dgst_len,
+ const ECDSA_SIG *sig,
+ EC_KEY *eckey
+ )
+{
+ ASSERT (FALSE);
+ return -1;
+}
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 25f4f1635ed9..615cd3757368 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -628,6 +628,8 @@ [Sources]
buildinf.h
ossl_store.c
rand_pool.c
+# SslNull.c
+ EcSm2Null.c
[Packages]
MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
index 6d43556a4064..de3974885b2d 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
@@ -629,6 +629,8 @@ [Sources]
buildinf.h
ossl_store.c
rand_pool.c
+# SslNull.c
+ EcSm2Null.c
[Sources.IA32]
IA32/crypto/aes/aesni-x86.nasm | MSFT
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 3e344f8515e2..dbb216437ca9 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -629,6 +629,8 @@ [Sources]
buildinf.h
ossl_store.c
rand_pool.c
+ SslNull.c
+ EcSm2Null.c
[Packages]
MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
index c3b78a448a26..46794e479624 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
@@ -633,6 +633,8 @@ [Sources]
buildinf.h
ossl_store.c
rand_pool.c
+# SslNull.c
+# EcSm2Null.c
[Packages]
MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
index ec53a5911b58..2a7aff30d7b4 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
@@ -634,6 +634,8 @@ [Sources]
buildinf.h
ossl_store.c
rand_pool.c
+# SslNull.c
+# EcSm2Null.c
[Sources.IA32]
IA32/crypto/aes/aesni-x86.nasm | MSFT
diff --git a/CryptoPkg/Library/OpensslLib/SslNull.c b/CryptoPkg/Library/OpensslLib/SslNull.c
new file mode 100644
index 000000000000..49f1405bc0f1
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/SslNull.c
@@ -0,0 +1,405 @@
+/** @file
+ Null implementation of SSL functions called by BaseCryptLib.
+
+ Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <Library/DebugLib.h>
+#include <openssl/ssl.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+int
+OPENSSL_init_ssl (
+ uint64_t opts,
+ const OPENSSL_INIT_SETTINGS *settings
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur uint32_t
+SSL_CIPHER_get_id (
+ const SSL_CIPHER *c
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur int
+SSL_COMP_add_compression_method (
+ int id,
+ COMP_METHOD *cm
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+long
+SSL_CTX_ctrl (
+ SSL_CTX *ctx,
+ int cmd,
+ long larg,
+ void *parg
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+void
+SSL_CTX_free (
+ SSL_CTX *x
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+__owur X509_STORE *
+SSL_CTX_get_cert_store (
+ const SSL_CTX *x
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+__owur SSL_CTX *
+SSL_CTX_new (
+ const SSL_METHOD *meth
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+unsigned long
+SSL_CTX_set_options (
+ SSL_CTX *ctx,
+ unsigned long op
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+const unsigned char *
+SSL_SESSION_get_id (
+ const SSL_SESSION *s,
+ unsigned int *len
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur size_t
+SSL_SESSION_get_master_key (
+ const SSL_SESSION *sess,
+ unsigned char *out,
+ size_t outlen
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur int
+SSL_SESSION_set1_id (
+ SSL_SESSION *s,
+ const unsigned char *sid,
+ unsigned int sid_len
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+long
+SSL_ctrl (
+ SSL *ssl,
+ int cmd,
+ long larg,
+ void *parg
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur int
+SSL_do_handshake (
+ SSL *s
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+void
+SSL_free (
+ SSL *ssl
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+__owur X509 *
+SSL_get_certificate (
+ const SSL *ssl
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+__owur size_t
+SSL_get_client_random (
+ const SSL *ssl,
+ unsigned char *out,
+ size_t outlen
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur const SSL_CIPHER *
+SSL_get_current_cipher (
+ const SSL *s
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+__owur int
+SSL_get_error (
+ const SSL *s,
+ int ret_code
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur size_t
+SSL_get_server_random (
+ const SSL *ssl,
+ unsigned char *out,
+ size_t outlen
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur SSL_SESSION *
+SSL_get_session (
+ const SSL *ssl
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+__owur SSL_CTX *
+SSL_get_SSL_CTX (
+ const SSL *ssl
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+__owur OSSL_HANDSHAKE_STATE
+SSL_get_state (
+ const SSL *ssl
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur int
+SSL_get_verify_mode (
+ const SSL *s
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur X509_VERIFY_PARAM *
+SSL_get0_param (
+ SSL *ssl
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+int
+SSL_is_init_finished (
+ const SSL *s
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur int
+SSL_is_server (
+ const SSL *s
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+SSL *
+SSL_new (
+ SSL_CTX *ctx
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+__owur int
+SSL_read (
+ SSL *ssl,
+ void *buf,
+ int num
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+void
+SSL_set_bio (
+ SSL *s,
+ BIO *rbio,
+ BIO *wbio
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+__owur int
+SSL_set_cipher_list (
+ SSL *s,
+ const char *str
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+void
+SSL_set_connect_state (
+ SSL *s
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+void
+SSL_set_hostflags (
+ SSL *s,
+ unsigned int flags
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+void
+SSL_set_info_callback (
+ SSL *ssl,
+ void ( *cb )(const SSL *ssl, int type, int val)
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+void
+SSL_set_security_level (
+ SSL *s,
+ int level
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+void
+SSL_set_verify (
+ SSL *s,
+ int mode,
+ SSL_verify_cb callback
+ )
+{
+ ASSERT (FALSE);
+ return;
+}
+
+int
+SSL_shutdown (
+ SSL *s
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur int
+SSL_use_certificate (
+ SSL *ssl,
+ X509 *x
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur int
+SSL_version (
+ const SSL *ssl
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur int
+SSL_write (
+ SSL *ssl,
+ const void *buf,
+ int num
+ )
+{
+ ASSERT (FALSE);
+ return 0;
+}
+
+__owur const SSL_METHOD *
+TLS_client_method (
+ void
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
diff --git a/CryptoPkg/Private/Library/IntrinsicLib.h b/CryptoPkg/Private/Library/IntrinsicLib.h
new file mode 100644
index 000000000000..69172a041949
--- /dev/null
+++ b/CryptoPkg/Private/Library/IntrinsicLib.h
@@ -0,0 +1,16 @@
+/** @file
+ InstrinsicLib class with intrinsic APIs generated by compilers.
+
+ Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef INTRINSTIC_LIB_H_
+#define INTRINSTIC_LIB_H_
+
+//
+// Compiler dependent intrinsic APIs.
+//
+
+#endif
diff --git a/CryptoPkg/Private/Library/OpensslLib.h b/CryptoPkg/Private/Library/OpensslLib.h
new file mode 100644
index 000000000000..005eb848724e
--- /dev/null
+++ b/CryptoPkg/Private/Library/OpensslLib.h
@@ -0,0 +1,14 @@
+/** @file
+ OpensslLib class with APIs from the openssl project
+
+ Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef OPENSSL_LIB_H_
+#define OPENSSL_LIB_H_
+
+#include <openssl/opensslv.h>
+
+#endif
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 21+ messages in thread* [Patch v2 08/16] CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
2022-10-20 18:34 [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (6 preceding siblings ...)
2022-10-20 18:35 ` [Patch v2 07/16] CryptoPkg/Library/OpensslLib: Produce consistent set of APIs Michael D Kinney
@ 2022-10-20 18:35 ` Michael D Kinney
2022-10-20 18:35 ` [Patch v2 09/16] CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec Michael D Kinney
` (9 subsequent siblings)
17 siblings, 0 replies; 21+ messages in thread
From: Michael D Kinney @ 2022-10-20 18:35 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
The OpensslLib instances do not directly use any PrintLib services.
Remove PrintLib from [LibraryClasses] sections of all OpensslLib
INF files.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 -
CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf | 1 -
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 1 -
CryptoPkg/Library/OpensslLib/OpensslLibFull.inf | 1 -
CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf | 1 -
5 files changed, 5 deletions(-)
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 615cd3757368..82ffe4ec2f8e 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -639,7 +639,6 @@ [LibraryClasses]
BaseLib
DebugLib
RngLib
- PrintLib
[LibraryClasses.ARM]
ArmSoftFloatLib
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
index de3974885b2d..32eae4a79213 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
@@ -687,7 +687,6 @@ [LibraryClasses]
BaseLib
DebugLib
RngLib
- PrintLib
[BuildOptions]
#
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index dbb216437ca9..d02769428b86 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -640,7 +640,6 @@ [LibraryClasses]
BaseLib
DebugLib
RngLib
- PrintLib
[LibraryClasses.ARM]
ArmSoftFloatLib
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
index 46794e479624..aa73265931f7 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
@@ -644,7 +644,6 @@ [LibraryClasses]
BaseLib
DebugLib
RngLib
- PrintLib
[LibraryClasses.ARM]
ArmSoftFloatLib
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
index 2a7aff30d7b4..6345b54bca4c 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
@@ -692,7 +692,6 @@ [LibraryClasses]
BaseLib
DebugLib
RngLib
- PrintLib
[BuildOptions]
#
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 21+ messages in thread* [Patch v2 09/16] CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
2022-10-20 18:34 [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (7 preceding siblings ...)
2022-10-20 18:35 ` [Patch v2 08/16] CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files Michael D Kinney
@ 2022-10-20 18:35 ` Michael D Kinney
2022-10-20 18:35 ` [Patch v2 10/16] CryptoPkg: Update DSC to improve CI test coverage Michael D Kinney
` (8 subsequent siblings)
17 siblings, 0 replies; 21+ messages in thread
From: Michael D Kinney @ 2022-10-20 18:35 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
Remove the PcdOpensslEcEnabled PCD that is no longer used.
The EC feature is selected by using one of the OpensslLib
instances that includes the EC features which are either
OpensslLibFull.inf or OpensslLibFullAccel.inf.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/CryptoPkg.dec | 33 ---------------------------------
1 file changed, 33 deletions(-)
diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index f326c6324013..e20a5e9c38e3 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -90,38 +90,5 @@ [PcdsFixedAtBuild]
# @ValidList 0x80000001 | 0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010
gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy|0x00000002|UINT32|0x00000001
- ## Enable/Disable the ECC feature in openssl library. The default is disabled.
- # If ECC feature is disabled, all related source files will not be compiled.
- # @Prompt Enable/Disable ECC feature in openssl library
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled|FALSE|BOOLEAN|0x0000003
- # Set it to TRUE if:
- # 1) Platform needs ECC in TLS, or asymmetric cryptography services such as
- # X509 certificate or PEM format data processing.
- # 2) Platform needs to enable PcdCryptoServiceFamilyEnable.Ec service.
- # Please note:
- # ECC feature will cause a significant memory increase, approximate memory impact
- # in below table for reference by platform developers with FW size limitations.
- # Uncompressed LZMA Compressed
- # CPU CRYPTO_SERVICES Module EC=FALSE EC=TRUE EC=FALSE EC=TRUE Increase
- # ==== =============== ======== ======== ======= ======== ======= ========
- # IA32 NONE CryptoPei 21536 21568 0 KB
- # IA32 NONE CryptoDxe 21632 21696 0 KB
- # IA32 NONE CryptoSmm 22976 23072 0 KB
- # IA32 MIN_PEI CryptoPei 248992 249120 0 KB
- # IA32 MIN_DXE_MIN_SMM CryptoDxe 636672 829568 288520 401034 113 KB
- # IA32 MIN_DXE_MIN_SMM CryptoSmm 426048 601472 191517 296022 105 KB
- # IA32 ALL CryptoPei 423840 598976 189047 293759 104 KB
- # IA32 ALL CryptoDxe 645280 838144 292955 405277 113 KB
- # IA32 ALL CryptoSmm 441888 617184 198779 303628 105 KB
- # X64 NONE CryptoPei 29632 29664 0 KB
- # X64 NONE CryptoDxe 29792 29792 0 KB
- # X64 NONE CryptoSmm 31296 31296 0 KB
- # X64 MIN_PEI CryptoPei 310784 310848 0 KB
- # X64 MIN_DXE_MIN_SMM CryptoDxe 804288 1016256 311436 426596 115 KB
- # X64 MIN_DXE_MIN_SMM CryptoSmm 543776 733920 204483 310775 106 KB
- # X64 ALL CryptoPei 540384 730240 202494 308467 106 KB
- # X64 ALL CryptoDxe 815392 1027296 316228 431321 115 KB
- # X64 ALL CryptoSmm 563648 753696 213488 319644 106 KB
-
[UserExtensions.TianoCore."ExtraFiles"]
CryptoPkgExtra.uni
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 21+ messages in thread* [Patch v2 10/16] CryptoPkg: Update DSC to improve CI test coverage
2022-10-20 18:34 [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (8 preceding siblings ...)
2022-10-20 18:35 ` [Patch v2 09/16] CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec Michael D Kinney
@ 2022-10-20 18:35 ` Michael D Kinney
2022-10-20 18:35 ` [Patch v2 11/16] CryptoPkg: Fixed host-based unit tests Michael D Kinney
` (7 subsequent siblings)
17 siblings, 0 replies; 21+ messages in thread
From: Michael D Kinney @ 2022-10-20 18:35 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
With the addition of EC services and performance optimized versions
of the OpensslLib for IA32/X64, the CryptoPkg.dsc file is updated
to make sure all combinations are covered in CI builds.
* Use different output directory for each CRYPTO_SERVICES profile.
* Add FILE_GUID define names for CryptoPei, CryptoDxe, and CryptoSmm
when they are linked with different OpensslLib instances.
* Update CryptoPei, CryptoDxe, CryptoSmm builds to include all
combinations of OpensslLib library instances supported by each
CPU architecture.
* Add TARGET_UINT_TESTS profile to CryptoPkg.dsc to build only
the target-based unit tests. This reduces the size of CryptoPkg
components not related to unit testing by removing unit test
specific assert handlers. Build target-based unit tests using
OpensslLibFull.inf and OpensslLibFullAccel.inf.
* Remove the PACKAGE profile and instead make the ALL profile
the default for CI testing that enables all services for all
modules.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 428 ++++++++++++++++++++++++++++++++--------
1 file changed, 345 insertions(+), 83 deletions(-)
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 032b9e637737..3b245979c34c 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -19,17 +19,14 @@ [Defines]
PLATFORM_GUID = E1063286-6C8C-4c25-AEF0-67A9A5B6E6B6
PLATFORM_VERSION = 0.98
DSC_SPECIFICATION = 0x00010005
- OUTPUT_DIRECTORY = Build/CryptoPkg
SUPPORTED_ARCHITECTURES = IA32|X64|ARM|AARCH64|RISCV64|LOONGARCH64
BUILD_TARGETS = DEBUG|RELEASE|NOOPT
SKUID_IDENTIFIER = DEFAULT
#
# Flavor of PEI, DXE, SMM modules to build.
- # Must be one of ALL, NONE, MIN_PEI, MIN_DXE_MIN_SMM.
+ # Must be one of ALL, NONE, MIN_PEI, MIN_DXE_MIN_SMM, TARGET_UINT_TESTS.
# Default is ALL that is used for package build verification.
- # PACKAGE - Package verification build of all components. Null
- # versions of libraries are used to minimize build times.
# ALL - Build PEIM, DXE, and SMM drivers. Protocols and PPIs
# publish all services.
# NONE - Build PEIM, DXE, and SMM drivers. Protocols and PPIs
@@ -39,14 +36,56 @@ [Defines]
# services.
# MIN_DXE_MIN_SMM - Build DXE and SMM drivers with Protocols that publish
# minimum required services.
+ # TARGET_UNIT_TESTS - Build target-based unit tests
#
- DEFINE CRYPTO_SERVICES = PACKAGE
-!if $(CRYPTO_SERVICES) IN "PACKAGE ALL NONE MIN_PEI MIN_DXE_MIN_SMM"
+ DEFINE CRYPTO_SERVICES = ALL
+!if $(CRYPTO_SERVICES) IN "ALL NONE MIN_PEI MIN_DXE_MIN_SMM TARGET_UNIT_TESTS"
!else
- !error CRYPTO_SERVICES must be set to one of PACKAGE ALL NONE MIN_PEI MIN_DXE_MIN_SMM.
+ !error CRYPTO_SERVICES must be set to one of ALL NONE MIN_PEI MIN_DXE_MIN_SMM TARGET_UNIT_TESTS.
!endif
+#
+# Define different OUTPUT_DIRECTORY for each CRYPTO_SERVICES profile
+#
+!if $(CRYPTO_SERVICES) == ALL
+ OUTPUT_DIRECTORY = Build/CryptoPkg/All
+!endif
+!if $(CRYPTO_SERVICES) == NONE
+ OUTPUT_DIRECTORY = Build/CryptoPkg/None
+!endif
+!if $(CRYPTO_SERVICES) == MIN_PEI
+ OUTPUT_DIRECTORY = Build/CryptoPkg/MinPei
+!endif
+!if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
+ OUTPUT_DIRECTORY = Build/CryptoPkg/MinDxeMinSmm
+!endif
+!if $(CRYPTO_SERVICES) == TARGET_UNIT_TESTS
+ OUTPUT_DIRECTORY = Build/CryptoPkg/TagetUnitTests
+!endif
+
+#
+# Define FILE_GUID names/values for CryptoPei, CryptopDxe, and CryptoSmm
+# drivers that are linked with different OpensslLib instances
+#
+ DEFINE PEI_CRYPTO_GUID = C693A250-6B36-49B9-B7F3-7283F8136A72
+ DEFINE PEI_STD_GUID = EBD49F5C-6D8B-40D1-A56D-9AFA485A8661
+ DEFINE PEI_FULL_GUID = D51FCE59-6860-49C0-9B35-984470735D17
+ DEFINE PEI_STD_ACCEL_GUID = DCC9CB49-7BE2-47C6-864E-6DCC932360F9
+ DEFINE PEI_FULL_ACCEL_GUID = A10827AD-7598-4955-B661-52EE2B62B057
+ DEFINE DXE_CRYPTO_GUID = 31C17C54-325D-47D5-8622-888098F10E44
+ DEFINE DXE_STD_GUID = ADD6D05A-52A2-437B-98E7-DBFDA89352CD
+ DEFINE DXE_FULL_GUID = AA83B296-F6EA-447F-B013-E80E98629CF8
+ DEFINE DXE_STD_ACCEL_GUID = 9FBDAD27-910C-4229-9EFF-A93BB5FE18C6
+ DEFINE DXE_FULL_ACCEL_GUID = 41A491D1-A972-468B-A299-DABF415A43B7
+ DEFINE SMM_CRYPTO_GUID = 1A1C9E13-5722-4636-AB73-31328EDE8BAF
+ DEFINE SMM_STD_GUID = E4D7D1E3-E886-4412-A442-EFD6F2502DD3
+ DEFINE SMM_FULL_GUID = 1930CE7E-6598-48ED-8AB1-EBE7E85EC254
+ DEFINE SMM_STD_ACCEL_GUID = 828959D3-CEA6-4B79-B1FC-5AFA0D7F2144
+ DEFINE SMM_FULL_ACCEL_GUID = C1760694-AB3A-4532-8C6D-52D8F86EB1AA
+
+!if $(CRYPTO_SERVICES) == TARGET_UNIT_TESTS
!include UnitTestFrameworkPkg/UnitTestFrameworkPkgTarget.dsc.inc
+!endif
################################################################################
#
@@ -59,17 +98,24 @@ [Defines]
[LibraryClasses]
BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
- PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
- DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
- UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
- UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
- BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
- TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
- HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
- RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf
+ DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
+ SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
+ TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
+ RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf
+ PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
+ DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf
+ DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
+ OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+
+[LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
+ RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
[LibraryClasses.ARM, LibraryClasses.AARCH64]
+ ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
#
# It is not possible to prevent the ARM compiler for generic intrinsic functions.
# This library provides the instrinsic functions generate by a given compiler.
@@ -81,41 +127,19 @@ [LibraryClasses.ARM, LibraryClasses.AARCH64]
# Add support for stack protector
NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
-[LibraryClasses.common.PEIM]
- PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
- MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf
- PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf
- PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
- HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
-
-[LibraryClasses.common.DXE_SMM_DRIVER]
- SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf
- MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf
- MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf
-
-!if $(CRYPTO_SERVICES) IN "ALL NONE MIN_PEI MIN_DXE_MIN_SMM"
-[LibraryClasses]
- MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
- DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf
- DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
- OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
- PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
- DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
- PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
- TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
- UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf #???
- IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf #???
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
- SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
-
[LibraryClasses.ARM]
ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
[LibraryClasses.common.SEC]
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
[LibraryClasses.common.PEIM]
+ PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
+ PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf
+ PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
+ MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf
+ HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -124,19 +148,34 @@ [LibraryClasses.common.PEIM]
[LibraryClasses.IA32.PEIM, LibraryClasses.X64.PEIM]
PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf
-[LibraryClasses.ARM.PEIM, LibraryClasses.AARCH64.PEIM]
- PeiServicesTablePointerLib|ArmPkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf
-
[LibraryClasses.common.DXE_DRIVER]
+ UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
+ UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
+ UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf
+ MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
[LibraryClasses.common.DXE_SMM_DRIVER]
+ UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
+ UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
+ SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf
+ MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf
+ MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf
ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/SmmReportStatusCodeLib.inf
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
-!endif
+
+[LibraryClasses.common.UEFI_APPLICATION]
+ UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf
+ UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
+ UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf
+ MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
+ ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
+ PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
################################################################################
#
@@ -148,7 +187,12 @@ [PcdsFixedAtBuild]
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000000
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
-!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
+#
+# For ALL and TARGET_UINT_TESTS profiles, enable all non-deprecated families
+# and services in PcdCryptoServiceFamilyEnable.
+#
+!if $(CRYPTO_SERVICES) IN "ALL TARGET_UINT_TESTS"
+[PcdsFixedAtBuild]
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
@@ -177,7 +221,12 @@ [PcdsFixedAtBuild]
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Ec.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
!endif
+#
+# Enable minimum set of families/services in PcdCryptoServiceFamilyEnable
+# required by typical PEI phase.
+#
!if $(CRYPTO_SERVICES) == MIN_PEI
+[PcdsFixedAtBuild]
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
@@ -192,7 +241,12 @@ [PcdsFixedAtBuild]
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
!endif
+#
+# Enable minimum set of families/services in PcdCryptoServiceFamilyEnable
+# required by typical DXE and SMM phases.
+#
!if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
+[PcdsFixedAtBuild]
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt | TRUE
@@ -244,12 +298,61 @@ [PcdsFixedAtBuild]
# generated for it, but the binary will not be put into any firmware volume.
#
###################################################################################################
-[Components]
- CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
- CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf
-!if $(CRYPTO_SERVICES) == PACKAGE
+#
+# If profile is TARGET_UNIT_TESTS, then build target-based unit tests
+# using the OpensslLib, BaseCryptLib, and TlsLib with the largest set of
+# available services.
+#
+!if $(CRYPTO_SERVICES) == TARGET_UNIT_TESTS
+[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
+ #
+ # Target based unit tests
+ #
+ CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf {
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ <BuildOptions>
+ MSFT:*_*_*_DLINK_FLAGS = /ALIGN:4096 /FILEALIGN:4096 /SUBSYSTEM:CONSOLE
+ MSFT:DEBUG_*_*_DLINK_FLAGS = /EXPORT:InitializeDriver=$(IMAGE_ENTRY_POINT) /BASE:0x10000
+ MSFT:DEBUG_*_*_DLINK_FLAGS = /EXPORT:InitializeDriver=$(IMAGE_ENTRY_POINT) /BASE:0x10000
+ MSFT:NOOPT_*_*_DLINK_FLAGS = /EXPORT:InitializeDriver=$(IMAGE_ENTRY_POINT) /BASE:0x10000
+ }
+
+[Components.IA32, Components.X64]
+ CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf {
+ <Defines>
+ FILE_GUID = B91B9A95-4D52-4501-A98F-A1711C14ED93
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ <BuildOptions>
+ MSFT:*_*_*_DLINK_FLAGS = /ALIGN:4096 /FILEALIGN:4096 /SUBSYSTEM:CONSOLE
+ MSFT:DEBUG_*_*_DLINK_FLAGS = /EXPORT:InitializeDriver=$(IMAGE_ENTRY_POINT) /BASE:0x10000
+ MSFT:DEBUG_*_*_DLINK_FLAGS = /EXPORT:InitializeDriver=$(IMAGE_ENTRY_POINT) /BASE:0x10000
+ MSFT:NOOPT_*_*_DLINK_FLAGS = /EXPORT:InitializeDriver=$(IMAGE_ENTRY_POINT) /BASE:0x10000
+ }
+
+[Components.RISCV64]
+ CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf {
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ }
+!endif
+
+#
+# If profile is ALL, then do verification build of all library instances.
+#
+!if $(CRYPTO_SERVICES) == ALL
[Components]
+ #
+ # Build verification of all library instances
+ #
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -259,59 +362,218 @@ [Components]
CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
CryptoPkg/Library/TlsLib/TlsLib.inf
CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
- CryptoPkg/Library/OpensslLib/OpensslLib.inf
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
-
CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+ #
+ # Build verification of target-based unit tests
+ #
+ CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf {
+ <LibraryClasses>
+ UnitTestLib|UnitTestFrameworkPkg/Library/UnitTestLib/UnitTestLib.inf
+ UnitTestPersistenceLib|UnitTestFrameworkPkg/Library/UnitTestPersistenceLibNull/UnitTestPersistenceLibNull.inf
+ UnitTestResultReportLib|UnitTestFrameworkPkg/Library/UnitTestResultReportLib/UnitTestResultReportLibConOut.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ }
+
+[Components.IA32, Components.X64]
+ #
+ # Build verification of IA32/X64 specific libraries
+ #
+ CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+ CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
!endif
-!if $(CRYPTO_SERVICES) IN "PACKAGE ALL NONE MIN_PEI"
+#
+# If profile is ALL or NONE or MIN_PEI, then build CryptoPei with all supported
+# OpensslLib instances.
+#
+!if $(CRYPTO_SERVICES) in "ALL NONE MIN_PEI"
+[Components]
+ #
+ # CryptoPei with OpensslLib instance without SSL or EC services
+ #
+ CryptoPkg/Driver/CryptoPei.inf {
+ <Defines>
+ FILE_GUID = $(PEI_CRYPTO_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ }
+ #
+ # CryptoPei with OpensslLib instance without EC services
+ #
+ CryptoPkg/Driver/CryptoPei.inf {
+ <Defines>
+ FILE_GUID = $(PEI_STD_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ }
[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
+ #
+ # CryptoPei with OpensslLib instance with all services
+ #
+ CryptoPkg/Driver/CryptoPei.inf {
+ <Defines>
+ FILE_GUID = $(PEI_FULL_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+ }
+
+[Components.IA32, Components.X64]
+ #
+ # CryptoPei with IA32/X64 performance optimized OpensslLib instance without EC services
+ # IA32/X64 assembly optimizations required larger alignments
+ #
CryptoPkg/Driver/CryptoPei.inf {
<Defines>
- !if $(CRYPTO_SERVICES) == ALL
- FILE_GUID = 8DF53C2E-3380-495F-A8B7-370CFE28E1C6
- !elseif $(CRYPTO_SERVICES) == NONE
- FILE_GUID = E5A97EE3-71CC-407F-9DA9-6BE0C8A6C7DF
- !elseif $(CRYPTO_SERVICES) == MIN_PEI
- FILE_GUID = 0F5827A9-35FD-4F41-8D38-9BAFCE594D31
- !endif
+ FILE_GUID = $(PEI_STD_ACCEL_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+ <BuildOptions>
+ MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64
+ MSFT:*_*_X64_DLINK_FLAGS = /ALIGN:256
+ }
+
+ #
+ # CryptoPei with IA32/X64 performance optimized OpensslLib instance all services
+ # IA32/X64 assembly optimizations required larger alignments
+ #
+ CryptoPkg/Driver/CryptoPei.inf {
+ <Defines>
+ FILE_GUID = $(PEI_FULL_ACCEL_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+ <BuildOptions>
+ MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64
+ MSFT:*_*_X64_DLINK_FLAGS = /ALIGN:256
}
!endif
-!if $(CRYPTO_SERVICES) IN "PACKAGE ALL NONE MIN_DXE_MIN_SMM"
-[Components.IA32, Components.X64, Components.AARCH64]
+#
+# If profile is ALL or NONE or MIN_DXE_MIN_SMM, then build CryptoDxe and
+# CryptoSmm using all supported OpensslLib instances.
+#
+!if $(CRYPTO_SERVICES) in "ALL NONE MIN_DXE_MIN_SMM"
+[Components]
+ #
+ # CryptoDxe with OpensslLib instance with no SSL or EC services
+ #
CryptoPkg/Driver/CryptoDxe.inf {
<Defines>
- !if $(CRYPTO_SERVICES) == ALL
- FILE_GUID = D9444B06-060D-42C5-9344-F04707BE0169
- !elseif $(CRYPTO_SERVICES) == NONE
- FILE_GUID = C7A340F4-A6CC-4F95-A2DA-42BEA4C3944A
- !elseif $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
- FILE_GUID = DDF5BE9E-159A-4B77-B6D7-82B84B5763A2
- !endif
+ FILE_GUID = $(DXE_CRYPTO_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ }
+ #
+ # CryptoDxe with OpensslLib instance with no EC services
+ #
+ CryptoPkg/Driver/CryptoDxe.inf {
+ <Defines>
+ FILE_GUID = $(DXE_STD_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ }
+[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
+ #
+ # CryptoDxe with OpensslLib instance with all services
+ #
+ CryptoPkg/Driver/CryptoDxe.inf {
+ <Defines>
+ FILE_GUID = $(DXE_FULL_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
}
[Components.IA32, Components.X64]
+ #
+ # CryptoDxe with IA32/X64 performance optimized OpensslLib instance with no EC services
+ # with TLS feature enabled.
+ # IA32/X64 assembly optimizations required larger alignments
+ #
+ CryptoPkg/Driver/CryptoDxe.inf {
+ <Defines>
+ FILE_GUID = $(DXE_STD_ACCEL_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+ <BuildOptions>
+ MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64
+ MSFT:*_*_X64_DLINK_FLAGS = /ALIGN:256
+ }
+ #
+ # CryptoDxe with IA32/X64 performance optimized OpensslLib instance with all services.
+ # IA32/X64 assembly optimizations required larger alignments
+ #
+ CryptoPkg/Driver/CryptoDxe.inf {
+ <Defines>
+ FILE_GUID = $(DXE_FULL_ACCEL_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+ <BuildOptions>
+ MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64
+ MSFT:*_*_X64_DLINK_FLAGS = /ALIGN:256
+ }
+ #
+ # CryptoSmm with OpensslLib instance with no SSL or EC services
+ #
+ CryptoPkg/Driver/CryptoSmm.inf {
+ <Defines>
+ FILE_GUID = $(SMM_CRYPTO_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ }
+ #
+ # CryptoSmm with OpensslLib instance with no SSL services
+ #
+ CryptoPkg/Driver/CryptoSmm.inf {
+ <Defines>
+ FILE_GUID = $(SMM_STD_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ }
+ #
+ # CryptoSmm with OpensslLib instance with no all services
+ #
+ CryptoPkg/Driver/CryptoSmm.inf {
+ <Defines>
+ FILE_GUID = $(SMM_FULL_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+ }
+ #
+ # CryptoSmm with IA32/X64 performance optimized OpensslLib instance with no EC services
+ # IA32/X64 assembly optimizations required larger alignments
+ #
+ CryptoPkg/Driver/CryptoSmm.inf {
+ <Defines>
+ FILE_GUID = $(SMM_STD_ACCEL_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+ <BuildOptions>
+ MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64
+ MSFT:*_*_X64_DLINK_FLAGS = /ALIGN:256
+ }
+ #
+ # CryptoSmm with IA32/X64 performance optimized OpensslLib instance with all services
+ # IA32/X64 assembly optimizations required larger alignments
+ #
CryptoPkg/Driver/CryptoSmm.inf {
<Defines>
- !if $(CRYPTO_SERVICES) == ALL
- FILE_GUID = A3542CE8-77F7-49DC-A834-45D37D2EC1FA
- !elseif $(CRYPTO_SERVICES) == NONE
- FILE_GUID = 6DCB3127-01E7-4131-A487-DC77A965A541
- !elseif $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
- FILE_GUID = 85F7EA15-3A2B-474A-8875-180542CD6BF3
- !endif
+ FILE_GUID = $(SMM_FULL_ACCEL_GUID)
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+ <BuildOptions>
+ MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64
+ MSFT:*_*_X64_DLINK_FLAGS = /ALIGN:256
}
!endif
[BuildOptions]
+ RELEASE_*_*_CC_FLAGS = -DMDEPKG_NDEBUG
*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
-!if $(CRYPTO_SERVICES) IN "PACKAGE ALL"
- MSFT:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
- INTEL:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
- GCC:*_*_*_CC_FLAGS = -D ENABLE_MD5_DEPRECATED_INTERFACES
-!endif
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 21+ messages in thread* [Patch v2 11/16] CryptoPkg: Fixed host-based unit tests
2022-10-20 18:34 [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (9 preceding siblings ...)
2022-10-20 18:35 ` [Patch v2 10/16] CryptoPkg: Update DSC to improve CI test coverage Michael D Kinney
@ 2022-10-20 18:35 ` Michael D Kinney
2022-10-20 18:35 ` [Patch v2 12/16] CryptoPkg: Add Readme.md Michael D Kinney
` (6 subsequent siblings)
17 siblings, 0 replies; 21+ messages in thread
From: Michael D Kinney @ 2022-10-20 18:35 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
* Build host-based tests using OpensslLib instance with all services
enabled.
* Build host-based tests using performance optimized OpensslLib instance
with all services enabled.
* Remove unused PCD gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
* Remove redundant and unnecessary [BuildOptions]
* Limit host-based unit tests to only IA32/X64
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
.../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 22 ++------
CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 17 ++----
.../TestBaseCryptLibHostAccel.inf | 56 +++++++++++++++++++
3 files changed, 68 insertions(+), 27 deletions(-)
create mode 100644 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.inf
diff --git a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
index 168e24e4c041..80261794470f 100644
--- a/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
@@ -18,7 +18,7 @@ [Defines]
#
# The following information is for reference only and not required by the build tools.
#
-# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
+# VALID_ARCHITECTURES = IA32 X64
#
[Sources]
@@ -28,6 +28,7 @@ [Sources]
Hash/CryptSha256.c
Hash/CryptSha512.c
Hash/CryptSm3.c
+ Hash/CryptParallelHashNull.c
Hmac/CryptHmac.c
Kdf/CryptHkdf.c
Cipher/CryptAes.c
@@ -48,8 +49,7 @@ [Sources]
Pk/CryptRsaPss.c
Pk/CryptRsaPssSign.c
Bn/CryptBn.c
- Pk/CryptEcNull.c |*|*|*|!gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
- Pk/CryptEc.c |*|*|*|gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ Pk/CryptEc.c
SysCall/UnitTestHostCrtWrapper.c
@@ -59,12 +59,6 @@ [Sources.Ia32]
[Sources.X64]
Rand/CryptRandTsc.c
-[Sources.ARM]
- Rand/CryptRand.c
-
-[Sources.AARCH64]
- Rand/CryptRand.c
-
[Packages]
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec
@@ -75,9 +69,7 @@ [LibraryClasses]
MemoryAllocationLib
DebugLib
OpensslLib
-
-[FixedPcd]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled
+ PrintLib
#
# Remove these [BuildOptions] after this library is cleaned up
@@ -85,11 +77,9 @@ [FixedPcd]
[BuildOptions]
#
# suppress the following warnings so we do not break the build with warnings-as-errors:
- # C4090: 'function' : different 'const' qualifiers
- # C4018: '>': signed/unsigned mismatch
- MSFT:*_*_*_CC_FLAGS = /wd4090 /wd4018
-
+ #
GCC:*_CLANG35_*_CC_FLAGS = -std=c99
GCC:*_CLANG38_*_CC_FLAGS = -std=c99
+ GCC:*_CLANGPDB_*_CC_FLAGS = -std=c99 -Wno-error=incompatible-pointer-types
XCODE:*_*_*_CC_FLAGS = -std=c99
diff --git a/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc b/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc
index b6e1a6619844..369a1cb69939 100644
--- a/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc
+++ b/CryptoPkg/Test/CryptoPkgHostUnitTest.dsc
@@ -19,19 +19,13 @@ [Defines]
!include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc
-[PcdsFixedAtBuild]
- gEfiCryptoPkgTokenSpaceGuid.PcdOpensslEcEnabled|TRUE
-
[LibraryClasses]
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/UnitTestHostBaseCryptLib.inf
MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf
SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
-[LibraryClasses.AARCH64, LibraryClasses.ARM]
- RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf
-
[LibraryClasses.X64, LibraryClasses.IA32]
RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
@@ -40,9 +34,10 @@ [Components]
# Build HOST_APPLICATION that tests the SampleUnitTest
#
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf
+ CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.inf {
+ <LibraryClasses>
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+ }
[BuildOptions]
- *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
- MSFT:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
- INTEL:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES
- GCC:*_*_*_CC_FLAGS = -D ENABLE_MD5_DEPRECATED_INTERFACES
+ *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.inf b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.inf
new file mode 100644
index 000000000000..9d0fcfd3577c
--- /dev/null
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.inf
@@ -0,0 +1,56 @@
+## @file
+# Host-based UnitTest for BaseCryptLib
+#
+# Copyright (c) Microsoft Corporation.<BR>
+# Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = BaseCryptLibUnitTestHostAccel
+ FILE_GUID = B1AED64E-B53A-4D69-B0BA-60EEDAC47A6B
+ MODULE_TYPE = HOST_APPLICATION
+ VERSION_STRING = 1.0
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ UnitTestMain.c
+ BaseCryptLibUnitTests.c
+ TestBaseCryptLib.h
+ HashTests.c
+ HmacTests.c
+ BlockCipherTests.c
+ RsaTests.c
+ RsaPkcs7Tests.c
+ Pkcs5Pbkdf2Tests.c
+ AuthenticodeTests.c
+ TSTests.c
+ DhTests.c
+ RandTests.c
+ Pkcs7EkuTests.c
+ OaepEncryptTests.c
+ RsaPssTests.c
+ ParallelhashTests.c
+ HkdfTests.c
+ AeadAesGcmTests.c
+ BnTests.c
+ EcTests.c
+ X509Tests.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ DebugLib
+ BaseCryptLib
+ UnitTestLib
+ MmServicesTableLib
+ SynchronizationLib
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 21+ messages in thread* [Patch v2 12/16] CryptoPkg: Add Readme.md
2022-10-20 18:34 [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (10 preceding siblings ...)
