From: "Gerd Hoffmann" <kraxel@redhat.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
Pawel Polawski <ppolawsk@redhat.com>,
Xiaoyu Lu <xiaoyu1.lu@intel.com>,
Ard Biesheuvel <ardb+tianocore@kernel.org>,
Guomin Jiang <guomin.jiang@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Oliver Steffen <osteffen@redhat.com>,
Jordan Justen <jordan.l.justen@intel.com>
Subject: [PATCH 04/22] CryptoPkg/openssl: add openssl3 configure scripts
Date: Mon, 13 Mar 2023 09:29:58 +0100 [thread overview]
Message-ID: <20230313083016.136448-5-kraxel@redhat.com> (raw)
In-Reply-To: <20230313083016.136448-1-kraxel@redhat.com>
Rewrite the script to configure openssl 3.0 from scratch. It's two
scripts now:
* Tiny helper script, dumping the perl configdata as json.
* Actual configure.py script, written in python, which copies over
the generated files to openssl-gen and updates the OpensslLib*.inf
file lists and build flags.
The configuration workflow has changed a bit:
* All generated files are stored in the openssl-gen directory tree.
* For ec/no-ec builds two different header files are used. Default is
the ec variant, and the new EDK2_OPENSSL_NOEC define is used to
select the no-ec build. A five line wrapper include is used to pick
the one or the other.
* For non-accel builds -DOPENSSL_NO_ASM on the command line is used
(same as before).
* For configration defines the OPENSSL_FLAGS_$(variant) variable is
used, where variant is the architecture for the accelerated builds
and 'NOASM' for the non-accelerated builds.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
CryptoPkg/Library/OpensslLib/configure.py | 365 ++++++++++++++++++++++
CryptoPkg/Library/OpensslLib/perl2json.pl | 19 ++
2 files changed, 384 insertions(+)
create mode 100755 CryptoPkg/Library/OpensslLib/configure.py
create mode 100755 CryptoPkg/Library/OpensslLib/perl2json.pl
diff --git a/CryptoPkg/Library/OpensslLib/configure.py b/CryptoPkg/Library/OpensslLib/configure.py
new file mode 100755
index 000000000000..d8aa0cb03edf
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/configure.py
@@ -0,0 +1,365 @@
+#!/usr/bin/python3
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+import os
+import sys
+import json
+import shutil
+import pprint
+import argparse
+import subprocess
+
+def openssl_configure(openssldir, target, ec = True):
+ """ Run openssl Configure script. """
+ cmdline = [
+ 'perl',
+ 'Configure',
+ '--config=../UefiAsm.conf',
+ '--api=1.1.1',
+ '--with-rand-seed=none',
+ target,
+ 'no-afalgeng',
+ 'no-async',
+ 'no-autoerrinit',
+ 'no-autoload-config',
+ 'no-bf',
+ 'no-blake2',
+ 'no-camellia',
+ 'no-capieng',
+ 'no-cast',
+ 'no-chacha',
+ 'no-cmac',
+ 'no-cms',
+ 'no-ct',
+ 'no-deprecated',
+ 'no-des',
+ 'no-dgram',
+ 'no-dsa',
+ 'no-dynamic-engine',
+ 'no-ec2m',
+ 'no-engine',
+ 'no-err',
+ 'no-filenames',
+ 'no-gost',
+ 'no-idea',
+ 'no-md4',
+ 'no-mdc2',
+ 'no-pic',
+ 'no-ocb',
+ 'no-poly1305',
+ 'no-posix-io',
+ 'no-rc2',
+ 'no-rc4',
+ 'no-rfc3779',
+ 'no-rmd160',
+ 'no-scrypt',
+ 'no-seed',
+ 'no-sm4',
+ 'no-sock',
+ 'no-srp',
+ 'no-srtp',
+ 'no-ssl',
+ 'no-stdio',
+ 'no-threads',
+ 'no-ts',
+ 'no-ui',
+ 'no-whirlpool',
+ ]
+ if not ec:
+ cmdline += [ 'no-ec', ]
+ print('')
+ print(f'# -*- configure openssl for {target} (ec={ec}) -*-')
+ rc = subprocess.run(cmdline, cwd = openssldir,
+ stdout = subprocess.PIPE,
+ stderr = subprocess.PIPE)
+ if rc.returncode:
+ print(rc.stdout)
+ print(rc.stderr)
+ sys.exit(rc.returncode)
+
+def openssl_run_make(openssldir, target):
+ """
+ Run make utility to generate files or cleanup.