2022-10-20 18:35 ` [Patch v2 11/16] CryptoPkg: Fixed host-based unit tests Michael D Kinney
@ 2022-10-20 18:35 ` Michael D Kinney
2022-10-20 18:35 ` [Patch v2 13/16] Revert "CryptoPkg: Update process_files.pl to auto add PCD config option" Michael D Kinney
` (5 subsequent siblings)
17 siblings, 0 replies; 21+ messages in thread
From: Michael D Kinney @ 2022-10-20 18:35 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
Add Readme.md that provides an overview of the CryptoPkg
and how to configure the use of cryptographic services in
a platform.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
CryptoPkg/Readme.md | 498 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 498 insertions(+)
create mode 100644 CryptoPkg/Readme.md
diff --git a/CryptoPkg/Readme.md b/CryptoPkg/Readme.md
new file mode 100644
index 000000000000..946aa1e99e7d
--- /dev/null
+++ b/CryptoPkg/Readme.md
@@ -0,0 +1,498 @@
+# Crypto Package
+
+This package provides cryptographic services that are used to implement firmware
+features such as UEFI Secure Boot, Measured Boot, firmware image authentication,
+and network boot. The cryptographic service implementation in this package uses
+services from the [OpenSSL](https://www.openssl.org/) project.
+
+EDK II firmware modules/libraries that requires the use of cryptographic
+services can either statically link all the required services, or the EDK II
+firmware module/library can use a dynamic Protocol/PPI service to call
+cryptographic services. The dynamic Protocol/PPI services are only available to
+PEIMs, DXE Drivers, UEFI Drivers, and SMM Drivers, and only if the cryptographic
+modules are included in the platform firmware image.
+
+There may be firmware image size differences between the static and dynamic
+options. Some experimentation may be required to find the solution that
+provides the smallest overall firmware overhead.
+
+# Public Library Classes
+
+* **BaseCryptLib** - Provides library functions for cryptographic primitives.
+* **TlsLib** - Provides TLS library functions for EFI TLS protocol.
+* **HashApiLib** - Provides Unified API for different hash implementations.
+
+# Private Library Classes
+
+* **OpensslLib** - Provides library functions from the openssl project.
+* **IntrinsicLib** - Provides C runtime library (CRT) required by openssl.
+
+# Private Protocols and PPIs
+
+* **EDK II Crypto PPI** - PPI that provides all the services from
+ the BaseCryptLib and TlsLib library classes.
+* **EDK II Crypto Protocol** - Protocol that provides all the services from
+ the BaseCryptLib and TlsLib library classes.
+* **EDK II SMM Crypto Protocol** - SMM Protocol that provides all the services
+ from the BaseCryptLib and TlsLib library
+ classes.
+
+## Statically Linking Cryptographic Services
+
+The figure below shows an example of a firmware modules that requires the use of
+cryptographic services. The cryptographic services are provided by three library
+classes called BaseCryptLib, TlsLib, and HashApiLib. These library classes are
+implemented using APIs from the OpenSSL project that are abstracted by the
+private library class called OpensslLib. The OpenSSL project implementation
+depends on C runtime library services. The EDK II project does not provide a
+full C runtime library for firmware components. Instead, the CryptoPkg includes
+the smallest subset of services required to build the OpenSSL project in the
+private library class called IntrinsicLib.
+
+The CryptoPkg provides several instances if the BaseCryptLib and OpensslLib with
+different cryptographic service features and performance optimizations. The
+platform developer must select the correct instances based on cryptographic
+service requirements in each UEFI/PI firmware phase (SEC, PEI, DXE, UEFI,
+UEFI RT, and SMM), firmware image size requirements, and firmware boot
+performance requirements.
+
+```
++================================+
+| EDK II Firmware Module/Library |
++================================+
+ ^ ^ ^
+ | | |
+ | | v
+ | | +============+
+ | | | HashApiLib |
+ | | +============+
+ | | ^
+ | | |
+ v v v
++========+ +====================+
+| TlsLib | | BaseCryptLib |
++========+ +====================+
+ ^ ^
+ | |
+ v v
++================================+
+| OpensslLib (Private) |
++================================+
+ ^
+ |
+ v
++================================+
+| IntrinsicLib (Private) |
++================================+
+```
+
+## Dynamically Linking Cryptographic Services
+
+The figure below shows the entire stack when dynamic linking is used with
+cryptographic services produced by the CryptoPei, CryptoDxe, or CryptoSmm module
+through a PPI/Protocol. This solution requires the CryptoPei, CryptoDxe, and
+CryptoSmm modules to be configured with the set of cryptographic services
+required by all the PEIMs, DXE Drivers, UEFI Drivers, and SMM Drivers. Dynamic
+linking is not available for SEC or UEFI RT modules.
+
+The EDK II modules/libraries that require cryptographic services use the same
+BaseCryptLib/TlsLib/HashApiLib APIs. This means no source changes are required
+to use static linking or dynamic linking. It is a platform configuration options
+to select static linking or dynamic linking. This choice can be make globally,
+per firmware module type, or individual modules.
+
+```
++===================+ +===================+ +===================+
+| EDK II PEI | | EDK II DXE/UEFI | | EDK II SMM |
+| Module/Library | | Module/Library | | Module/Library |
++===================+ +===================+ +===================+
+ ^ ^ ^ ^ ^ ^ ^ ^ ^
+ | | | | | | | | |
+ | | v | | v | | v
+ | | +==========+ | | +==========+ | | +==========+
+ | | |HashApiLib| | | |HashApiLib| | | |HashApiLib|
+ | | +==========+ | | +==========+ | | +==========+
+ | | ^ | | ^ | | ^
+ | | | | | | | | |
+ v v v v v v v v v
++===================+ +===================+ +===================+
+|TlsLib|BaseCryptLib| |TlsLib|BaseCryptLib| |TlsLib|BaseCryptLib|
++-------------------+ +-------------------+ +-------------------+
+| BaseCryptLib | | BaseCryptLib | | BaseCryptLib |
+| OnPpiProtocol/ | | OnPpiProtocol/ | | OnPpiProtocol/ |
+| PeiCryptLib.inf | | DxeCryptLib.inf | | SmmCryptLib.inf |
++===================+ +===================+ +===================+
+ ^ ^ ^
+ ||| (Dynamic) ||| (Dynamic) ||| (Dynamic)
+ v v v
++===================+ +===================+ +=====================+
+| Crypto PPI | | Crypto Protocol | | Crypto SMM Protocol |
++-------------------| |-------------------| |---------------------|
+| CryptoPei | | CryptoDxe | | CryptoSmm |
++===================+ +===================+ +=====================+
+ ^ ^ ^ ^ ^ ^
+ | | | | | |
+ v | v | v |
++========+ | +========+ | +========+ |
+| TlsLib | | | TlsLib | | | TlsLib | |
++========+ v +========+ v +========+ v
+ ^ +==============+ ^ +==============+ ^ +==============+
+ | | BaseCryptLib | | | BaseCryptLib | | | BaseCryptLib |
+ | +==============+ | +==============+ | +==============+
+ | ^ | ^ | ^
+ | | | | | |
+ v v v v v v
++===================+ +===================+ +===================+
+| OpensslLib | | OpensslLib | | OpensslLib |
++===================+ +===================+ +===================+
+ ^ ^ ^
+ | | |
+ v v v
++===================+ +===================+ +===================+
+| IntrinsicLib | | IntrinsicLib | | IntrinsicLib |
++===================+ +===================+ +===================+
+```
+
+## Supported Cryptographic Families and Services
+
+The table below provides a summary of the supported cryptographic services. It
+indicates if the family or service is deprecated or recommended to not be used.
+It also shows which *CryptLib library instances support the family or service.
+If a cell is blank then the service or family is always disabled and the
+`PcdCryptoServiceFamilyEnable` settings for that family or service is ignored.
+If the cell is not blank, then the service or family is configurable using
+`PcdCryptoServiceFamilyEnable` as long as the correct OpensslLib or TlsLib is
+also configured.
+
+|Key | Description |
+|---------|--------------------------------------------------------------------------------|
+| <blank> | Family or service is always disabled. |
+| C | Configurable using PcdCryptoServiceFamilyEnable. |
+| C-Tls | Configurable using PcdCryptoServiceFamilyEnable. Requires TlsLib.inf. |
+| C-Full | Configurable using PcdCryptoServiceFamilyEnable. Requires OpensslLibFull*.inf. |
+
+|Family/Service | Deprecated | Don't Use | SecCryptLib | PeiCryptLib | BaseCryptLib | SmmCryptLib | RuntimeCryptLib |
+|:--------------------------------|:----------:|:---------:|:-----------:|:-----------:|:------------:|:-----------:|:---------------:|
+| HmacMd5 | Y | Y | | | | | |
+| HmacSha1 | Y | Y | | | | | |
+| HmacSha256 | N | N | | C | C | C | C |
+| HmacSha384 | N | N | | C | C | C | C |
+| Md4 | Y | Y | | | | | |
+| Md5 | Y | Y | | C | C | C | C |
+| Pkcs.Pkcs1v2Encrypt | N | N | | | C | C | |
+| Pkcs.Pkcs5HashPassword | N | N | | | C | C | |
+| Pkcs.Pkcs7Verify | N | N | | C | C | C | C |
+| Pkcs.VerifyEKUsInPkcs7Signature | N | N | | C | C | C | |
+| Pkcs.Pkcs7GetSigners | N | N | | C | C | C | C |
+| Pkcs.Pkcs7FreeSigners | N | N | | C | C | C | C |
+| Pkcs.Pkcs7Sign | N | N | | | C | | |
+| Pkcs.Pkcs7GetAttachedContent | N | N | | C | C | C | |
+| Pkcs.Pkcs7GetCertificatesList | N | N | | C | C | C | C |
+| Pkcs.AuthenticodeVerify | N | N | | | C | | |
+| Pkcs.ImageTimestampVerify | N | N | | | C | | |
+| Dh | N | N | | | C | | |
+| Random | N | N | | | C | C | C |
+| Rsa.VerifyPkcs1 | Y | Y | | | | | |
+| Rsa.New | N | N | | C | C | C | C |
+| Rsa.Free | N | N | | C | C | C | C |
+| Rsa.SetKey | N | N | | C | C | C | C |
+| Rsa.GetKey | N | N | | | C | | |
+| Rsa.GenerateKey | N | N | | | C | | |
+| Rsa.CheckKey | N | N | | | C | | |
+| Rsa.Pkcs1Sign | N | N | | | C | | |
+| Rsa.Pkcs1Verify | N | N | | C | C | C | C |
+| Sha1 | N | Y | | C | C | C | C |
+| Sha256 | N | N | | C | C | C | C |
+| Sha384 | N | N | C | C | C | C | C |
+| Sha512 | N | N | C | C | C | C | C |
+| X509 | N | N | | | C | C | C |
+| Tdes | Y | Y | | | | | |
+| Aes.GetContextSize | N | N | | | C | C | C |
+| Aes.Init | N | N | | | C | C | C |
+| Aes.EcbEncrypt | Y | Y | | | | | |
+| Aes.EcbDecrypt | Y | Y | | | | | |
+| Aes.CbcEncrypt | N | N | | | C | C | C |
+| Aes.CbcDecrypt | N | N | | | C | C | C |
+| Arc4 | Y | Y | | | | | |
+| Sm3 | N | N | | C | C | C | C |
+| Hkdf | N | N | | C | C | | C |
+| Tls | N | N | | | C-Tls | | |
+| TlsSet | N | N | | | C-Tls | | |
+| TlsGet | N | N | | | C-Tls | | |
+| RsaPss.Sign | N | N | | | C | | |
+| RsaPss.Verify | N | N | | C | C | C | |
+| ParallelHash | N | N | | | | C | |
+| AeadAesGcm | N | N | | | C | | |
+| Bn | N | N | | | C | | |
+| Ec | N | N | | | C-Full | | |
+
+## Platform Configuration of Cryptographic Services
+
+Configuring the cryptographic services requires library mappings and PCD
+settings in a platform DSC file. This must be done for each of the firmware
+phases (SEC, PEI, DXE, UEFI, SMM, UEFI RT).
+
+The following table can be used to help select the best OpensslLib instance for
+each phase. The Size column only shows the estimated size increase for a
+compressed IA32/X64 modules that uses the cryptographic services with
+`OpensslLib.inf` as the baseline size. The actual size increase depends on the
+specific set of enabled cryptographic services. If ECC services are not
+required, then size can be reduced by using OpensslLib.inf instead of
+`OpensslLibFull.inf`. Performance optimization requires a size increase.
+
+| OpensslLib Instance | SSL | ECC | Perf Opt | CPU Arch | Size |
+|:------------------------|:---:|:---:|:--------:|:--------:|:-----:|
+| OpensslLibCrypto.inf | N | N | N | All | +0K |
+| OpensslLib.inf | Y | N | N | All | +0K |
+| OpensslLibAccel.inf | Y | N | Y | IA32/X64 | +20K |
+| OpensslLibFull.inf | Y | Y | N | All | +115K |
+| OpensslLibFullAccel.inf | Y | Y | Y | IA32/X64 | +135K |
+
+### SEC Phase Library Mappings
+
+The SEC Phase only supports static linking of cryptographic services. The
+following library mappings are recommended for the SEC Phase. It uses the SEC
+specific version of the BaseCryptLib and the null version of the TlsLib because
+TLS services are not typically used in SEC.
+
+```
+[LibraryClasses.common.SEC]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+```
+
+### PEI Phase Library Mappings
+
+The PEI Phase supports either static or dynamic linking of cryptographic
+services. The following library mappings are recommended for the PEI Phase. It
+uses the PEI specific version of the BaseCryptLib and the null version of the
+TlsLib because TLS services are not typically used in PEI.
+
+```
+[LibraryClasses.common.PEIM]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+```
+
+If dynamic linking is used, then all PEIMs except CryptoPei use the following
+library mappings. The CryptoPei module uses the static linking settings.
+
+```
+[LibraryClasses.common.PEIM]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf
+
+[Components]
+ CryptoPkg/Driver/CryptoPei.inf {
+ <LibraryClasses>
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ }
+```
+
+### DXE Phase, UEFI Driver, UEFI Application Library Mappings
+
+The DXE/UEFI Phase supports either static or dynamic linking of cryptographic
+services. The following library mappings are recommended for the DXE/UEFI Phase.
+It uses the DXE specific version of the BaseCryptLib and the full version of the
+OpensslLib and TlsLib. If ECC services are not required then a smaller
+OpensslLib instance can be used.
+
+```
+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+```
+
+If dynamic linking is used, then all DXE Drivers except CryptoDxe use the
+following library mappings. The CryptoDxe module uses the static linking
+settings.
+
+```
+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf
+
+[Components]
+ CryptoPkg/Driver/CryptoDxe.inf {
+ <LibraryClasses>
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ }
+```
+
+### SMM Phase Library Mappings
+
+The SMM Phase supports either static or dynamic linking of cryptographic
+services. The following library mappings are recommended for the SMM Phase. It
+uses the SMM specific version of the BaseCryptLib and the null version of the
+TlsLib.
+
+```
+[LibraryClasses.common.DXE_SMM_DRIVER]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+```
+
+If dynamic linking is used, then all SMM Drivers except CryptoSmm use the
+following library mappings. The CryptoDxe module uses the static linking
+settings.
+
+```
+[LibraryClasses.common.DXE_SMM_DRIVER]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
+
+[Components]
+ CryptoPkg/Driver/CryptoSmm.inf {
+ <LibraryClasses>
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ }
+```
+
+### UEFI Runtime Driver Library Mappings
+
+UEFI Runtime Drivers only supports static linking of cryptographic services.
+The following library mappings are recommended for UEFI Runtime Drivers. It uses
+the runtime specific version of the BaseCryptLib and the null version of the
+TlsLib because TLS services are not typically used in runtime.
+
+```
+[LibraryClasses.common.DXE_RUNTIME_DRIVER]
+ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+ TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+```
+
+### PCD Configuration Settings
+
+There are 2 PCD settings that are used to configure cryptographic services.
+`PcdHashApiLibPolicy` is used to configure the hash algorithm provided by the
+BaseHashApiLib library instance. `PcdCryptoServiceFamilyEnable` is used to
+configure the cryptographic services supported by the CryptoPei, CryptoDxe,
+and CryptoSmm modules.
+
+* `gEfiCryptoPkgTokenSpaceGuid.PcdHashApiLibPolicy` - This PCD indicates the
+ HASH algorithm to to use in the BaseHashApiLib to calculate hash of data. The
+ default hashing algorithm for BaseHashApiLib is set to HASH_ALG_SHA256.
+ | Setting | Algorithm |
+ |------------|------------------|
+ | 0x00000001 | HASH_ALG_SHA1 |
+ | 0x00000002 | HASH_ALG_SHA256 |
+ | 0x00000004 | HASH_ALG_SHA384 |
+ | 0x00000008 | HASH_ALG_SHA512 |
+ | 0x00000010 | HASH_ALG_SM3_256 |
+
+* `gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable` - Enable/Disable
+ the families and individual services produced by the EDK II Crypto
+ Protocols/PPIs. The default is all services disabled. This Structured PCD is
+ associated with `PCD_CRYPTO_SERVICE_FAMILY_ENABLE` structure that defined in
+ `Include/Pcd/PcdCryptoServiceFamilyEnable.h`.
+
+ There are three layers of priority that determine if a specific family or
+ individual cryptographic service is actually enabled in the CryptoPei,
+ CryptoDxe, and CryptoSmm modules.
+
+ 1) OpensslLib instance selection. When the CryptoPei, CryptoDxe, or CryptoSmm
+ drivers are built, they are statically linked to an OpensslLib library
+ instance. If the required cryptographic service is not enabled in the
+ OpensslLib instance linked, then the service is always disabled.
+ 2) BaseCryptLib instance selection.
+ * CryptoPei is always linked with the PeiCryptLib instance of the
+ BaseCryptLib library class. The table above have a column for the
+ PeiCryptLib. If the family or service is blank, then that family or
+ service is always disabled.
+ * CryptoDxe is always linked with the BaseCryptLib instance of the
+ BaseCryptLib library class. The table above have a column for the
+ BaseCryptLib. If the family or service is blank, then that family or
+ service is always disabled.
+ * CryptoSmm is always linked with the SmmCryptLib instance of the
+ BaseCryptLib library class. The table above have a column for the
+ SmmCryptLib. If the family or service is blank, then that family or
+ service is always disabled.
+ 3) If a family or service is enabled in the OpensslLib instance and it is
+ enabled in the BaseCryptLib instance, then it can be enabled/disabled
+ using `PcdCryptoServiceFamilyEnable`. This structured PCD is associated
+ with the `PCD_CRYPTO_SERVICE_FAMILY_ENABLE` data structure that contains
+ bit fields for each family of services. All of the families are disabled
+ by default. An entire family of services can be enabled by setting the
+ family field to the value `PCD_CRYPTO_SERVICE_ENABLE_FAMILY`. Individual
+ services can be enabled by setting a single service name to `TRUE`.
+ Settings listed later in the DSC file have priority over settings earlier
+ in the DSC file, so it is legal for an entire family to be enabled first
+ and then a few individual services disabled by setting the service name to
+ `FALSE`.
+
+#### Common PEI PcdCryptoServiceFamilyEnable Settings
+
+```
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha512.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sm3.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
+```
+
+#### Common DXE and SMM PcdCryptoServiceFamilyEnable Settings
+
+```
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.HmacSha384.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs1v2Encrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7Verify | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.VerifyEKUsInPkcs7Signature | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7GetSigners | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs7FreeSigners | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.AuthenticodeVerify | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Random.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Pkcs1Verify | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.New | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.GetPublicKeyFromX509 | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha1.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Sha256.Services.HashAll | FALSE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetSubjectName | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetCommonName | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetOrganizationName | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.X509.Services.GetTBSCert | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.GetContextSize | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Encrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.AeadAesGcm.Services.Decrypt | TRUE
+```
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 21+ messages in thread* [Patch v2 13/16] Revert "CryptoPkg: Update process_files.pl to auto add PCD config option"
2022-10-20 18:34 [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (11 preceding siblings ...)
2022-10-20 18:35 ` [Patch v2 12/16] CryptoPkg: Add Readme.md Michael D Kinney
@ 2022-10-20 18:35 ` Michael D Kinney
2022-10-20 18:35 ` [Patch v2 14/16] CryptoPkg/Library/OpensslLib: Update process_files.pl INF generation Michael D Kinney
` (4 subsequent siblings)
17 siblings, 0 replies; 21+ messages in thread
From: Michael D Kinney @ 2022-10-20 18:35 UTC (permalink / raw)
To: devel
Cc: Yi Li, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
From: Yi Li <yi1.li@intel.com>
This reverts commit 499b0d5fa57dafe47b260aaf0cea6c6b0286e656.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Yi Li <yi1.li@intel.com>
---
CryptoPkg/Library/OpensslLib/process_files.pl | 77 +------------------
1 file changed, 3 insertions(+), 74 deletions(-)
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
index 82e5176b3995..7e18c9f52d35 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -81,19 +81,6 @@ my $uefi_config;
my $extension;
my $arch;
my @inf;
-#
-# Use PCD to conditionally enable certain openssl features.
-# $conditional_feature contains pcd_name:fetures_names pairs
-# of conditional features.
-# @conditional_feature_dir contains relative_path:pcd_name pairs
-# of conditional features in openssl, MUST correspond to the content
-# in $conditional_feature.
-#
-# Configure list [openssl_configuration : new_define_list : new_file_list : pcd]
-# 1. no-ec : {NO_EC, NO_ECDH, NO_ECDSA, NO_TLS1_3, NO_SM2} : {/ec/, /sm2/} : PcdOpensslEcEnabled
-#
-my %conditional_feature = ("PcdOpensslEcEnabled"=>["EC", "ECDH", "ECDSA", "TLS1_3", "SM2"]);
-my %conditional_feature_dir = ("/ec/"=>"PcdOpensslEcEnabled", "/sm2/"=>"PcdOpensslEcEnabled");
BEGIN {
$inf_file = "OpensslLib.inf";
@@ -307,13 +294,7 @@ foreach my $product ((@{$unified_info{libraries}},
push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
next;
}
- push @cryptofilelist, ' $(OPENSSL_PATH)/' . $s;
- foreach (keys(%conditional_feature_dir)) {
- if ($s =~ $_) {
- push @cryptofilelist, ' |*|*|*|gEfiCryptoPkgTokenSpaceGuid.' . $conditional_feature_dir{$_};
- }
- }
- push @cryptofilelist, "\r\n";
+ push @cryptofilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
}
}
}
@@ -342,13 +323,7 @@ foreach (@headers){
push @sslfilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n";
next;
}
- push @cryptofilelist, ' $(OPENSSL_PATH)/' . $_;
- foreach my $conditional_key (keys(%conditional_feature_dir)) {
- if ($_ =~ $conditional_key) {
- push @cryptofilelist, ' |*|*|*|gEfiCryptoPkgTokenSpaceGuid.' . $conditional_feature_dir{$conditional_key};
- }
- }
- push @cryptofilelist, "\r\n";
+ push @cryptofilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n";
}
@@ -453,7 +428,7 @@ print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
system(
"perl -pe 's/\\n/\\r\\n/' " .
"< " . $OPENSSL_PATH . "/include/openssl/opensslconf.h " .
- "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf_generated.h"
+ "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf.h"
) == 0 ||
die "Cannot copy opensslconf.h!";
print "Done!";
@@ -465,52 +440,6 @@ system(
"> " . $OPENSSL_PATH . "/../../Include/crypto/dso_conf.h"
) == 0 ||
die "Cannot copy dso_conf.h!";
-print "Done!";
-
-#
-# Add conditional feature to opensslconf.h
-#
-my $conf_file = "../Include/openssl/opensslconf.h";
-my @conf_raw = ();
-my @conditional_define = ();
-print "\n--> Updating conditional feature in $conf_file ... ";
-
-foreach my $pcd_name (keys(%conditional_feature)) {
- push @conditional_define, "#if !FixedPcdGetBool ($pcd_name)\r\n";
- foreach (@{$conditional_feature{$pcd_name}}) {
- push @conditional_define, "# ifndef OPENSSL_NO_$_\r\n";
- push @conditional_define, "# define OPENSSL_NO_$_\r\n";
- push @conditional_define, "# endif\r\n";
- }
- push @conditional_define, "#endif\r\n";
-}
-
-open( FD, "<" . $conf_file ) ||
- die $conf_file;
-foreach (<FD>) {
- # Insert conditional define to the begin of opensslconf.h
- if ($_ =~ "Autogenerated conditional openssl feature list starts here") {
- push @conf_raw, $_, @conditional_define;
- $subbing = 1;
- next;
- }
- if ($_ =~ "Autogenerated conditional openssl feature list ends here") {
- push @conf_raw, $_;
- $subbing = 0;
- next;
- }
- push @conf_raw, $_
- unless ($subbing);
-}
-close(FD) ||
- die $conf_file;
-
-open( FD, ">" . $conf_file ) ||
- die $conf_file;
-print( FD @conf_raw ) ||
- die $conf_file;
-close(FD) ||
- die $conf_file;
print "Done!\n";
print "\nProcessing Files Done!\n";
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 21+ messages in thread* [Patch v2 14/16] CryptoPkg/Library/OpensslLib: Update process_files.pl INF generation
2022-10-20 18:34 [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (12 preceding siblings ...)
2022-10-20 18:35 ` [Patch v2 13/16] Revert "CryptoPkg: Update process_files.pl to auto add PCD config option" Michael D Kinney
@ 2022-10-20 18:35 ` Michael D Kinney
2022-10-20 18:35 ` [Patch v2 15/16] CryptoPkg/Library/OpensslLib: Add generated flag to Accel INF Michael D Kinney
` (3 subsequent siblings)
17 siblings, 0 replies; 21+ messages in thread
From: Michael D Kinney @ 2022-10-20 18:35 UTC (permalink / raw)
To: devel
Cc: Yi Li, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
From: Yi Li <yi1.li@intel.com>
Update process_files.pl to generate all OpensslLib INF files.
* OpensslLib.inf
* OpensslLibAccel.inf
* OpensslLibCrypto.inf
* OpensslLibFull.inf
* OpensslLibFullAccel.inf
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Yi Li <yi1.li@intel.com>
---
CryptoPkg/Library/OpensslLib/process_files.pl | 93 +++++++++++++++++--
1 file changed, 87 insertions(+), 6 deletions(-)
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
index 7e18c9f52d35..fba97e7c39a7 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -15,6 +15,15 @@
# ./process_files.pl
# ./process_files.pl X64
# ./process_files.pl [Arch]
+#
+# Follow the command below to update the INF file:
+# 1. OpensslLib.inf ,OpensslLibCrypto.inf and OpensslLibFull.inf
+# ./process_files.pl
+# 2. OpensslLibAccel.inf and OpensslLibFullAccel.inf
+# ./process_files.pl X64
+# ./process_files.pl X64Gcc
+# ./process_files.pl IA32
+# ./process_files.pl IA32Gcc
use strict;
use Cwd;
@@ -79,6 +88,7 @@ my $inf_file;
my $OPENSSL_PATH;
my $uefi_config;
my $extension;
+my $compile;
my $arch;
my @inf;
@@ -90,31 +100,32 @@ BEGIN {
if (defined $arch) {
if (uc ($arch) eq "X64") {
$arch = "X64";
- $inf_file = "OpensslLibX64.inf";
$uefi_config = "UEFI-x86_64";
$extension = "nasm";
+ $compile = "MSFT";
$comment_character = ";";
} elsif (uc ($arch) eq "X64GCC") {
$arch = "X64Gcc";
- $inf_file = "OpensslLibX64Gcc.inf";
$uefi_config = "UEFI-x86_64-GCC";
$extension = "S";
+ $compile = "GCC";
$comment_character = "#";
} elsif (uc ($arch) eq "IA32") {
$arch = "IA32";
- $inf_file = "OpensslLibIa32.inf";
$uefi_config = "UEFI-x86";
$extension = "nasm";
+ $compile = "MSFT";
$comment_character = ";";
} elsif (uc ($arch) eq "IA32GCC") {
$arch = "IA32Gcc";
- $inf_file = "OpensslLibIa32Gcc.inf";
$uefi_config = "UEFI-x86-GCC";
$extension = "S";
+ $compile = "GCC";
$comment_character = "#";
} else {
die "Unsupported architecture \"" . $arch . "\"!";
}
+ $inf_file = "OpensslLibAccel.inf";
if ($extension eq "nasm") {
if (`nasm -v 2>&1`) {
#Presence of nasm executable will trigger inclusion of AVX instructions
@@ -256,6 +267,7 @@ foreach my $f (@{$config{lib_defines}}) {
my @cryptofilelist = ();
my @sslfilelist = ();
+my @ecfilelist = ();
my @asmfilelist = ();
my @asmbuild = ();
foreach my $product ((@{$unified_info{libraries}},
@@ -286,10 +298,14 @@ foreach my $product ((@{$unified_info{libraries}},
$buildstring .= " ./$arch/$path$s.$extension";
make_path ("./$arch/$path");
push @asmbuild, "$buildstring\n";
- push @asmfilelist, " $arch/$path$s.$extension\r\n";
+ push @asmfilelist, " $arch/$path$s.$extension |$compile\r\n";
}
next;
}
+ if ($s =~ "/ec/" || $s =~ "/sm2/") {
+ push @ecfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
+ next;
+ }
if ($product =~ "libssl") {
push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
next;
@@ -323,6 +339,10 @@ foreach (@headers){
push @sslfilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n";
next;
}
+ if ($_ =~ "/ec/" || $_ =~ "/sm2/") {
+ push @ecfilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n";
+ next;
+ }
push @cryptofilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n";
}
@@ -351,10 +371,18 @@ foreach (@inf) {
next;
}
if ( $_ =~ "# Autogenerated files list starts here" ) {
- push @new_inf, $_, @asmfilelist, @cryptofilelist, @sslfilelist;
+ push @new_inf, $_, @cryptofilelist, @sslfilelist;
$subbing = 1;
next;
}
+ if (defined $arch) {
+ my $arch_asmfile_flag = "# Autogenerated " . $arch . " files list starts here";
+ if ($_ =~ $arch_asmfile_flag) {
+ push @new_inf, $_, @asmfilelist;
+ $subbing = 1;
+ next;
+ }
+ }
if ( $_ =~ "# Autogenerated files list ends here" ) {
push @new_inf, $_;
$subbing = 0;
@@ -421,6 +449,59 @@ if (!defined $arch) {
print "Done!";
}
+#
+# Update OpensslLibFull.inf with autogenerated file list
+#
+if (!defined $arch) {
+ $inf_file = "OpensslLibFull.inf";
+} else {
+ $inf_file = "OpensslLibFullAccel.inf";
+}
+# Read the contents of the inf file
+@inf = ();
+@new_inf = ();
+open( FD, "<" . $inf_file ) ||
+ die "Cannot open \"" . $inf_file . "\"!";
+@inf = (<FD>);
+close(FD) ||
+ die "Cannot close \"" . $inf_file . "\"!";
+$subbing = 0;
+print "\n--> Updating $inf_file ... ";
+foreach (@inf) {
+ if ( $_ =~ "# Autogenerated files list starts here" ) {
+ push @new_inf, $_, @cryptofilelist, @sslfilelist, @ecfilelist;
+ $subbing = 1;
+ next;
+ }
+ if (defined $arch) {
+ my $arch_asmfile_flag = "# Autogenerated " . $arch . " files list starts here";
+ if ($_ =~ $arch_asmfile_flag) {
+ push @new_inf, $_, @asmfilelist;
+ $subbing = 1;
+ next;
+ }
+ }
+ if ( $_ =~ "# Autogenerated files list ends here" ) {
+ push @new_inf, $_;
+ $subbing = 0;
+ next;
+ }
+
+ push @new_inf, $_
+ unless ($subbing);
+}
+
+$new_inf_file = $inf_file . ".new";
+open( FD, ">" . $new_inf_file ) ||
+ die $new_inf_file;
+print( FD @new_inf ) ||
+ die $new_inf_file;
+close(FD) ||
+ die $new_inf_file;
+rename( $new_inf_file, $inf_file ) ||
+ die "rename $inf_file";
+print "Done!";
+
#
# Copy opensslconf.h and dso_conf.h generated from OpenSSL Configuration
#
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 21+ messages in thread* [Patch v2 15/16] CryptoPkg/Library/OpensslLib: Add generated flag to Accel INF
2022-10-20 18:34 [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (13 preceding siblings ...)