+ Target can be either a string or a list of strings.
+ """
+ cmdline = [ 'make', '--silent' ]
+ if isinstance(target, list):
+ cmdline += target
+ else:
+ cmdline += [ target, ]
+ rc = subprocess.run(cmdline, cwd = openssldir)
+ rc.check_returncode()
+
+def get_configdata(openssldir):
+ """
+ Slurp openssl config data as JSON,
+ using a little perl helper script.
+ """
+ cmdline = [
+ 'perl',
+ 'perl2json.pl',
+ openssldir,
+ ]
+ rc = subprocess.run(cmdline, stdout = subprocess.PIPE)
+ rc.check_returncode()
+ return json.loads(rc.stdout)
+
+def is_asm(filename):
+ """ Check whenevr the passed file is an assembler file """
+ if filename.endswith('.s') or filename.endswith('.S'):
+ return True
+ return False
+
+def generate_files(openssldir, opensslgendir, asm, filelist):
+ """
+ Generate files, using make, and copy over the results to the
+ directory tree for generated openssl files. Creates
+ subdirectories as needed.
+ """
+ openssl_run_make(openssldir, filelist)
+ for filename in filelist:
+ src = os.path.join(openssldir, filename)
+ if is_asm(filename):
+ dst = os.path.join(opensslgendir, asm, filename)
+ else:
+ dst = os.path.join(opensslgendir, filename)
+ os.makedirs(os.path.dirname(dst), exist_ok = True)
+ shutil.copyfile(src, dst)
+
+def generate_include_files(openssldir, opensslgendir, asm, cfg):
+ """ Generate openssl include files """
+ print('# generate include files')
+ filelist = cfg['unified_info']['generate'].keys()
+ filelist = list(filter(lambda f: 'include' in f, filelist))
+ generate_files(openssldir, opensslgendir, asm, filelist)
+
+def generate_library_files(openssldir, opensslgendir, asm, cfg, obj):
+ """
+ Generate openssl source files for a given library. Handles
+ mostly assembler files, but a few C sources are generated too.
+ """
+ filelist = get_source_list(cfg, obj, True)
+ if filelist:
+ print(f'# generate source files for {obj}')
+ generate_files(openssldir, opensslgendir, asm, filelist)
+
+def generate_all_files(openssldir, opensslgendir, asm, cfg):
+ """ Generate all files needed. """
+ generate_include_files(openssldir, opensslgendir, asm, cfg)
+ generate_library_files(openssldir, opensslgendir, asm, cfg, 'libcrypto')
+ generate_library_files(openssldir, opensslgendir, asm, cfg, 'providers/libcommon.a')
+ generate_library_files(openssldir, opensslgendir, asm, cfg, 'libssl')
+
+def get_source_list(cfg, obj, gen):
+ """
+ Gets the list of source files needed to create a specific object.
+ * If 'gen' is True the function returns the list of generated
+ files.
+ * If 'gen' is False the function returns the list of files not
+ generated (which are used from the submodule directly).
+ Note: Will call itself recursively to resolve nested dependencies.
+ """
+ sources = cfg['unified_info']['sources']
+ generate = cfg['unified_info']['generate']
+ srclist = []
+ if sources.get(obj):
+ for item in sources.get(obj):
+ srclist += get_source_list(cfg, item, gen)
+ else:
+ is_generated = generate.get(obj) is not None
+ if is_generated == gen:
+ srclist += [ obj, ]
+ return srclist
+
+def get_sources(cfg, obj, asm):
+ """
+ Get the list of all sources files. Will fetch both generated
+ and not generated file lists and update the paths accordingly, so
+ the openssl submodule or the sub-tree for generated files is
+ referenced as needed.
+ """
+ srclist = get_source_list(cfg, obj, False)
+ genlist = get_source_list(cfg, obj, True)
+ srclist = list(map(lambda x: f'$(OPENSSL_PATH)/{x}', srclist))
+ c_list = list(map(lambda x: f'$(OPENSSL_GEN_PATH)/{x}',
+ filter(lambda x: not is_asm(x), genlist)))
+ asm_list = list(map(lambda x: f'$(OPENSSL_GEN_PATH)/{asm}/{x}',
+ filter(is_asm, genlist)))
+ return srclist + c_list + asm_list
+
+def sources_filter_fn(filename):
+ """
+ Filter source lists. Drops files we don't want include or
+ need replace with our own uefi-specific version.
+ """
+ exclude = [
+ 'randfile.c',
+ '/store/',
+ '/storemgmt/',
+ ]
+ for item in exclude:
+ if item in filename:
+ return False
+ return True
+
+def hash_filter_fn(filename):
+ """
+ Filter source lists. Include source files with hash functions only.
+ """
+ include = [
+ '/sha/',
+ '/sm3/',
+ 'mem_clr.c',
+ ]
+ exclude = [
+ 'sha1_one.c',
+ ]
+ for item in exclude:
+ if item in filename:
+ return False
+ for item in include:
+ if item in filename:
+ return True
+ return False
+
+def libcrypto_sources(cfg, asm = None):
+ """ Get source file list for libcrypto """
+ files = get_sources(cfg, 'libcrypto', asm)
+ files += get_sources(cfg, 'providers/libcommon.a', asm)
+ files = list(filter(sources_filter_fn, files))
+ return files
+
+def libssl_sources(cfg, asm = None):
+ """ Get source file list for libssl """
+ files = get_sources(cfg, 'libssl', asm)
+ files = list(filter(sources_filter_fn, files))
+ return files
+
+def hash_sources(cfg, asm = None):
+ """ Get source file list for hash functions """
+ files = get_sources(cfg, 'libcrypto', asm)
+ files = list(filter(hash_filter_fn, files))
+ return files
+
+def update_inf(filename, sources, arch = None, defines = []):
+ """
+ Update inf file, replace source file list and build flags.
+ """
+ head = ''
+ tail = ''
+ state = 0
+
+ if arch:
+ section = f'Sources.{arch}'
+ flags = f'OPENSSL_FLAGS_{arch}'
+ else:
+ section = None
+ flags = f'OPENSSL_FLAGS_NOASM'
+ state = 1
+
+ # read and parse file
+ with open(filename, 'r') as f:
+ while True:
+ line = f.readline()
+ if line == '':
+ break
+ if state in [0, 1]:
+ if flags in line:
+ (keep, replace) = line.split('=')
+ args = map(lambda x: f'-D{x}', defines)
+ head += keep + '= ' + ' '.join(args) + '\r\n'
+ else:
+ head += line.rstrip() + '\r\n'
+ if state == 0 and section in line:
+ state = 1
+ if state == 1 and 'Autogenerated files list starts here' in line:
+ state = 2
+ if state == 2 and 'Autogenerated files list ends here' in line:
+ state = 3
+ if state == 3:
+ tail += line.rstrip() + '\r\n'
+
+ # write updated file
+ with open(filename, 'w') as f:
+ f.write(head)
+ for src in sources:
+ f.write(f' {src}\r\n')
+ f.write(tail)
+
+def main():
+ # prepare
+ os.chdir(os.path.dirname(__file__))
+ openssldir = os.path.join(os.getcwd(), 'openssl')
+ opensslgendir = os.path.join(os.getcwd(), 'openssl-gen')
+
+ # asm accel configs (see UefiAsm.conf)
+ for ec in [True, False]:
+ if ec:
+ inf = 'OpensslLibFullAccel.inf'
+ hdr = 'configuration-ec.h'
+ else:
+ inf = 'OpensslLibAccel.inf'
+ hdr = 'configuration-noec.h'
+ sources = {}
+ defines = {}