2022-10-20 18:35 ` [Patch v2 14/16] CryptoPkg/Library/OpensslLib: Update process_files.pl INF generation Michael D Kinney
@ 2022-10-20 18:35 ` Michael D Kinney
2022-10-20 18:35 ` [Patch v2 16/16] CryptoPkg/Library/OpensslLib: update auto-generated files Michael D Kinney
` (2 subsequent siblings)
17 siblings, 0 replies; 21+ messages in thread
From: Michael D Kinney @ 2022-10-20 18:35 UTC (permalink / raw)
To: devel
Cc: Yi Li, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
From: Yi Li <yi1.li@intel.com>
Update OpensslLibAccel.inf and OpensslLibFullAccel.inf to include
flags used by process_files.pl to generate OpensslLib INF files.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Yi Li <yi1.li@intel.com>
---
CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf | 8 ++++++++
CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf | 8 ++++++++
2 files changed, 16 insertions(+)
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
index 32eae4a79213..98b07fd2eab9 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
@@ -633,6 +633,7 @@ [Sources]
EcSm2Null.c
[Sources.IA32]
+# Autogenerated IA32 files list starts here
IA32/crypto/aes/aesni-x86.nasm | MSFT
IA32/crypto/aes/vpaes-x86.nasm | MSFT
IA32/crypto/modes/ghash-x86.nasm | MSFT
@@ -640,7 +641,9 @@ [Sources.IA32]
IA32/crypto/sha/sha256-586.nasm | MSFT
IA32/crypto/sha/sha512-586.nasm | MSFT
IA32/crypto/x86cpuid.nasm | MSFT
+# Autogenerated files list ends here
+# Autogenerated IA32Gcc files list starts here
IA32Gcc/crypto/aes/aesni-x86.S | GCC
IA32Gcc/crypto/aes/vpaes-x86.S | GCC
IA32Gcc/crypto/modes/ghash-x86.S | GCC
@@ -648,9 +651,11 @@ [Sources.IA32]
IA32Gcc/crypto/sha/sha256-586.S | GCC
IA32Gcc/crypto/sha/sha512-586.S | GCC
IA32Gcc/crypto/x86cpuid.S | GCC
+# Autogenerated files list ends here
[Sources.X64]
X64/ApiHooks.c
+# Autogenerated X64 files list starts here
X64/crypto/aes/aesni-mb-x86_64.nasm | MSFT
X64/crypto/aes/aesni-sha1-x86_64.nasm | MSFT
X64/crypto/aes/aesni-sha256-x86_64.nasm | MSFT
@@ -664,7 +669,9 @@ [Sources.X64]
X64/crypto/sha/sha256-x86_64.nasm | MSFT
X64/crypto/sha/sha512-x86_64.nasm | MSFT
X64/crypto/x86_64cpuid.nasm | MSFT
+# Autogenerated files list ends here
+# Autogenerated X64Gcc files list starts here
X64Gcc/crypto/aes/aesni-mb-x86_64.S | GCC
X64Gcc/crypto/aes/aesni-sha1-x86_64.S | GCC
X64Gcc/crypto/aes/aesni-sha256-x86_64.S | GCC
@@ -678,6 +685,7 @@ [Sources.X64]
X64Gcc/crypto/sha/sha256-x86_64.S | GCC
X64Gcc/crypto/sha/sha512-x86_64.S | GCC
X64Gcc/crypto/x86_64cpuid.S | GCC
+# Autogenerated files list ends here
[Packages]
MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
index 6345b54bca4c..6525b73a9e7b 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
@@ -638,6 +638,7 @@ [Sources]
# EcSm2Null.c
[Sources.IA32]
+# Autogenerated IA32 files list starts here
IA32/crypto/aes/aesni-x86.nasm | MSFT
IA32/crypto/aes/vpaes-x86.nasm | MSFT
IA32/crypto/modes/ghash-x86.nasm | MSFT
@@ -645,7 +646,9 @@ [Sources.IA32]
IA32/crypto/sha/sha256-586.nasm | MSFT
IA32/crypto/sha/sha512-586.nasm | MSFT
IA32/crypto/x86cpuid.nasm | MSFT
+# Autogenerated files list ends here
+# Autogenerated IA32Gcc files list starts here
IA32Gcc/crypto/aes/aesni-x86.S | GCC
IA32Gcc/crypto/aes/vpaes-x86.S | GCC
IA32Gcc/crypto/modes/ghash-x86.S | GCC
@@ -653,9 +656,11 @@ [Sources.IA32]
IA32Gcc/crypto/sha/sha256-586.S | GCC
IA32Gcc/crypto/sha/sha512-586.S | GCC
IA32Gcc/crypto/x86cpuid.S | GCC
+# Autogenerated files list ends here
[Sources.X64]
X64/ApiHooks.c
+# Autogenerated X64 files list starts here
X64/crypto/aes/aesni-mb-x86_64.nasm | MSFT
X64/crypto/aes/aesni-sha1-x86_64.nasm | MSFT
X64/crypto/aes/aesni-sha256-x86_64.nasm | MSFT
@@ -669,7 +674,9 @@ [Sources.X64]
X64/crypto/sha/sha256-x86_64.nasm | MSFT
X64/crypto/sha/sha512-x86_64.nasm | MSFT
X64/crypto/x86_64cpuid.nasm | MSFT
+# Autogenerated files list ends here
+# Autogenerated X64Gcc files list starts here
X64Gcc/crypto/aes/aesni-mb-x86_64.S | GCC
X64Gcc/crypto/aes/aesni-sha1-x86_64.S | GCC
X64Gcc/crypto/aes/aesni-sha256-x86_64.S | GCC
@@ -683,6 +690,7 @@ [Sources.X64]
X64Gcc/crypto/sha/sha256-x86_64.S | GCC
X64Gcc/crypto/sha/sha512-x86_64.S | GCC
X64Gcc/crypto/x86_64cpuid.S | GCC
+# Autogenerated files list ends here
[Packages]
MdePkg/MdePkg.dec
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 21+ messages in thread* [Patch v2 16/16] CryptoPkg/Library/OpensslLib: update auto-generated files
2022-10-20 18:34 [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (14 preceding siblings ...)
2022-10-20 18:35 ` [Patch v2 15/16] CryptoPkg/Library/OpensslLib: Add generated flag to Accel INF Michael D Kinney
@ 2022-10-20 18:35 ` Michael D Kinney
2022-10-24 3:52 ` [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Yao, Jiewen
[not found] ` <1720E4F0EDFC384F.808@groups.io>
17 siblings, 0 replies; 21+ messages in thread
From: Michael D Kinney @ 2022-10-20 18:35 UTC (permalink / raw)
To: devel
Cc: Yi Li, Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang,
Christopher Zurcher
From: Yi Li <yi1.li@intel.com>
Update OpensslLib INF files to match results from running
process_files.pl to auto-generate the INF files.
* OpensslLib.inf
* OpensslLibAccel.inf
* OpensslLibCrypto.inf
* OpensslLibFull.inf
* OpensslLibFullAccel.inf
These INF files are generated by running the following
perl scripts:
* process_files.pl
* process_files.pl X64
* process_files.pl X64Gcc
* process_files.pl IA32
* process_files.pl IA32Gcc
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Yi Li <yi1.li@intel.com>
---
.../Library/Include/openssl/opensslconf.h | 10 +-
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 50 -----
.../Library/OpensslLib/OpensslLibAccel.inf | 131 ++++---------
.../Library/OpensslLib/OpensslLibCrypto.inf | 101 ----------
.../Library/OpensslLib/OpensslLibFull.inf | 100 +++++-----
.../OpensslLib/OpensslLibFullAccel.inf | 181 +++++++++---------
6 files changed, 185 insertions(+), 388 deletions(-)
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index b98b068b3d3b..09a6641ffcf9 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -250,11 +250,11 @@ extern "C" {
# undef DECLARE_DEPRECATED
# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
# endif
-#elif defined(__SUNPRO_C)
-#if (__SUNPRO_C >= 0x5130)
-#undef DECLARE_DEPRECATED
-#define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
-#endif
+# elif defined(__SUNPRO_C)
+# if (__SUNPRO_C >= 0x5130)
+# undef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
+# endif
# endif
#endif
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 82ffe4ec2f8e..60c6c24b0a67 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -204,43 +204,6 @@ [Sources]
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
-# $(OPENSSL_PATH)/crypto/ec/curve25519.c
-# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
-# $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
-# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
-# $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
-# $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
-# $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
-# $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
-# $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
-# $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
-# $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
-# $(OPENSSL_PATH)/crypto/ec/ec_check.c
-# $(OPENSSL_PATH)/crypto/ec/ec_curve.c
-# $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
-# $(OPENSSL_PATH)/crypto/ec/ec_err.c
-# $(OPENSSL_PATH)/crypto/ec/ec_key.c
-# $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
-# $(OPENSSL_PATH)/crypto/ec/ec_lib.c
-# $(OPENSSL_PATH)/crypto/ec/ec_mult.c
-# $(OPENSSL_PATH)/crypto/ec/ec_oct.c
-# $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
-# $(OPENSSL_PATH)/crypto/ec/ec_print.c
-# $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
-# $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
-# $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
-# $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
-# $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
-# $(OPENSSL_PATH)/crypto/ec/eck_prn.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
-# $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -426,10 +389,6 @@ [Sources]
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
-# $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
-# $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
-# $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
-# $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
$(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -542,15 +501,6 @@ [Sources]
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
-# $(OPENSSL_PATH)/crypto/ec/ec_local.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/field.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/word.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
index 98b07fd2eab9..103ef7bda2a3 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf
@@ -205,43 +205,6 @@ [Sources]
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
-# $(OPENSSL_PATH)/crypto/ec/curve25519.c
-# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
-# $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
-# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
-# $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
-# $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
-# $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
-# $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
-# $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
-# $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
-# $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
-# $(OPENSSL_PATH)/crypto/ec/ec_check.c
-# $(OPENSSL_PATH)/crypto/ec/ec_curve.c
-# $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
-# $(OPENSSL_PATH)/crypto/ec/ec_err.c
-# $(OPENSSL_PATH)/crypto/ec/ec_key.c
-# $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
-# $(OPENSSL_PATH)/crypto/ec/ec_lib.c
-# $(OPENSSL_PATH)/crypto/ec/ec_mult.c
-# $(OPENSSL_PATH)/crypto/ec/ec_oct.c
-# $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
-# $(OPENSSL_PATH)/crypto/ec/ec_print.c
-# $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
-# $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
-# $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
-# $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
-# $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
-# $(OPENSSL_PATH)/crypto/ec/eck_prn.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
-# $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -320,7 +283,6 @@ [Sources]
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
$(OPENSSL_PATH)/crypto/md5/md5_one.c
$(OPENSSL_PATH)/crypto/mem.c
-# $(OPENSSL_PATH)/crypto/mem_clr.c # Replaced by assembly optimized NASM/S files
$(OPENSSL_PATH)/crypto/mem_dbg.c
$(OPENSSL_PATH)/crypto/mem_sec.c
$(OPENSSL_PATH)/crypto/modes/cbc128.c
@@ -427,10 +389,6 @@ [Sources]
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
-# $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
-# $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
-# $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
-# $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
$(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -543,15 +501,6 @@ [Sources]
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
-# $(OPENSSL_PATH)/crypto/ec/ec_local.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/field.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/word.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -634,57 +583,57 @@ [Sources]
[Sources.IA32]
# Autogenerated IA32 files list starts here
- IA32/crypto/aes/aesni-x86.nasm | MSFT
- IA32/crypto/aes/vpaes-x86.nasm | MSFT
- IA32/crypto/modes/ghash-x86.nasm | MSFT
- IA32/crypto/sha/sha1-586.nasm | MSFT
- IA32/crypto/sha/sha256-586.nasm | MSFT
- IA32/crypto/sha/sha512-586.nasm | MSFT
- IA32/crypto/x86cpuid.nasm | MSFT
+ IA32/crypto/aes/aesni-x86.nasm |MSFT
+ IA32/crypto/aes/vpaes-x86.nasm |MSFT
+ IA32/crypto/modes/ghash-x86.nasm |MSFT
+ IA32/crypto/sha/sha1-586.nasm |MSFT
+ IA32/crypto/sha/sha256-586.nasm |MSFT
+ IA32/crypto/sha/sha512-586.nasm |MSFT
+ IA32/crypto/x86cpuid.nasm |MSFT
# Autogenerated files list ends here
# Autogenerated IA32Gcc files list starts here
- IA32Gcc/crypto/aes/aesni-x86.S | GCC
- IA32Gcc/crypto/aes/vpaes-x86.S | GCC
- IA32Gcc/crypto/modes/ghash-x86.S | GCC
- IA32Gcc/crypto/sha/sha1-586.S | GCC
- IA32Gcc/crypto/sha/sha256-586.S | GCC
- IA32Gcc/crypto/sha/sha512-586.S | GCC
- IA32Gcc/crypto/x86cpuid.S | GCC
+ IA32Gcc/crypto/aes/aesni-x86.S |GCC
+ IA32Gcc/crypto/aes/vpaes-x86.S |GCC
+ IA32Gcc/crypto/modes/ghash-x86.S |GCC
+ IA32Gcc/crypto/sha/sha1-586.S |GCC
+ IA32Gcc/crypto/sha/sha256-586.S |GCC
+ IA32Gcc/crypto/sha/sha512-586.S |GCC
+ IA32Gcc/crypto/x86cpuid.S |GCC
# Autogenerated files list ends here
[Sources.X64]
X64/ApiHooks.c
# Autogenerated X64 files list starts here
- X64/crypto/aes/aesni-mb-x86_64.nasm | MSFT
- X64/crypto/aes/aesni-sha1-x86_64.nasm | MSFT
- X64/crypto/aes/aesni-sha256-x86_64.nasm | MSFT
- X64/crypto/aes/aesni-x86_64.nasm | MSFT
- X64/crypto/aes/vpaes-x86_64.nasm | MSFT
- X64/crypto/modes/aesni-gcm-x86_64.nasm | MSFT
- X64/crypto/modes/ghash-x86_64.nasm | MSFT
- X64/crypto/sha/sha1-mb-x86_64.nasm | MSFT
- X64/crypto/sha/sha1-x86_64.nasm | MSFT
- X64/crypto/sha/sha256-mb-x86_64.nasm | MSFT
- X64/crypto/sha/sha256-x86_64.nasm | MSFT
- X64/crypto/sha/sha512-x86_64.nasm | MSFT
- X64/crypto/x86_64cpuid.nasm | MSFT
+ X64/crypto/aes/aesni-mb-x86_64.nasm |MSFT
+ X64/crypto/aes/aesni-sha1-x86_64.nasm |MSFT
+ X64/crypto/aes/aesni-sha256-x86_64.nasm |MSFT
+ X64/crypto/aes/aesni-x86_64.nasm |MSFT
+ X64/crypto/aes/vpaes-x86_64.nasm |MSFT
+ X64/crypto/modes/aesni-gcm-x86_64.nasm |MSFT
+ X64/crypto/modes/ghash-x86_64.nasm |MSFT
+ X64/crypto/sha/sha1-mb-x86_64.nasm |MSFT
+ X64/crypto/sha/sha1-x86_64.nasm |MSFT
+ X64/crypto/sha/sha256-mb-x86_64.nasm |MSFT
+ X64/crypto/sha/sha256-x86_64.nasm |MSFT
+ X64/crypto/sha/sha512-x86_64.nasm |MSFT
+ X64/crypto/x86_64cpuid.nasm |MSFT
# Autogenerated files list ends here
# Autogenerated X64Gcc files list starts here
- X64Gcc/crypto/aes/aesni-mb-x86_64.S | GCC
- X64Gcc/crypto/aes/aesni-sha1-x86_64.S | GCC
- X64Gcc/crypto/aes/aesni-sha256-x86_64.S | GCC
- X64Gcc/crypto/aes/aesni-x86_64.S | GCC
- X64Gcc/crypto/aes/vpaes-x86_64.S | GCC
- X64Gcc/crypto/modes/aesni-gcm-x86_64.S | GCC
- X64Gcc/crypto/modes/ghash-x86_64.S | GCC
- X64Gcc/crypto/sha/sha1-mb-x86_64.S | GCC
- X64Gcc/crypto/sha/sha1-x86_64.S | GCC
- X64Gcc/crypto/sha/sha256-mb-x86_64.S | GCC
- X64Gcc/crypto/sha/sha256-x86_64.S | GCC
- X64Gcc/crypto/sha/sha512-x86_64.S | GCC
- X64Gcc/crypto/x86_64cpuid.S | GCC
+ X64Gcc/crypto/aes/aesni-mb-x86_64.S |GCC
+ X64Gcc/crypto/aes/aesni-sha1-x86_64.S |GCC
+ X64Gcc/crypto/aes/aesni-sha256-x86_64.S |GCC
+ X64Gcc/crypto/aes/aesni-x86_64.S |GCC
+ X64Gcc/crypto/aes/vpaes-x86_64.S |GCC
+ X64Gcc/crypto/modes/aesni-gcm-x86_64.S |GCC
+ X64Gcc/crypto/modes/ghash-x86_64.S |GCC
+ X64Gcc/crypto/sha/sha1-mb-x86_64.S |GCC
+ X64Gcc/crypto/sha/sha1-x86_64.S |GCC
+ X64Gcc/crypto/sha/sha256-mb-x86_64.S |GCC
+ X64Gcc/crypto/sha/sha256-x86_64.S |GCC
+ X64Gcc/crypto/sha/sha512-x86_64.S |GCC
+ X64Gcc/crypto/x86_64cpuid.S |GCC
# Autogenerated files list ends here
[Packages]
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index d02769428b86..c4eaea888c1a 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -205,43 +205,6 @@ [Sources]
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
-# $(OPENSSL_PATH)/crypto/ec/curve25519.c
-# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
-# $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
-# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
-# $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
-# $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
-# $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
-# $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
-# $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
-# $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
-# $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
-# $(OPENSSL_PATH)/crypto/ec/ec_check.c
-# $(OPENSSL_PATH)/crypto/ec/ec_curve.c
-# $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
-# $(OPENSSL_PATH)/crypto/ec/ec_err.c
-# $(OPENSSL_PATH)/crypto/ec/ec_key.c
-# $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
-# $(OPENSSL_PATH)/crypto/ec/ec_lib.c
-# $(OPENSSL_PATH)/crypto/ec/ec_mult.c
-# $(OPENSSL_PATH)/crypto/ec/ec_oct.c
-# $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
-# $(OPENSSL_PATH)/crypto/ec/ec_print.c
-# $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
-# $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
-# $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
-# $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
-# $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
-# $(OPENSSL_PATH)/crypto/ec/eck_prn.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
-# $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
-# $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -427,10 +390,6 @@ [Sources]
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
-# $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
-# $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
-# $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
-# $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
$(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -543,15 +502,6 @@ [Sources]
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
-# $(OPENSSL_PATH)/crypto/ec/ec_local.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/field.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/word.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
-# $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -574,57 +524,6 @@ [Sources]
$(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
-# $(OPENSSL_PATH)/ssl/bio_ssl.c
-# $(OPENSSL_PATH)/ssl/d1_lib.c
-# $(OPENSSL_PATH)/ssl/d1_msg.c
-# $(OPENSSL_PATH)/ssl/d1_srtp.c
-# $(OPENSSL_PATH)/ssl/methods.c
-# $(OPENSSL_PATH)/ssl/packet.c
-# $(OPENSSL_PATH)/ssl/pqueue.c
-# $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c
-# $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c
-# $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c
-# $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c
-# $(OPENSSL_PATH)/ssl/record/ssl3_record.c
-# $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c
-# $(OPENSSL_PATH)/ssl/s3_cbc.c
-# $(OPENSSL_PATH)/ssl/s3_enc.c
-# $(OPENSSL_PATH)/ssl/s3_lib.c
-# $(OPENSSL_PATH)/ssl/s3_msg.c
-# $(OPENSSL_PATH)/ssl/ssl_asn1.c
-# $(OPENSSL_PATH)/ssl/ssl_cert.c
-# $(OPENSSL_PATH)/ssl/ssl_ciph.c
-# $(OPENSSL_PATH)/ssl/ssl_conf.c
-# $(OPENSSL_PATH)/ssl/ssl_err.c
-# $(OPENSSL_PATH)/ssl/ssl_init.c
-# $(OPENSSL_PATH)/ssl/ssl_lib.c
-# $(OPENSSL_PATH)/ssl/ssl_mcnf.c
-# $(OPENSSL_PATH)/ssl/ssl_rsa.c
-# $(OPENSSL_PATH)/ssl/ssl_sess.c
-# $(OPENSSL_PATH)/ssl/ssl_stat.c
-# $(OPENSSL_PATH)/ssl/ssl_txt.c
-# $(OPENSSL_PATH)/ssl/ssl_utst.c
-# $(OPENSSL_PATH)/ssl/statem/extensions.c
-# $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c
-# $(OPENSSL_PATH)/ssl/statem/extensions_cust.c
-# $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c
-# $(OPENSSL_PATH)/ssl/statem/statem.c
-# $(OPENSSL_PATH)/ssl/statem/statem_clnt.c
-# $(OPENSSL_PATH)/ssl/statem/statem_dtls.c
-# $(OPENSSL_PATH)/ssl/statem/statem_lib.c
-# $(OPENSSL_PATH)/ssl/statem/statem_srvr.c
-# $(OPENSSL_PATH)/ssl/t1_enc.c
-# $(OPENSSL_PATH)/ssl/t1_lib.c
-# $(OPENSSL_PATH)/ssl/t1_trce.c
-# $(OPENSSL_PATH)/ssl/tls13_enc.c
-# $(OPENSSL_PATH)/ssl/tls_srp.c
-# $(OPENSSL_PATH)/ssl/packet_local.h
-# $(OPENSSL_PATH)/ssl/ssl_cert_table.h
-# $(OPENSSL_PATH)/ssl/ssl_local.h
-# $(OPENSSL_PATH)/ssl/record/record.h
-# $(OPENSSL_PATH)/ssl/record/record_local.h
-# $(OPENSSL_PATH)/ssl/statem/statem.h
-# $(OPENSSL_PATH)/ssl/statem/statem_local.h
# Autogenerated files list ends here
buildinf.h
ossl_store.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
index aa73265931f7..309e43055ce2 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
@@ -209,43 +209,6 @@ [Sources]
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
- $(OPENSSL_PATH)/crypto/ec/ec_check.c
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
- $(OPENSSL_PATH)/crypto/ec/ec_err.c
- $(OPENSSL_PATH)/crypto/ec/ec_key.c
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_print.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -431,10 +394,6 @@ [Sources]
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
$(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -547,15 +506,6 @@ [Sources]
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -629,6 +579,56 @@ [Sources]
$(OPENSSL_PATH)/ssl/record/record_local.h
$(OPENSSL_PATH)/ssl/statem/statem.h
$(OPENSSL_PATH)/ssl/statem/statem_local.h
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
# Autogenerated files list ends here
buildinf.h
ossl_store.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
index 6525b73a9e7b..4eeeeb79bd94 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf
@@ -210,43 +210,6 @@ [Sources]
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
- $(OPENSSL_PATH)/crypto/ec/curve25519.c
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
- $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
- $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
- $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
- $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
- $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
- $(OPENSSL_PATH)/crypto/ec/ec_check.c
- $(OPENSSL_PATH)/crypto/ec/ec_curve.c
- $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
- $(OPENSSL_PATH)/crypto/ec/ec_err.c
- $(OPENSSL_PATH)/crypto/ec/ec_key.c
- $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_lib.c
- $(OPENSSL_PATH)/crypto/ec/ec_mult.c
- $(OPENSSL_PATH)/crypto/ec/ec_oct.c
- $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
- $(OPENSSL_PATH)/crypto/ec/ec_print.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
- $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
- $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
- $(OPENSSL_PATH)/crypto/ec/eck_prn.c
- $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
- $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
- $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
- $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
- $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -325,7 +288,6 @@ [Sources]
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
$(OPENSSL_PATH)/crypto/md5/md5_one.c
$(OPENSSL_PATH)/crypto/mem.c
-# $(OPENSSL_PATH)/crypto/mem_clr.c # Replaced by assembly optimized NASM/S files
$(OPENSSL_PATH)/crypto/mem_dbg.c
$(OPENSSL_PATH)/crypto/mem_sec.c
$(OPENSSL_PATH)/crypto/modes/cbc128.c
@@ -432,10 +394,6 @@ [Sources]
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
- $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
$(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -548,15 +506,6 @@ [Sources]
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
- $(OPENSSL_PATH)/crypto/ec/ec_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
- $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
- $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/field.h
- $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
- $(OPENSSL_PATH)/crypto/ec/curve448/word.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
- $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
@@ -630,6 +579,56 @@ [Sources]
$(OPENSSL_PATH)/ssl/record/record_local.h
$(OPENSSL_PATH)/ssl/statem/statem.h
$(OPENSSL_PATH)/ssl/statem/statem_local.h
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
# Autogenerated files list ends here
buildinf.h
ossl_store.c
@@ -639,57 +638,57 @@ [Sources]
[Sources.IA32]
# Autogenerated IA32 files list starts here
- IA32/crypto/aes/aesni-x86.nasm | MSFT
- IA32/crypto/aes/vpaes-x86.nasm | MSFT
- IA32/crypto/modes/ghash-x86.nasm | MSFT
- IA32/crypto/sha/sha1-586.nasm | MSFT
- IA32/crypto/sha/sha256-586.nasm | MSFT
- IA32/crypto/sha/sha512-586.nasm | MSFT
- IA32/crypto/x86cpuid.nasm | MSFT
+ IA32/crypto/aes/aesni-x86.nasm |MSFT
+ IA32/crypto/aes/vpaes-x86.nasm |MSFT
+ IA32/crypto/modes/ghash-x86.nasm |MSFT
+ IA32/crypto/sha/sha1-586.nasm |MSFT
+ IA32/crypto/sha/sha256-586.nasm |MSFT
+ IA32/crypto/sha/sha512-586.nasm |MSFT
+ IA32/crypto/x86cpuid.nasm |MSFT
# Autogenerated files list ends here
# Autogenerated IA32Gcc files list starts here
- IA32Gcc/crypto/aes/aesni-x86.S | GCC
- IA32Gcc/crypto/aes/vpaes-x86.S | GCC
- IA32Gcc/crypto/modes/ghash-x86.S | GCC
- IA32Gcc/crypto/sha/sha1-586.S | GCC
- IA32Gcc/crypto/sha/sha256-586.S | GCC
- IA32Gcc/crypto/sha/sha512-586.S | GCC
- IA32Gcc/crypto/x86cpuid.S | GCC
+ IA32Gcc/crypto/aes/aesni-x86.S |GCC
+ IA32Gcc/crypto/aes/vpaes-x86.S |GCC
+ IA32Gcc/crypto/modes/ghash-x86.S |GCC
+ IA32Gcc/crypto/sha/sha1-586.S |GCC
+ IA32Gcc/crypto/sha/sha256-586.S |GCC
+ IA32Gcc/crypto/sha/sha512-586.S |GCC
+ IA32Gcc/crypto/x86cpuid.S |GCC
# Autogenerated files list ends here
[Sources.X64]
X64/ApiHooks.c
# Autogenerated X64 files list starts here
- X64/crypto/aes/aesni-mb-x86_64.nasm | MSFT
- X64/crypto/aes/aesni-sha1-x86_64.nasm | MSFT
- X64/crypto/aes/aesni-sha256-x86_64.nasm | MSFT
- X64/crypto/aes/aesni-x86_64.nasm | MSFT
- X64/crypto/aes/vpaes-x86_64.nasm | MSFT
- X64/crypto/modes/aesni-gcm-x86_64.nasm | MSFT
- X64/crypto/modes/ghash-x86_64.nasm | MSFT
- X64/crypto/sha/sha1-mb-x86_64.nasm | MSFT
- X64/crypto/sha/sha1-x86_64.nasm | MSFT
- X64/crypto/sha/sha256-mb-x86_64.nasm | MSFT
- X64/crypto/sha/sha256-x86_64.nasm | MSFT
- X64/crypto/sha/sha512-x86_64.nasm | MSFT
- X64/crypto/x86_64cpuid.nasm | MSFT
+ X64/crypto/aes/aesni-mb-x86_64.nasm |MSFT
+ X64/crypto/aes/aesni-sha1-x86_64.nasm |MSFT
+ X64/crypto/aes/aesni-sha256-x86_64.nasm |MSFT
+ X64/crypto/aes/aesni-x86_64.nasm |MSFT
+ X64/crypto/aes/vpaes-x86_64.nasm |MSFT
+ X64/crypto/modes/aesni-gcm-x86_64.nasm |MSFT
+ X64/crypto/modes/ghash-x86_64.nasm |MSFT
+ X64/crypto/sha/sha1-mb-x86_64.nasm |MSFT
+ X64/crypto/sha/sha1-x86_64.nasm |MSFT
+ X64/crypto/sha/sha256-mb-x86_64.nasm |MSFT
+ X64/crypto/sha/sha256-x86_64.nasm |MSFT
+ X64/crypto/sha/sha512-x86_64.nasm |MSFT
+ X64/crypto/x86_64cpuid.nasm |MSFT
# Autogenerated files list ends here
# Autogenerated X64Gcc files list starts here
- X64Gcc/crypto/aes/aesni-mb-x86_64.S | GCC
- X64Gcc/crypto/aes/aesni-sha1-x86_64.S | GCC
- X64Gcc/crypto/aes/aesni-sha256-x86_64.S | GCC
- X64Gcc/crypto/aes/aesni-x86_64.S | GCC
- X64Gcc/crypto/aes/vpaes-x86_64.S | GCC
- X64Gcc/crypto/modes/aesni-gcm-x86_64.S | GCC
- X64Gcc/crypto/modes/ghash-x86_64.S | GCC
- X64Gcc/crypto/sha/sha1-mb-x86_64.S | GCC
- X64Gcc/crypto/sha/sha1-x86_64.S | GCC
- X64Gcc/crypto/sha/sha256-mb-x86_64.S | GCC
- X64Gcc/crypto/sha/sha256-x86_64.S | GCC
- X64Gcc/crypto/sha/sha512-x86_64.S | GCC
- X64Gcc/crypto/x86_64cpuid.S | GCC
+ X64Gcc/crypto/aes/aesni-mb-x86_64.S |GCC
+ X64Gcc/crypto/aes/aesni-sha1-x86_64.S |GCC
+ X64Gcc/crypto/aes/aesni-sha256-x86_64.S |GCC
+ X64Gcc/crypto/aes/aesni-x86_64.S |GCC
+ X64Gcc/crypto/aes/vpaes-x86_64.S |GCC
+ X64Gcc/crypto/modes/aesni-gcm-x86_64.S |GCC
+ X64Gcc/crypto/modes/ghash-x86_64.S |GCC
+ X64Gcc/crypto/sha/sha1-mb-x86_64.S |GCC
+ X64Gcc/crypto/sha/sha1-x86_64.S |GCC
+ X64Gcc/crypto/sha/sha256-mb-x86_64.S |GCC
+ X64Gcc/crypto/sha/sha256-x86_64.S |GCC
+ X64Gcc/crypto/sha/sha512-x86_64.S |GCC
+ X64Gcc/crypto/x86_64cpuid.S |GCC
# Autogenerated files list ends here
[Packages]
--
2.37.1.windows.1
^ permalink raw reply related [flat|nested] 21+ messages in thread* Re: [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs
2022-10-20 18:34 [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs Michael D Kinney
` (15 preceding siblings ...)
2022-10-20 18:35 ` [Patch v2 16/16] CryptoPkg/Library/OpensslLib: update auto-generated files Michael D Kinney
@ 2022-10-24 3:52 ` Yao, Jiewen
[not found] ` <1720E4F0EDFC384F.808@groups.io>
17 siblings, 0 replies; 21+ messages in thread
From: Yao, Jiewen @ 2022-10-24 3:52 UTC (permalink / raw)
To: Kinney, Michael D, devel@edk2.groups.io
Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin, Zurcher, Christopher,
Rebecca Cran, Ard Biesheuvel, Li, Yi1
Thanks Mike
The update looks good to me. Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Do you have any data of size difference before and after? Please share with us.
I am more interested in the old configuration with ECC.
Thank you
Yao, Jiewen
> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Friday, October 21, 2022 2:35 AM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang,
> Guomin <guomin.jiang@intel.com>; Zurcher, Christopher
> <christopher.zurcher@microsoft.com>; Rebecca Cran
> <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>; Li, Yi1
> <yi1.li@intel.com>
> Subject: [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt
> OpensslLibs
>
> The recent addition of the Ecliptic Curve (EC) feature and the performance
> optimization feature increased the complexity for platforms to integrate
> and enable these features. This series simplifies the platform configuration
> as much as possible and improves the ability to manage the the size impact
> of cryptographic services in each FW phase. A Readme.md is also added
> that
> provides an overview of the CryptoPkg design and features along with
> platform
> integration recommendations.
>
> This series also addresses private library class declarations missing from
> CryptoPkg.dec and library instances not producing all the APIs defined
> by the library classes. A review of the CryptoPkg EDK II meta data files
> identified
> a number of additional cleanups. The CryptoPkg.dsc file was also updated to
> improve CI coverage for future CryptoPkg changes and identified some
> unit test bug fixes.
>
> Change Summary
> ============
> * Document disabled/deprecated cryptographic services
> * Add missing UNI files in BaseCryptLib
> * Update BaseCryptLib internal functions to be STATIC and remove EFIAPI
> * Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global
> variables
> * Fix BaseCryptLib unit tests
> * Cleanup BaseCryptLib and TlsLib INF files and
> * Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that uses it.
> * Merge 4 performance optimized INFs into OpensslLib*Accel.inf
> * Remove use of PcdOpensslEcEnabled and use OpensslLibFull*.inf instead
> * Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private library classes
> * Update all OpensslLib instances to always produce all APIs in OpensslLib
> class
> * Move PrintLib dependency from OpensslLib INF files to BaseCryptLib INF
> files
> * Update CryptoPkg.dsc files to provide full CI test coverage across all the
> supported combinations of OpensslLib, BaseCryptLib, and TlsLib instances.
> * Remove PACKAGE profile from CryptoPkg.dsc and add
> TARGET_UNIT_TESTS
> profile. Adding TARGET_UNIT_TESTS profile is required to prevent a few
> unit
> test artifacts being included in non unit test builds of components.
> * Add CryptoPkg Readme.md with overview and platform integration
> details.
> * Update host-based unit tests to always use OpensslLibFull.inf and add
> unit
> test coverage for OpensslLibFullAccel.inf.
> * Add Readme.md with CryptoPkg overview and platform integration
> documentation
>
> New in V2
> =========
> * Fix service table in Readme.md
> * Fix VS2015x86 RELEASE builds by disabling warning 4718
> * Rebase to latest and add missing EC functions in EcSm2Null.c
> * Update perl scripts to auto-generate all OpensslLib INF files
> * Update OpensslLib INF files to match auto-generated format
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
> Cc: Rebecca Cran <quic_rcran@quicinc.com>
> Cc: Ard Biesheuvel <ardb@kernel.org>
> Cc: Yi Li <yi1.li@intel.com>
> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
>
> Michael D Kinney (12):
> CryptoPkg: Document and disable deprecated crypto services
> CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format
> CryptoPkg/Library/BaseCryptLib: Update internal functions/variables
> CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
> CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
> CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs
> CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
> CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
> CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
> CryptoPkg: Update DSC to improve CI test coverage
> CryptoPkg: Fixed host-based unit tests
> CryptoPkg: Add Readme.md
>
> Yi Li (4):
> Revert "CryptoPkg: Update process_files.pl to auto add PCD config
> option"
> CryptoPkg/Library/OpensslLib: Update process_files.pl INF generation
> CryptoPkg/Library/OpensslLib: Add generated flag to Accel INF
> CryptoPkg/Library/OpensslLib: update auto-generated files
>
> CryptoPkg/CryptoPkg.ci.yaml | 11 +-
> CryptoPkg/CryptoPkg.dec | 42 +-
> CryptoPkg/CryptoPkg.dsc | 438 ++++++++---
> .../Pcd/PcdCryptoServiceFamilyEnable.h | 122 +--
> .../Library/BaseCryptLib/BaseCryptLib.inf | 10 +-
> .../Library/BaseCryptLib/BaseCryptLib.uni | 2 -
> .../Library/BaseCryptLib/Hmac/CryptHmac.c | 7 +
> .../Library/BaseCryptLib/Kdf/CryptHkdf.c | 5 +-
> .../Library/BaseCryptLib/PeiCryptLib.inf | 8 +-
> .../Library/BaseCryptLib/PeiCryptLib.uni | 2 -
> CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 4 -
> .../BaseCryptLib/Pk/CryptAuthenticode.c | 2 +-
> .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 3 +-
> .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 3 +
> CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 44 +-
> CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 4 -
> .../Library/BaseCryptLib/RuntimeCryptLib.inf | 9 +-
> .../Library/BaseCryptLib/RuntimeCryptLib.uni | 2 -
> .../Library/BaseCryptLib/SecCryptLib.inf | 13 +-
> .../{SmmCryptLib.uni => SecCryptLib.uni} | 11 +-
> .../Library/BaseCryptLib/SmmCryptLib.inf | 12 -
> .../Library/BaseCryptLib/SmmCryptLib.uni | 2 -
> .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 22 +-
> .../Library/Include/openssl/opensslconf.h | 328 +++++++-
> .../Include/openssl/opensslconf_generated.h | 333 ---------
> CryptoPkg/Library/OpensslLib/EcSm2Null.c | 383 ++++++++++
> CryptoPkg/Library/OpensslLib/OpensslLib.inf | 91 +--
> CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +-
> ...OpensslLibIa32.inf => OpensslLibAccel.inf} | 154 ++--
> .../Library/OpensslLib/OpensslLibAccel.uni | 14 +
> .../OpensslLib/OpensslLibConstructor.c | 6 +-
> .../Library/OpensslLib/OpensslLibCrypto.inf | 92 +--
> .../Library/OpensslLib/OpensslLibCrypto.uni | 11 +-
> ...ensslLibIa32Gcc.inf => OpensslLibFull.inf} | 172 +++--
> .../{OpensslLib.uni => OpensslLibFull.uni} | 10 +-
> ...lLibX64Gcc.inf => OpensslLibFullAccel.inf} | 212 ++++--
> .../OpensslLib/OpensslLibFullAccel.uni | 14 +
> .../Library/OpensslLib/OpensslLibX64.inf | 706 ------------------
> CryptoPkg/Library/OpensslLib/SslNull.c | 405 ++++++++++
> CryptoPkg/Library/OpensslLib/process_files.pl | 168 +++--
> .../SysCall/inet_pton.c | 0
> CryptoPkg/Library/TlsLib/TlsConfig.c | 12 +-
> CryptoPkg/Library/TlsLib/TlsLib.inf | 12 +-
> CryptoPkg/Private/Library/IntrinsicLib.h | 16 +
> CryptoPkg/Private/Library/OpensslLib.h | 14 +
> CryptoPkg/Readme.md | 498 ++++++++++++
> CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 17 +-
> .../UnitTest/Library/BaseCryptLib/HmacTests.c | 17 +-
> .../UnitTest/Library/BaseCryptLib/TSTests.c | 2 +-
> .../TestBaseCryptLibHostAccel.inf | 56 ++
> 50 files changed, 2711 insertions(+), 1820 deletions(-)
> copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni =>
> SecCryptLib.uni} (74%)
> delete mode 100644
> CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
> rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =>
> OpensslLibAccel.inf} (79%)
> create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =>
> OpensslLibFull.inf} (79%)
> copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni => OpensslLibFull.uni}
> (56%)
> rename CryptoPkg/Library/OpensslLib/{OpensslLibX64Gcc.inf =>
> OpensslLibFullAccel.inf} (78%)
> create mode 100644
> CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
> rename CryptoPkg/Library/{BaseCryptLib => TlsLib}/SysCall/inet_pton.c
> (100%)
> create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
> create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
> create mode 100644 CryptoPkg/Readme.md
> create mode 100644
> CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.i
> nf
>
> --
> 2.37.1.windows.1
^ permalink raw reply [flat|nested] 21+ messages in thread[parent not found: <1720E4F0EDFC384F.808@groups.io>]
* Re: [edk2-devel] [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs
[not found] ` <1720E4F0EDFC384F.808@groups.io>
@ 2022-10-24 3:54 ` Yao, Jiewen
2022-10-24 5:43 ` Michael D Kinney
0 siblings, 1 reply; 21+ messages in thread
From: Yao, Jiewen @ 2022-10-24 3:54 UTC (permalink / raw)
To: devel@edk2.groups.io, Yao, Jiewen, Kinney, Michael D
Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin, Zurcher, Christopher,
Rebecca Cran, Ard Biesheuvel, Li, Yi1
Sorry: I mean old configuration without ECC.
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao,
> Jiewen
> Sent: Monday, October 24, 2022 11:53 AM
> To: Kinney, Michael D <michael.d.kinney@intel.com>;
> devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> Zurcher, Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>; Li, Yi1
> <yi1.li@intel.com>
> Subject: Re: [edk2-devel] [Patch v2 00/16] CryptoPkg: Remove EC PCD and
> merge perf opt OpensslLibs
>
> Thanks Mike
> The update looks good to me. Reviewed-by: Jiewen Yao
> <Jiewen.yao@intel.com>
>
> Do you have any data of size difference before and after? Please share with
> us.
>
> I am more interested in the old configuration with ECC.
>
> Thank you
> Yao, Jiewen
>
> > -----Original Message-----
> > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > Sent: Friday, October 21, 2022 2:35 AM
> > To: devel@edk2.groups.io
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang,
> > Guomin <guomin.jiang@intel.com>; Zurcher, Christopher
> > <christopher.zurcher@microsoft.com>; Rebecca Cran
> > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>; Li, Yi1
> > <yi1.li@intel.com>
> > Subject: [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt
> > OpensslLibs
> >
> > The recent addition of the Ecliptic Curve (EC) feature and the performance
> > optimization feature increased the complexity for platforms to integrate
> > and enable these features. This series simplifies the platform
> configuration
> > as much as possible and improves the ability to manage the the size
> impact
> > of cryptographic services in each FW phase. A Readme.md is also added
> > that
> > provides an overview of the CryptoPkg design and features along with
> > platform
> > integration recommendations.
> >
> > This series also addresses private library class declarations missing from
> > CryptoPkg.dec and library instances not producing all the APIs defined
> > by the library classes. A review of the CryptoPkg EDK II meta data files
> > identified
> > a number of additional cleanups. The CryptoPkg.dsc file was also updated
> to
> > improve CI coverage for future CryptoPkg changes and identified some
> > unit test bug fixes.
> >
> > Change Summary
> > ============
> > * Document disabled/deprecated cryptographic services
> > * Add missing UNI files in BaseCryptLib
> > * Update BaseCryptLib internal functions to be STATIC and remove EFIAPI
> > * Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global
> > variables
> > * Fix BaseCryptLib unit tests
> > * Cleanup BaseCryptLib and TlsLib INF files and
> > * Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that uses it.
> > * Merge 4 performance optimized INFs into OpensslLib*Accel.inf
> > * Remove use of PcdOpensslEcEnabled and use OpensslLibFull*.inf
> instead
> > * Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private library
> classes
> > * Update all OpensslLib instances to always produce all APIs in OpensslLib
> > class
> > * Move PrintLib dependency from OpensslLib INF files to BaseCryptLib INF
> > files
> > * Update CryptoPkg.dsc files to provide full CI test coverage across all the
> > supported combinations of OpensslLib, BaseCryptLib, and TlsLib
> instances.
> > * Remove PACKAGE profile from CryptoPkg.dsc and add
> > TARGET_UNIT_TESTS
> > profile. Adding TARGET_UNIT_TESTS profile is required to prevent a few
> > unit
> > test artifacts being included in non unit test builds of components.
> > * Add CryptoPkg Readme.md with overview and platform integration
> > details.
> > * Update host-based unit tests to always use OpensslLibFull.inf and add
> > unit
> > test coverage for OpensslLibFullAccel.inf.
> > * Add Readme.md with CryptoPkg overview and platform integration
> > documentation
> >
> > New in V2
> > =========
> > * Fix service table in Readme.md
> > * Fix VS2015x86 RELEASE builds by disabling warning 4718
> > * Rebase to latest and add missing EC functions in EcSm2Null.c
> > * Update perl scripts to auto-generate all OpensslLib INF files
> > * Update OpensslLib INF files to match auto-generated format
> >
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
> > Cc: Rebecca Cran <quic_rcran@quicinc.com>
> > Cc: Ard Biesheuvel <ardb@kernel.org>
> > Cc: Yi Li <yi1.li@intel.com>
> > Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> >
> > Michael D Kinney (12):
> > CryptoPkg: Document and disable deprecated crypto services
> > CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format
> > CryptoPkg/Library/BaseCryptLib: Update internal functions/variables
> > CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
> > CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
> > CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs
> > CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
> > CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
> > CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
> > CryptoPkg: Update DSC to improve CI test coverage
> > CryptoPkg: Fixed host-based unit tests
> > CryptoPkg: Add Readme.md
> >
> > Yi Li (4):
> > Revert "CryptoPkg: Update process_files.pl to auto add PCD config
> > option"
> > CryptoPkg/Library/OpensslLib: Update process_files.pl INF generation
> > CryptoPkg/Library/OpensslLib: Add generated flag to Accel INF
> > CryptoPkg/Library/OpensslLib: update auto-generated files
> >
> > CryptoPkg/CryptoPkg.ci.yaml | 11 +-
> > CryptoPkg/CryptoPkg.dec | 42 +-
> > CryptoPkg/CryptoPkg.dsc | 438 ++++++++---
> > .../Pcd/PcdCryptoServiceFamilyEnable.h | 122 +--
> > .../Library/BaseCryptLib/BaseCryptLib.inf | 10 +-
> > .../Library/BaseCryptLib/BaseCryptLib.uni | 2 -
> > .../Library/BaseCryptLib/Hmac/CryptHmac.c | 7 +
> > .../Library/BaseCryptLib/Kdf/CryptHkdf.c | 5 +-
> > .../Library/BaseCryptLib/PeiCryptLib.inf | 8 +-
> > .../Library/BaseCryptLib/PeiCryptLib.uni | 2 -
> > CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 4 -
> > .../BaseCryptLib/Pk/CryptAuthenticode.c | 2 +-
> > .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 3 +-
> > .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 3 +
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 44 +-
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 4 -
> > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 9 +-
> > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 2 -
> > .../Library/BaseCryptLib/SecCryptLib.inf | 13 +-
> > .../{SmmCryptLib.uni => SecCryptLib.uni} | 11 +-
> > .../Library/BaseCryptLib/SmmCryptLib.inf | 12 -
> > .../Library/BaseCryptLib/SmmCryptLib.uni | 2 -
> > .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 22 +-
> > .../Library/Include/openssl/opensslconf.h | 328 +++++++-
> > .../Include/openssl/opensslconf_generated.h | 333 ---------
> > CryptoPkg/Library/OpensslLib/EcSm2Null.c | 383 ++++++++++
> > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 91 +--
> > CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +-
> > ...OpensslLibIa32.inf => OpensslLibAccel.inf} | 154 ++--
> > .../Library/OpensslLib/OpensslLibAccel.uni | 14 +
> > .../OpensslLib/OpensslLibConstructor.c | 6 +-
> > .../Library/OpensslLib/OpensslLibCrypto.inf | 92 +--
> > .../Library/OpensslLib/OpensslLibCrypto.uni | 11 +-
> > ...ensslLibIa32Gcc.inf => OpensslLibFull.inf} | 172 +++--
> > .../{OpensslLib.uni => OpensslLibFull.uni} | 10 +-
> > ...lLibX64Gcc.inf => OpensslLibFullAccel.inf} | 212 ++++--
> > .../OpensslLib/OpensslLibFullAccel.uni | 14 +
> > .../Library/OpensslLib/OpensslLibX64.inf | 706 ------------------
> > CryptoPkg/Library/OpensslLib/SslNull.c | 405 ++++++++++
> > CryptoPkg/Library/OpensslLib/process_files.pl | 168 +++--
> > .../SysCall/inet_pton.c | 0
> > CryptoPkg/Library/TlsLib/TlsConfig.c | 12 +-
> > CryptoPkg/Library/TlsLib/TlsLib.inf | 12 +-
> > CryptoPkg/Private/Library/IntrinsicLib.h | 16 +
> > CryptoPkg/Private/Library/OpensslLib.h | 14 +
> > CryptoPkg/Readme.md | 498 ++++++++++++
> > CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 17 +-
> > .../UnitTest/Library/BaseCryptLib/HmacTests.c | 17 +-
> > .../UnitTest/Library/BaseCryptLib/TSTests.c | 2 +-
> > .../TestBaseCryptLibHostAccel.inf | 56 ++
> > 50 files changed, 2711 insertions(+), 1820 deletions(-)
> > copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni =>
> > SecCryptLib.uni} (74%)
> > delete mode 100644
> > CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> > create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
> > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =>
> > OpensslLibAccel.inf} (79%)
> > create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =>
> > OpensslLibFull.inf} (79%)
> > copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni => OpensslLibFull.uni}
> > (56%)
> > rename CryptoPkg/Library/OpensslLib/{OpensslLibX64Gcc.inf =>
> > OpensslLibFullAccel.inf} (78%)
> > create mode 100644
> > CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> > delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> > create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
> > rename CryptoPkg/Library/{BaseCryptLib => TlsLib}/SysCall/inet_pton.c
> > (100%)
> > create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
> > create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
> > create mode 100644 CryptoPkg/Readme.md
> > create mode 100644
> >
> CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.i
> > nf
> >
> > --
> > 2.37.1.windows.1
>
>
>
>
>
^ permalink raw reply [flat|nested] 21+ messages in thread* Re: [edk2-devel] [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs
2022-10-24 3:54 ` [edk2-devel] " Yao, Jiewen
@ 2022-10-24 5:43 ` Michael D Kinney
2022-10-24 6:24 ` Yao, Jiewen
0 siblings, 1 reply; 21+ messages in thread
From: Michael D Kinney @ 2022-10-24 5:43 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io, Kinney, Michael D
Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin, Zurcher, Christopher,
Rebecca Cran, Ard Biesheuvel, Li, Yi1
Hi Jiewen,
I compared the builds of the CryptoPei, CryptoDxe, CryptoSmm using the
same OpensslLib instance with EC disabled.
I used an IA32 build of the MIN_PEI profile and an X64 build of the
MIN_DXE_MIN_SMM profile for the comparison.
Arch Profile Driver Old Old-LZMA New New-LZMA
==== =============== ========= ======= ======== ======= ========
IA32 MIN_PEI CryptoPei 252,192 102,109 244,160 98,571
X64 MIN_DXE_MIN_SMM CryptoDxe 812,288 313,340 811,008 312,913
X64 MIN_DXE_MIN_SMM CryptoSmm 549,088 205,613 548,096 205,079
These results show that this patch series provide a very small reduction
in both the uncompressed and LZMA compressed sizes of these drivers. This
is the expected result because no functional changes were introduced.
The small decrease is likely due to the removal of the UnitTest overhead
that was included in all CryptoPkg.dsc build before this series. This
series only links in the UnitTest related libs and hook of the ASSERT()
macros when building unit tests.
Best regards,
Mike
> -----Original Message-----
> From: Yao, Jiewen <jiewen.yao@intel.com>
> Sent: Sunday, October 23, 2022 8:54 PM
> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>; Zurcher,
> Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>; Li,
> Yi1 <yi1.li@intel.com>
> Subject: RE: [edk2-devel] [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs
>
> Sorry: I mean old configuration without ECC.
>
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao,
> > Jiewen
> > Sent: Monday, October 24, 2022 11:53 AM
> > To: Kinney, Michael D <michael.d.kinney@intel.com>;
> > devel@edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > Zurcher, Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>; Li, Yi1
> > <yi1.li@intel.com>
> > Subject: Re: [edk2-devel] [Patch v2 00/16] CryptoPkg: Remove EC PCD and
> > merge perf opt OpensslLibs
> >
> > Thanks Mike
> > The update looks good to me. Reviewed-by: Jiewen Yao
> > <Jiewen.yao@intel.com>
> >
> > Do you have any data of size difference before and after? Please share with
> > us.
> >
> > I am more interested in the old configuration with ECC.
> >
> > Thank you
> > Yao, Jiewen
> >
> > > -----Original Message-----
> > > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > > Sent: Friday, October 21, 2022 2:35 AM
> > > To: devel@edk2.groups.io
> > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > > <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang,
> > > Guomin <guomin.jiang@intel.com>; Zurcher, Christopher
> > > <christopher.zurcher@microsoft.com>; Rebecca Cran
> > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>; Li, Yi1
> > > <yi1.li@intel.com>
> > > Subject: [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt
> > > OpensslLibs
> > >
> > > The recent addition of the Ecliptic Curve (EC) feature and the performance
> > > optimization feature increased the complexity for platforms to integrate
> > > and enable these features. This series simplifies the platform
> > configuration
> > > as much as possible and improves the ability to manage the the size
> > impact
> > > of cryptographic services in each FW phase. A Readme.md is also added
> > > that
> > > provides an overview of the CryptoPkg design and features along with
> > > platform
> > > integration recommendations.
> > >
> > > This series also addresses private library class declarations missing from
> > > CryptoPkg.dec and library instances not producing all the APIs defined
> > > by the library classes. A review of the CryptoPkg EDK II meta data files
> > > identified
> > > a number of additional cleanups. The CryptoPkg.dsc file was also updated
> > to
> > > improve CI coverage for future CryptoPkg changes and identified some
> > > unit test bug fixes.
> > >
> > > Change Summary
> > > ============
> > > * Document disabled/deprecated cryptographic services
> > > * Add missing UNI files in BaseCryptLib
> > > * Update BaseCryptLib internal functions to be STATIC and remove EFIAPI
> > > * Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global
> > > variables
> > > * Fix BaseCryptLib unit tests
> > > * Cleanup BaseCryptLib and TlsLib INF files and
> > > * Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that uses it.
> > > * Merge 4 performance optimized INFs into OpensslLib*Accel.inf
> > > * Remove use of PcdOpensslEcEnabled and use OpensslLibFull*.inf
> > instead
> > > * Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private library
> > classes
> > > * Update all OpensslLib instances to always produce all APIs in OpensslLib
> > > class
> > > * Move PrintLib dependency from OpensslLib INF files to BaseCryptLib INF
> > > files
> > > * Update CryptoPkg.dsc files to provide full CI test coverage across all the
> > > supported combinations of OpensslLib, BaseCryptLib, and TlsLib
> > instances.
> > > * Remove PACKAGE profile from CryptoPkg.dsc and add
> > > TARGET_UNIT_TESTS
> > > profile. Adding TARGET_UNIT_TESTS profile is required to prevent a few
> > > unit
> > > test artifacts being included in non unit test builds of components.
> > > * Add CryptoPkg Readme.md with overview and platform integration
> > > details.
> > > * Update host-based unit tests to always use OpensslLibFull.inf and add
> > > unit
> > > test coverage for OpensslLibFullAccel.inf.
> > > * Add Readme.md with CryptoPkg overview and platform integration
> > > documentation
> > >
> > > New in V2
> > > =========
> > > * Fix service table in Readme.md
> > > * Fix VS2015x86 RELEASE builds by disabling warning 4718
> > > * Rebase to latest and add missing EC functions in EcSm2Null.c
> > > * Update perl scripts to auto-generate all OpensslLib INF files
> > > * Update OpensslLib INF files to match auto-generated format
> > >
> > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> > > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > > Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
> > > Cc: Rebecca Cran <quic_rcran@quicinc.com>
> > > Cc: Ard Biesheuvel <ardb@kernel.org>
> > > Cc: Yi Li <yi1.li@intel.com>
> > > Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> > >
> > > Michael D Kinney (12):
> > > CryptoPkg: Document and disable deprecated crypto services
> > > CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format
> > > CryptoPkg/Library/BaseCryptLib: Update internal functions/variables
> > > CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
> > > CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
> > > CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs
> > > CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
> > > CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
> > > CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
> > > CryptoPkg: Update DSC to improve CI test coverage
> > > CryptoPkg: Fixed host-based unit tests
> > > CryptoPkg: Add Readme.md
> > >
> > > Yi Li (4):
> > > Revert "CryptoPkg: Update process_files.pl to auto add PCD config
> > > option"
> > > CryptoPkg/Library/OpensslLib: Update process_files.pl INF generation
> > > CryptoPkg/Library/OpensslLib: Add generated flag to Accel INF
> > > CryptoPkg/Library/OpensslLib: update auto-generated files
> > >
> > > CryptoPkg/CryptoPkg.ci.yaml | 11 +-
> > > CryptoPkg/CryptoPkg.dec | 42 +-
> > > CryptoPkg/CryptoPkg.dsc | 438 ++++++++---
> > > .../Pcd/PcdCryptoServiceFamilyEnable.h | 122 +--
> > > .../Library/BaseCryptLib/BaseCryptLib.inf | 10 +-
> > > .../Library/BaseCryptLib/BaseCryptLib.uni | 2 -
> > > .../Library/BaseCryptLib/Hmac/CryptHmac.c | 7 +
> > > .../Library/BaseCryptLib/Kdf/CryptHkdf.c | 5 +-
> > > .../Library/BaseCryptLib/PeiCryptLib.inf | 8 +-
> > > .../Library/BaseCryptLib/PeiCryptLib.uni | 2 -
> > > CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 4 -
> > > .../BaseCryptLib/Pk/CryptAuthenticode.c | 2 +-
> > > .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 3 +-
> > > .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 3 +
> > > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 44 +-
> > > CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 4 -
> > > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 9 +-
> > > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 2 -
> > > .../Library/BaseCryptLib/SecCryptLib.inf | 13 +-
> > > .../{SmmCryptLib.uni => SecCryptLib.uni} | 11 +-
> > > .../Library/BaseCryptLib/SmmCryptLib.inf | 12 -
> > > .../Library/BaseCryptLib/SmmCryptLib.uni | 2 -
> > > .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 22 +-
> > > .../Library/Include/openssl/opensslconf.h | 328 +++++++-
> > > .../Include/openssl/opensslconf_generated.h | 333 ---------
> > > CryptoPkg/Library/OpensslLib/EcSm2Null.c | 383 ++++++++++
> > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 91 +--
> > > CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +-
> > > ...OpensslLibIa32.inf => OpensslLibAccel.inf} | 154 ++--
> > > .../Library/OpensslLib/OpensslLibAccel.uni | 14 +
> > > .../OpensslLib/OpensslLibConstructor.c | 6 +-
> > > .../Library/OpensslLib/OpensslLibCrypto.inf | 92 +--
> > > .../Library/OpensslLib/OpensslLibCrypto.uni | 11 +-
> > > ...ensslLibIa32Gcc.inf => OpensslLibFull.inf} | 172 +++--
> > > .../{OpensslLib.uni => OpensslLibFull.uni} | 10 +-
> > > ...lLibX64Gcc.inf => OpensslLibFullAccel.inf} | 212 ++++--
> > > .../OpensslLib/OpensslLibFullAccel.uni | 14 +
> > > .../Library/OpensslLib/OpensslLibX64.inf | 706 ------------------
> > > CryptoPkg/Library/OpensslLib/SslNull.c | 405 ++++++++++
> > > CryptoPkg/Library/OpensslLib/process_files.pl | 168 +++--
> > > .../SysCall/inet_pton.c | 0
> > > CryptoPkg/Library/TlsLib/TlsConfig.c | 12 +-
> > > CryptoPkg/Library/TlsLib/TlsLib.inf | 12 +-
> > > CryptoPkg/Private/Library/IntrinsicLib.h | 16 +
> > > CryptoPkg/Private/Library/OpensslLib.h | 14 +
> > > CryptoPkg/Readme.md | 498 ++++++++++++
> > > CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 17 +-
> > > .../UnitTest/Library/BaseCryptLib/HmacTests.c | 17 +-
> > > .../UnitTest/Library/BaseCryptLib/TSTests.c | 2 +-
> > > .../TestBaseCryptLibHostAccel.inf | 56 ++
> > > 50 files changed, 2711 insertions(+), 1820 deletions(-)
> > > copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni =>
> > > SecCryptLib.uni} (74%)
> > > delete mode 100644
> > > CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> > > create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
> > > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =>
> > > OpensslLibAccel.inf} (79%)
> > > create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> > > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =>
> > > OpensslLibFull.inf} (79%)
> > > copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni => OpensslLibFull.uni}
> > > (56%)
> > > rename CryptoPkg/Library/OpensslLib/{OpensslLibX64Gcc.inf =>
> > > OpensslLibFullAccel.inf} (78%)
> > > create mode 100644
> > > CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> > > delete mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> > > create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
> > > rename CryptoPkg/Library/{BaseCryptLib => TlsLib}/SysCall/inet_pton.c
> > > (100%)
> > > create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
> > > create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
> > > create mode 100644 CryptoPkg/Readme.md
> > > create mode 100644
> > >
> > CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.i
> > > nf
> > >
> > > --
> > > 2.37.1.windows.1
> >
> >
> >
> >
> >
^ permalink raw reply [flat|nested] 21+ messages in thread* Re: [edk2-devel] [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf opt OpensslLibs
2022-10-24 5:43 ` Michael D Kinney
@ 2022-10-24 6:24 ` Yao, Jiewen
0 siblings, 0 replies; 21+ messages in thread
From: Yao, Jiewen @ 2022-10-24 6:24 UTC (permalink / raw)
To: Kinney, Michael D, devel@edk2.groups.io
Cc: Wang, Jian J, Lu, Xiaoyu1, Jiang, Guomin, Zurcher, Christopher,
Rebecca Cran, Ard Biesheuvel, Li, Yi1
Sounds great!
> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Monday, October 24, 2022 1:44 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Kinney,
> Michael D <michael.d.kinney@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> Zurcher, Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>; Li, Yi1
> <yi1.li@intel.com>
> Subject: RE: [edk2-devel] [Patch v2 00/16] CryptoPkg: Remove EC PCD and
> merge perf opt OpensslLibs
>
> Hi Jiewen,
>
> I compared the builds of the CryptoPei, CryptoDxe, CryptoSmm using the
> same OpensslLib instance with EC disabled.
>
> I used an IA32 build of the MIN_PEI profile and an X64 build of the
> MIN_DXE_MIN_SMM profile for the comparison.
>
> Arch Profile Driver Old Old-LZMA New New-LZMA
> ==== =============== ========= ======= ======== =======
> ========
> IA32 MIN_PEI CryptoPei 252,192 102,109 244,160 98,571
> X64 MIN_DXE_MIN_SMM CryptoDxe 812,288 313,340 811,008
> 312,913
> X64 MIN_DXE_MIN_SMM CryptoSmm 549,088 205,613 548,096
> 205,079
>
>
> These results show that this patch series provide a very small reduction
> in both the uncompressed and LZMA compressed sizes of these drivers.
> This
> is the expected result because no functional changes were introduced.
>
> The small decrease is likely due to the removal of the UnitTest overhead
> that was included in all CryptoPkg.dsc build before this series. This
> series only links in the UnitTest related libs and hook of the ASSERT()
> macros when building unit tests.
>
> Best regards,
>
> Mike
>
> > -----Original Message-----
> > From: Yao, Jiewen <jiewen.yao@intel.com>
> > Sent: Sunday, October 23, 2022 8:54 PM
> > To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; Kinney,
> Michael D <michael.d.kinney@intel.com>
> > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> Zurcher,
> > Christopher <christopher.zurcher@microsoft.com>; Rebecca Cran
> <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>; Li,
> > Yi1 <yi1.li@intel.com>
> > Subject: RE: [edk2-devel] [Patch v2 00/16] CryptoPkg: Remove EC PCD
> and merge perf opt OpensslLibs
> >
> > Sorry: I mean old configuration without ECC.
> >
> > > -----Original Message-----
> > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao,
> > > Jiewen
> > > Sent: Monday, October 24, 2022 11:53 AM
> > > To: Kinney, Michael D <michael.d.kinney@intel.com>;
> > > devel@edk2.groups.io
> > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, Xiaoyu1
> > > <xiaoyu1.lu@intel.com>; Jiang, Guomin <guomin.jiang@intel.com>;
> > > Zurcher, Christopher <christopher.zurcher@microsoft.com>; Rebecca
> Cran
> > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>; Li, Yi1
> > > <yi1.li@intel.com>
> > > Subject: Re: [edk2-devel] [Patch v2 00/16] CryptoPkg: Remove EC PCD
> and
> > > merge perf opt OpensslLibs
> > >
> > > Thanks Mike
> > > The update looks good to me. Reviewed-by: Jiewen Yao
> > > <Jiewen.yao@intel.com>
> > >
> > > Do you have any data of size difference before and after? Please share
> with
> > > us.
> > >
> > > I am more interested in the old configuration with ECC.
> > >
> > > Thank you
> > > Yao, Jiewen
> > >
> > > > -----Original Message-----
> > > > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > > > Sent: Friday, October 21, 2022 2:35 AM
> > > > To: devel@edk2.groups.io
> > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > > > <jian.j.wang@intel.com>; Lu, Xiaoyu1 <xiaoyu1.lu@intel.com>; Jiang,
> > > > Guomin <guomin.jiang@intel.com>; Zurcher, Christopher
> > > > <christopher.zurcher@microsoft.com>; Rebecca Cran
> > > > <quic_rcran@quicinc.com>; Ard Biesheuvel <ardb@kernel.org>; Li, Yi1
> > > > <yi1.li@intel.com>
> > > > Subject: [Patch v2 00/16] CryptoPkg: Remove EC PCD and merge perf
> opt
> > > > OpensslLibs
> > > >
> > > > The recent addition of the Ecliptic Curve (EC) feature and the
> performance
> > > > optimization feature increased the complexity for platforms to
> integrate
> > > > and enable these features. This series simplifies the platform
> > > configuration
> > > > as much as possible and improves the ability to manage the the size
> > > impact
> > > > of cryptographic services in each FW phase. A Readme.md is also
> added
> > > > that
> > > > provides an overview of the CryptoPkg design and features along with
> > > > platform
> > > > integration recommendations.
> > > >
> > > > This series also addresses private library class declarations missing
> from
> > > > CryptoPkg.dec and library instances not producing all the APIs defined
> > > > by the library classes. A review of the CryptoPkg EDK II meta data files
> > > > identified
> > > > a number of additional cleanups. The CryptoPkg.dsc file was also
> updated
> > > to
> > > > improve CI coverage for future CryptoPkg changes and identified some
> > > > unit test bug fixes.
> > > >
> > > > Change Summary
> > > > ============
> > > > * Document disabled/deprecated cryptographic services
> > > > * Add missing UNI files in BaseCryptLib
> > > > * Update BaseCryptLib internal functions to be STATIC and remove
> EFIAPI
> > > > * Add GLOBAL_REMOVE_IF_UNREFERENCED to BaseCryptLib global
> > > > variables
> > > > * Fix BaseCryptLib unit tests
> > > > * Cleanup BaseCryptLib and TlsLib INF files and
> > > > * Move SysCall/inet_pton.c from BaseCryptLib to TlsLib that uses it.
> > > > * Merge 4 performance optimized INFs into OpensslLib*Accel.inf
> > > > * Remove use of PcdOpensslEcEnabled and use OpensslLibFull*.inf
> > > instead
> > > > * Add OpensslLib and IntrinsicLib to CryptoPkg.dec as private library
> > > classes
> > > > * Update all OpensslLib instances to always produce all APIs in
> OpensslLib
> > > > class
> > > > * Move PrintLib dependency from OpensslLib INF files to BaseCryptLib
> INF
> > > > files
> > > > * Update CryptoPkg.dsc files to provide full CI test coverage across all
> the
> > > > supported combinations of OpensslLib, BaseCryptLib, and TlsLib
> > > instances.
> > > > * Remove PACKAGE profile from CryptoPkg.dsc and add
> > > > TARGET_UNIT_TESTS
> > > > profile. Adding TARGET_UNIT_TESTS profile is required to prevent a
> few
> > > > unit
> > > > test artifacts being included in non unit test builds of components.
> > > > * Add CryptoPkg Readme.md with overview and platform integration
> > > > details.
> > > > * Update host-based unit tests to always use OpensslLibFull.inf and
> add
> > > > unit
> > > > test coverage for OpensslLibFullAccel.inf.
> > > > * Add Readme.md with CryptoPkg overview and platform integration
> > > > documentation
> > > >
> > > > New in V2
> > > > =========
> > > > * Fix service table in Readme.md
> > > > * Fix VS2015x86 RELEASE builds by disabling warning 4718
> > > > * Rebase to latest and add missing EC functions in EcSm2Null.c
> > > > * Update perl scripts to auto-generate all OpensslLib INF files
> > > > * Update OpensslLib INF files to match auto-generated format
> > > >
> > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > > Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> > > > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > > > Cc: Christopher Zurcher <christopher.zurcher@microsoft.com>
> > > > Cc: Rebecca Cran <quic_rcran@quicinc.com>
> > > > Cc: Ard Biesheuvel <ardb@kernel.org>
> > > > Cc: Yi Li <yi1.li@intel.com>
> > > > Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> > > >
> > > > Michael D Kinney (12):
> > > > CryptoPkg: Document and disable deprecated crypto services
> > > > CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format
> > > > CryptoPkg/Library/BaseCryptLib: Update internal functions/variables
> > > > CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes
> > > > CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib
> > > > CryptoPkg/Library/OpensslLib: Combine all performance optimized
> INFs
> > > > CryptoPkg/Library/OpensslLib: Produce consistent set of APIs
> > > > CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files
> > > > CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec
> > > > CryptoPkg: Update DSC to improve CI test coverage
> > > > CryptoPkg: Fixed host-based unit tests
> > > > CryptoPkg: Add Readme.md
> > > >
> > > > Yi Li (4):
> > > > Revert "CryptoPkg: Update process_files.pl to auto add PCD config
> > > > option"
> > > > CryptoPkg/Library/OpensslLib: Update process_files.pl INF
> generation
> > > > CryptoPkg/Library/OpensslLib: Add generated flag to Accel INF
> > > > CryptoPkg/Library/OpensslLib: update auto-generated files
> > > >
> > > > CryptoPkg/CryptoPkg.ci.yaml | 11 +-
> > > > CryptoPkg/CryptoPkg.dec | 42 +-
> > > > CryptoPkg/CryptoPkg.dsc | 438 ++++++++---
> > > > .../Pcd/PcdCryptoServiceFamilyEnable.h | 122 +--
> > > > .../Library/BaseCryptLib/BaseCryptLib.inf | 10 +-
> > > > .../Library/BaseCryptLib/BaseCryptLib.uni | 2 -
> > > > .../Library/BaseCryptLib/Hmac/CryptHmac.c | 7 +
> > > > .../Library/BaseCryptLib/Kdf/CryptHkdf.c | 5 +-
> > > > .../Library/BaseCryptLib/PeiCryptLib.inf | 8 +-
> > > > .../Library/BaseCryptLib/PeiCryptLib.uni | 2 -
> > > > CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 4 -
> > > > .../BaseCryptLib/Pk/CryptAuthenticode.c | 2 +-
> > > > .../BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 3 +-
> > > > .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 3 +
> > > > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 44 +-
> > > > CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 4 -
> > > > .../Library/BaseCryptLib/RuntimeCryptLib.inf | 9 +-
> > > > .../Library/BaseCryptLib/RuntimeCryptLib.uni | 2 -
> > > > .../Library/BaseCryptLib/SecCryptLib.inf | 13 +-
> > > > .../{SmmCryptLib.uni => SecCryptLib.uni} | 11 +-
> > > > .../Library/BaseCryptLib/SmmCryptLib.inf | 12 -
> > > > .../Library/BaseCryptLib/SmmCryptLib.uni | 2 -
> > > > .../BaseCryptLib/UnitTestHostBaseCryptLib.inf | 22 +-
> > > > .../Library/Include/openssl/opensslconf.h | 328 +++++++-
> > > > .../Include/openssl/opensslconf_generated.h | 333 ---------
> > > > CryptoPkg/Library/OpensslLib/EcSm2Null.c | 383 ++++++++++
> > > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 91 +--
> > > > CryptoPkg/Library/OpensslLib/OpensslLib.uni | 10 +-
> > > > ...OpensslLibIa32.inf => OpensslLibAccel.inf} | 154 ++--
> > > > .../Library/OpensslLib/OpensslLibAccel.uni | 14 +
> > > > .../OpensslLib/OpensslLibConstructor.c | 6 +-
> > > > .../Library/OpensslLib/OpensslLibCrypto.inf | 92 +--
> > > > .../Library/OpensslLib/OpensslLibCrypto.uni | 11 +-
> > > > ...ensslLibIa32Gcc.inf => OpensslLibFull.inf} | 172 +++--
> > > > .../{OpensslLib.uni => OpensslLibFull.uni} | 10 +-
> > > > ...lLibX64Gcc.inf => OpensslLibFullAccel.inf} | 212 ++++--
> > > > .../OpensslLib/OpensslLibFullAccel.uni | 14 +
> > > > .../Library/OpensslLib/OpensslLibX64.inf | 706 ------------------
> > > > CryptoPkg/Library/OpensslLib/SslNull.c | 405 ++++++++++
> > > > CryptoPkg/Library/OpensslLib/process_files.pl | 168 +++--
> > > > .../SysCall/inet_pton.c | 0
> > > > CryptoPkg/Library/TlsLib/TlsConfig.c | 12 +-
> > > > CryptoPkg/Library/TlsLib/TlsLib.inf | 12 +-
> > > > CryptoPkg/Private/Library/IntrinsicLib.h | 16 +
> > > > CryptoPkg/Private/Library/OpensslLib.h | 14 +
> > > > CryptoPkg/Readme.md | 498 ++++++++++++
> > > > CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 17 +-
> > > > .../UnitTest/Library/BaseCryptLib/HmacTests.c | 17 +-
> > > > .../UnitTest/Library/BaseCryptLib/TSTests.c | 2 +-
> > > > .../TestBaseCryptLibHostAccel.inf | 56 ++
> > > > 50 files changed, 2711 insertions(+), 1820 deletions(-)
> > > > copy CryptoPkg/Library/BaseCryptLib/{SmmCryptLib.uni =>
> > > > SecCryptLib.uni} (74%)
> > > > delete mode 100644
> > > > CryptoPkg/Library/Include/openssl/opensslconf_generated.h
> > > > create mode 100644 CryptoPkg/Library/OpensslLib/EcSm2Null.c
> > > > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32.inf =>
> > > > OpensslLibAccel.inf} (79%)
> > > > create mode 100644
> CryptoPkg/Library/OpensslLib/OpensslLibAccel.uni
> > > > rename CryptoPkg/Library/OpensslLib/{OpensslLibIa32Gcc.inf =>
> > > > OpensslLibFull.inf} (79%)
> > > > copy CryptoPkg/Library/OpensslLib/{OpensslLib.uni =>
> OpensslLibFull.uni}
> > > > (56%)
> > > > rename CryptoPkg/Library/OpensslLib/{OpensslLibX64Gcc.inf =>
> > > > OpensslLibFullAccel.inf} (78%)
> > > > create mode 100644
> > > > CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.uni
> > > > delete mode 100644
> CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> > > > create mode 100644 CryptoPkg/Library/OpensslLib/SslNull.c
> > > > rename CryptoPkg/Library/{BaseCryptLib =>
> TlsLib}/SysCall/inet_pton.c
> > > > (100%)
> > > > create mode 100644 CryptoPkg/Private/Library/IntrinsicLib.h
> > > > create mode 100644 CryptoPkg/Private/Library/OpensslLib.h
> > > > create mode 100644 CryptoPkg/Readme.md
> > > > create mode 100644
> > > >
> > >
> CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHostAccel.i
> > > > nf
> > > >
> > > > --
> > > > 2.37.1.windows.1
> > >
> > >
> > >
> > >
> > >
^ permalink raw reply [flat|nested] 21+ messages in thread