+ for asm in [ 'UEFI-IA32-MSFT', 'UEFI-IA32-GCC',
+ 'UEFI-X64-MSFT', 'UEFI-X64-GCC',
+ 'UEFI-AARCH64-GCC' ]:
+ (uefi, arch, cc) = asm.split('-')
+ archcc = f'{arch}-{cc}'
+
+ openssl_configure(openssldir, asm, ec = ec);
+ cfg = get_configdata(openssldir)
+ generate_all_files(openssldir, opensslgendir, archcc, cfg)
+ shutil.move(os.path.join(opensslgendir, 'include', 'openssl', 'configuration.h'),
+ os.path.join(opensslgendir, 'include', 'openssl', hdr))
+ openssl_run_make(openssldir, 'distclean')
+
+ srclist = libcrypto_sources(cfg, archcc) + libssl_sources(cfg, archcc)
+ sources[archcc] = list(map(lambda x: f'{x} | {cc}', filter(is_asm, srclist)))
+ sources[arch] = list(filter(lambda x: not is_asm(x), srclist))
+ defines[arch] = cfg['unified_info']['defines']['libcrypto']
+
+ ia32accel = sources['IA32'] + sources['IA32-MSFT'] + sources['IA32-GCC']
+ x64accel = sources['X64'] + sources['X64-MSFT'] + sources['X64-GCC']
+ aa64accel = sources['AARCH64'] + sources['AARCH64-GCC']
+ update_inf(inf, ia32accel, 'IA32', defines['IA32'])
+ update_inf(inf, x64accel, 'X64', defines['X64'])
+ update_inf(inf, aa64accel, 'AARCH64', defines['AARCH64'])
+
+ # noaccel - ec enabled
+ openssl_configure(openssldir, 'UEFI', ec = True);
+ cfg = get_configdata(openssldir)
+ generate_all_files(openssldir, opensslgendir, None, cfg)
+ openssl_run_make(openssldir, 'distclean')
+
+ update_inf('OpensslLibFull.inf',
+ libcrypto_sources(cfg) + libssl_sources(cfg),
+ None, cfg['unified_info']['defines']['libcrypto'])
+
+ # noaccel - ec disabled
+ openssl_configure(openssldir, 'UEFI', ec = False);
+ cfg = get_configdata(openssldir)
+ generate_all_files(openssldir, opensslgendir, None, cfg)
+ openssl_run_make(openssldir, 'distclean')
+
+ update_inf('OpensslLibCrypto.inf',
+ libcrypto_sources(cfg),
+ None, cfg['unified_info']['defines']['libcrypto'])
+ update_inf('OpensslLib.inf',
+ libcrypto_sources(cfg) + libssl_sources(cfg),
+ None, cfg['unified_info']['defines']['libcrypto'])
+ update_inf('OpensslLibHash.inf',
+ hash_sources(cfg),
+ None, cfg['unified_info']['defines']['libcrypto'])
+
+ # wrap header file
+ confighdr = os.path.join(opensslgendir, 'include', 'openssl', 'configuration.h')
+ with open(confighdr, 'w') as f:
+ f.write('#ifdef EDK2_OPENSSL_NOEC\n'
+ '# include "configuration-noec.h"\n'
+ '#else\n'
+ '# include "configuration-ec.h"\n'
+ '#endif\n')
+
+if __name__ == '__main__':
+ sys.exit(main())
diff --git a/CryptoPkg/Library/OpensslLib/perl2json.pl b/CryptoPkg/Library/OpensslLib/perl2json.pl
new file mode 100755
index 000000000000..f7364596a73d
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/perl2json.pl
@@ -0,0 +1,19 @@
+#!/usr/bin/perl
+#
+# write out configdata.pm as json
+#
+use strict;
+use warnings;
+use JSON;
+
+BEGIN {
+ my $openssldir = shift;
+ push @INC, $openssldir;
+}
+use configdata qw/%config %target %unified_info/;
+
+my %data;
+$data{'config'} = \%config;
+$data{'target'} = \%target;
+$data{'unified_info'} = \%unified_info;
+print encode_json(\%data)
--
2.39.2
next prev parent reply other threads:[~2023-03-13 8:30 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-13 8:29 [PATCH 00/22] [edk2-staging] CryptoPkg/openssl: switch to openssl-3.0 Gerd Hoffmann
2023-03-13 8:29 ` [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8 Gerd Hoffmann
2023-03-13 15:13 ` [edk2-devel] " Li, Yi
2023-03-14 8:16 ` Gerd Hoffmann
2023-03-14 8:45 ` Ard Biesheuvel
2023-03-14 9:04 ` Gerd Hoffmann
2023-06-02 2:53 ` Yao, Jiewen
2023-06-02 9:14 ` Ard Biesheuvel
2023-06-02 14:29 ` Yao, Jiewen
2023-06-19 8:12 ` Gerd Hoffmann
2023-06-19 8:37 ` Li, Yi
2023-08-03 4:40 ` Li, Yi
2023-03-13 8:29 ` [PATCH 02/22] CryptoPkg/openssl: remove openssl 1.1.1 header files Gerd Hoffmann
2023-03-13 8:29 ` [PATCH 03/22] CryptoPkg/openssl: remove generated file lists Gerd Hoffmann
2023-03-13 8:29 ` Gerd Hoffmann [this message]
2023-03-13 8:29 ` [PATCH 05/22] CryptoPkg/openssl: UefiAsm.conf update for openssl 3.0, add aarch64 Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 06/22] CryptoPkg/openssl: update Openssl*.inf files for openssl 3.0 Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 07/22] CryptoPkg/BaseCryptLib: no openssl deprecation warnings please Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 08/22] CryptoPkg/BaseCryptLib; adapt CryptSm3.c to openssl 3.0 changes Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 09/22] CryptoPkg/BaseCryptLib: drop BIO_* dummy functions Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 10/22] CryptoPkg/TlsLib: ERR_GET_FUNC is gone Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 11/22] CryptoPkg/TlsLib: use unsigned long for ErrorCode Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 12/22] CryptoPkg/openssl: adapt rand_pool.c to openssl 3.0 changes Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 13/22] CryptoPkg/openssl: move compiler_flags to buildinf.c Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 14/22] CryptoPkg/openssl: store dummy update for openssl 3.0 Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 15/22] CryptoPkg/openssl: adapt EcSm2Null.c " Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 16/22] [hash] CryptoPkg/openssl: add OpensslLibHash.inf Gerd Hoffmann
2023-03-13 15:46 ` [edk2-devel] " Li, Yi
2023-03-14 7:45 ` Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 17/22] [hash] OvmfPkg: wire up OpensslLibHash.inf Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 18/22] [provider] CryptoPkg/openssl: use our own predefined providers Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 19/22] CryptoPkg/openssl: update *.inf, add generated files Gerd Hoffmann
2023-03-13 15:26 ` [edk2-devel] " Li, Yi
2023-03-14 7:55 ` Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 20/22] CryptoPkg/openssl: update CI config for openssl 3.0 Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 21/22] CryptoPkg/openssl: cleanup remaining openssl-1.1.1 files Gerd Hoffmann
2023-03-13 8:30 ` [PATCH 22/22] CryptoPkg/openssl: update HOWTO file Gerd Hoffmann
2023-06-01 16:40 ` [edk2-devel] [PATCH 00/22] [edk2-staging] CryptoPkg/openssl: switch to openssl-3.0 Michael D Kinney
2023-06-02 2:51 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230313083016.136448-5-kraxel@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox