* [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms
@ 2021-10-12 5:38 Vineel Kovvuri
2021-10-12 5:38 ` [PATCH 2/2] Allow wildcards in hostname Vineel Kovvuri
` (2 more replies)
0 siblings, 3 replies; 36+ messages in thread
From: Vineel Kovvuri @ 2021-10-12 5:38 UTC (permalink / raw)
To: devel, jiewen.yao, sean.brogan, bret.barkelew, Michael.Turner
Cc: Vineel Kovvuri
This commit is a cherry pick of project mu's commit
https://github.com/microsoft/mu_tiano_plus/commit/1f3b135ddc821718a78c352316197889c5d3e0c2
Reconfigure OpensslLib to add elliptic curve chipher algorithms.
The only file manually changed is process_files.pl.
Running the script changes the other three files.
BugZilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3679
Signed-off-by: Vineel Kovvuri <vineelko@microsoft.com>
---
.../Library/Include/openssl/opensslconf.h | 25 ++--------
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 50 +++++++++++++++++++
.../Library/OpensslLib/OpensslLibCrypto.inf | 50 +++++++++++++++++++
CryptoPkg/Library/OpensslLib/process_files.pl | 1 -
4 files changed, 105 insertions(+), 21 deletions(-)
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index b8d59aebe8..09a6641ffc 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -55,9 +55,6 @@ extern "C" {
#ifndef OPENSSL_NO_DSA
# define OPENSSL_NO_DSA
#endif
-#ifndef OPENSSL_NO_EC
-# define OPENSSL_NO_EC
-#endif
#ifndef OPENSSL_NO_IDEA
# define OPENSSL_NO_IDEA
#endif
@@ -88,9 +85,6 @@ extern "C" {
#ifndef OPENSSL_NO_SEED
# define OPENSSL_NO_SEED
#endif
-#ifndef OPENSSL_NO_SM2
-# define OPENSSL_NO_SM2
-#endif
#ifndef OPENSSL_NO_SRP
# define OPENSSL_NO_SRP
#endif
@@ -154,12 +148,6 @@ extern "C" {
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
# define OPENSSL_NO_EC_NISTP_64_GCC_128
#endif
-#ifndef OPENSSL_NO_ECDH
-# define OPENSSL_NO_ECDH
-#endif
-#ifndef OPENSSL_NO_ECDSA
-# define OPENSSL_NO_ECDSA
-#endif
#ifndef OPENSSL_NO_EGD
# define OPENSSL_NO_EGD
#endif
@@ -226,9 +214,6 @@ extern "C" {
#ifndef OPENSSL_NO_TESTS
# define OPENSSL_NO_TESTS
#endif
-#ifndef OPENSSL_NO_TLS1_3
-# define OPENSSL_NO_TLS1_3
-#endif
#ifndef OPENSSL_NO_UBSAN
# define OPENSSL_NO_UBSAN
#endif
@@ -265,11 +250,11 @@ extern "C" {
# undef DECLARE_DEPRECATED
# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
# endif
-#elif defined(__SUNPRO_C)
-#if (__SUNPRO_C >= 0x5130)
-#undef DECLARE_DEPRECATED
-#define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
-#endif
+# elif defined(__SUNPRO_C)
+# if (__SUNPRO_C >= 0x5130)
+# undef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
+# endif
# endif
#endif
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index d84bde056a..bd3d9cc90f 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -199,6 +199,43 @@
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -384,6 +421,10 @@
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
$(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -496,6 +537,15 @@
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index cdeed0d073..38ccf1a5b6 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -199,6 +199,43 @@
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
$(OPENSSL_PATH)/crypto/ebcdic.c
+ $(OPENSSL_PATH)/crypto/ec/curve25519.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
+ $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
+ $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+ $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+ $(OPENSSL_PATH)/crypto/ec/ec_check.c
+ $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+ $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+ $(OPENSSL_PATH)/crypto/ec/ec_err.c
+ $(OPENSSL_PATH)/crypto/ec/ec_key.c
+ $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+ $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+ $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+ $(OPENSSL_PATH)/crypto/ec/ec_print.c
+ $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
+ $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
+ $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
+ $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+ $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+ $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
$(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -384,6 +421,10 @@
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
+ $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
$(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -496,6 +537,15 @@
$(OPENSSL_PATH)/crypto/conf/conf_local.h
$(OPENSSL_PATH)/crypto/dh/dh_local.h
$(OPENSSL_PATH)/crypto/dso/dso_local.h
+ $(OPENSSL_PATH)/crypto/ec/ec_local.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/field.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/word.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
+ $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
$(OPENSSL_PATH)/crypto/evp/evp_local.h
$(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/lhash/lhash_local.h
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
index 42bff05fa6..2ebfbbbca0 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -169,7 +169,6 @@ BEGIN {
"no-dgram",
"no-dsa",
"no-dynamic-engine",
- "no-ec",
"no-ec2m",
"no-engine",
"no-err",
--
2.17.1
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH 2/2] Allow wildcards in hostname 2021-10-12 5:38 [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Vineel Kovvuri @ 2021-10-12 5:38 ` Vineel Kovvuri 2021-10-13 2:50 ` Yao, Jiewen 2021-10-13 2:45 ` [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Yao, Jiewen 2021-10-17 2:49 ` Yao, Jiewen 2 siblings, 1 reply; 36+ messages in thread From: Vineel Kovvuri @ 2021-10-12 5:38 UTC (permalink / raw) To: devel, jiewen.yao, sean.brogan, bret.barkelew, Michael.Turner Cc: Vineel Kovvuri This PR is cherry-picked from https://github.com/microsoft/mu_basecore/commit/d0c7733400c35722499eedcd4279042a9bcb0eb4 BugZilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3679 Signed-off-by: Vineel Kovvuri <vineelko@microsoft.com> --- NetworkPkg/HttpDxe/HttpsSupport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c index 7e0bf85c3c..0f28ae9447 100644 --- a/NetworkPkg/HttpDxe/HttpsSupport.c +++ b/NetworkPkg/HttpDxe/HttpsSupport.c @@ -625,7 +625,7 @@ TlsConfigureSession ( // HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient; HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER; - HttpInstance->TlsConfigData.VerifyHost.Flags = EFI_TLS_VERIFY_FLAG_NO_WILDCARDS; + HttpInstance->TlsConfigData.VerifyHost.Flags = EFI_TLS_VERIFY_FLAG_NONE; HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->RemoteHost; HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted; -- 2.17.1 ^ permalink raw reply related [flat|nested] 36+ messages in thread
* Re: [PATCH 2/2] Allow wildcards in hostname 2021-10-12 5:38 ` [PATCH 2/2] Allow wildcards in hostname Vineel Kovvuri @ 2021-10-13 2:50 ` Yao, Jiewen 0 siblings, 0 replies; 36+ messages in thread From: Yao, Jiewen @ 2021-10-13 2:50 UTC (permalink / raw) To: Vineel Kovvuri, devel@edk2.groups.io, sean.brogan@microsoft.com, bret.barkelew@microsoft.com, Michael.Turner@microsoft.com Cc: Vineel Kovvuri It seems the Bugzilla only describes the ECC, but no much info on why we need allow wildcards in hostname. The git log in mu is also unclear to me - "This enables certain local network recovery stories. May re-evaluate as those stories change. " I am OK with ECC change, and give R-B. But I would like to understand more on why we need allow wildcards in general. What are the stories? If this is only for "recovery stories", should we also allow wildcards in recovery boot path? For example, should we have a PCD to platform owner make decision? E.g. normal boot - NO. recovery boot - YES ? Thank you Yao Jiewen > -----Original Message----- > From: Vineel Kovvuri <vineel.kovvuri@gmail.com> > Sent: Tuesday, October 12, 2021 1:38 PM > To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; > sean.brogan@microsoft.com; bret.barkelew@microsoft.com; > Michael.Turner@microsoft.com > Cc: Vineel Kovvuri <vineelko@microsoft.com> > Subject: [PATCH 2/2] Allow wildcards in hostname > > This PR is cherry-picked from > https://github.com/microsoft/mu_basecore/commit/d0c7733400c35722499ee > dcd4279042a9bcb0eb4 > > BugZilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3679 > > Signed-off-by: Vineel Kovvuri <vineelko@microsoft.com> > --- > NetworkPkg/HttpDxe/HttpsSupport.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c > b/NetworkPkg/HttpDxe/HttpsSupport.c > index 7e0bf85c3c..0f28ae9447 100644 > --- a/NetworkPkg/HttpDxe/HttpsSupport.c > +++ b/NetworkPkg/HttpDxe/HttpsSupport.c > @@ -625,7 +625,7 @@ TlsConfigureSession ( > // > HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient; > HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER; > - HttpInstance->TlsConfigData.VerifyHost.Flags = > EFI_TLS_VERIFY_FLAG_NO_WILDCARDS; > + HttpInstance->TlsConfigData.VerifyHost.Flags = > EFI_TLS_VERIFY_FLAG_NONE; > HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance- > >RemoteHost; > HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted; > > -- > 2.17.1 ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2021-10-12 5:38 [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Vineel Kovvuri 2021-10-12 5:38 ` [PATCH 2/2] Allow wildcards in hostname Vineel Kovvuri @ 2021-10-13 2:45 ` Yao, Jiewen 2021-10-17 2:49 ` Yao, Jiewen 2 siblings, 0 replies; 36+ messages in thread From: Yao, Jiewen @ 2021-10-13 2:45 UTC (permalink / raw) To: Vineel Kovvuri, devel@edk2.groups.io, sean.brogan@microsoft.com, bret.barkelew@microsoft.com, Michael.Turner@microsoft.com Cc: Vineel Kovvuri Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> > -----Original Message----- > From: Vineel Kovvuri <vineel.kovvuri@gmail.com> > Sent: Tuesday, October 12, 2021 1:38 PM > To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; > sean.brogan@microsoft.com; bret.barkelew@microsoft.com; > Michael.Turner@microsoft.com > Cc: Vineel Kovvuri <vineelko@microsoft.com> > Subject: [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher > algorithms > > This commit is a cherry pick of project mu's commit > https://github.com/microsoft/mu_tiano_plus/commit/1f3b135ddc821718a78c3 > 52316197889c5d3e0c2 > > Reconfigure OpensslLib to add elliptic curve chipher algorithms. > The only file manually changed is process_files.pl. > Running the script changes the other three files. > > BugZilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3679 > > Signed-off-by: Vineel Kovvuri <vineelko@microsoft.com> > --- > .../Library/Include/openssl/opensslconf.h | 25 ++-------- > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 50 +++++++++++++++++++ > .../Library/OpensslLib/OpensslLibCrypto.inf | 50 +++++++++++++++++++ > CryptoPkg/Library/OpensslLib/process_files.pl | 1 - > 4 files changed, 105 insertions(+), 21 deletions(-) > > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h > b/CryptoPkg/Library/Include/openssl/opensslconf.h > index b8d59aebe8..09a6641ffc 100644 > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h > @@ -55,9 +55,6 @@ extern "C" { > #ifndef OPENSSL_NO_DSA > # define OPENSSL_NO_DSA > #endif > -#ifndef OPENSSL_NO_EC > -# define OPENSSL_NO_EC > -#endif > #ifndef OPENSSL_NO_IDEA > # define OPENSSL_NO_IDEA > #endif > @@ -88,9 +85,6 @@ extern "C" { > #ifndef OPENSSL_NO_SEED > # define OPENSSL_NO_SEED > #endif > -#ifndef OPENSSL_NO_SM2 > -# define OPENSSL_NO_SM2 > -#endif > #ifndef OPENSSL_NO_SRP > # define OPENSSL_NO_SRP > #endif > @@ -154,12 +148,6 @@ extern "C" { > #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 > # define OPENSSL_NO_EC_NISTP_64_GCC_128 > #endif > -#ifndef OPENSSL_NO_ECDH > -# define OPENSSL_NO_ECDH > -#endif > -#ifndef OPENSSL_NO_ECDSA > -# define OPENSSL_NO_ECDSA > -#endif > #ifndef OPENSSL_NO_EGD > # define OPENSSL_NO_EGD > #endif > @@ -226,9 +214,6 @@ extern "C" { > #ifndef OPENSSL_NO_TESTS > # define OPENSSL_NO_TESTS > #endif > -#ifndef OPENSSL_NO_TLS1_3 > -# define OPENSSL_NO_TLS1_3 > -#endif > #ifndef OPENSSL_NO_UBSAN > # define OPENSSL_NO_UBSAN > #endif > @@ -265,11 +250,11 @@ extern "C" { > # undef DECLARE_DEPRECATED > # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > # endif > -#elif defined(__SUNPRO_C) > -#if (__SUNPRO_C >= 0x5130) > -#undef DECLARE_DEPRECATED > -#define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > -#endif > +# elif defined(__SUNPRO_C) > +# if (__SUNPRO_C >= 0x5130) > +# undef DECLARE_DEPRECATED > +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > +# endif > # endif > #endif > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > index d84bde056a..bd3d9cc90f 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > @@ -199,6 +199,43 @@ > $(OPENSSL_PATH)/crypto/dso/dso_vms.c > $(OPENSSL_PATH)/crypto/dso/dso_win32.c > $(OPENSSL_PATH)/crypto/ebcdic.c > + $(OPENSSL_PATH)/crypto/ec/curve25519.c > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c > + $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c > + $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c > + $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c > + $(OPENSSL_PATH)/crypto/ec/ec2_oct.c > + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c > + $(OPENSSL_PATH)/crypto/ec/ec_ameth.c > + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c > + $(OPENSSL_PATH)/crypto/ec/ec_check.c > + $(OPENSSL_PATH)/crypto/ec/ec_curve.c > + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c > + $(OPENSSL_PATH)/crypto/ec/ec_err.c > + $(OPENSSL_PATH)/crypto/ec/ec_key.c > + $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c > + $(OPENSSL_PATH)/crypto/ec/ec_lib.c > + $(OPENSSL_PATH)/crypto/ec/ec_mult.c > + $(OPENSSL_PATH)/crypto/ec/ec_oct.c > + $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c > + $(OPENSSL_PATH)/crypto/ec/ec_print.c > + $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c > + $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c > + $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c > + $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c > + $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c > + $(OPENSSL_PATH)/crypto/ec/eck_prn.c > + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c > + $(OPENSSL_PATH)/crypto/ec/ecp_oct.c > + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c > + $(OPENSSL_PATH)/crypto/ec/ecx_meth.c > $(OPENSSL_PATH)/crypto/err/err.c > $(OPENSSL_PATH)/crypto/err/err_prn.c > $(OPENSSL_PATH)/crypto/evp/bio_b64.c > @@ -384,6 +421,10 @@ > $(OPENSSL_PATH)/crypto/siphash/siphash.c > $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c > $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_err.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c > $(OPENSSL_PATH)/crypto/sm3/m_sm3.c > $(OPENSSL_PATH)/crypto/sm3/sm3.c > $(OPENSSL_PATH)/crypto/sm4/sm4.c > @@ -496,6 +537,15 @@ > $(OPENSSL_PATH)/crypto/conf/conf_local.h > $(OPENSSL_PATH)/crypto/dh/dh_local.h > $(OPENSSL_PATH)/crypto/dso/dso_local.h > + $(OPENSSL_PATH)/crypto/ec/ec_local.h > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h > + $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h > + $(OPENSSL_PATH)/crypto/ec/curve448/field.h > + $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h > + $(OPENSSL_PATH)/crypto/ec/curve448/word.h > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h > $(OPENSSL_PATH)/crypto/evp/evp_local.h > $(OPENSSL_PATH)/crypto/hmac/hmac_local.h > $(OPENSSL_PATH)/crypto/lhash/lhash_local.h > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > index cdeed0d073..38ccf1a5b6 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > @@ -199,6 +199,43 @@ > $(OPENSSL_PATH)/crypto/dso/dso_vms.c > $(OPENSSL_PATH)/crypto/dso/dso_win32.c > $(OPENSSL_PATH)/crypto/ebcdic.c > + $(OPENSSL_PATH)/crypto/ec/curve25519.c > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c > + $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c > + $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c > + $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c > + $(OPENSSL_PATH)/crypto/ec/ec2_oct.c > + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c > + $(OPENSSL_PATH)/crypto/ec/ec_ameth.c > + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c > + $(OPENSSL_PATH)/crypto/ec/ec_check.c > + $(OPENSSL_PATH)/crypto/ec/ec_curve.c > + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c > + $(OPENSSL_PATH)/crypto/ec/ec_err.c > + $(OPENSSL_PATH)/crypto/ec/ec_key.c > + $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c > + $(OPENSSL_PATH)/crypto/ec/ec_lib.c > + $(OPENSSL_PATH)/crypto/ec/ec_mult.c > + $(OPENSSL_PATH)/crypto/ec/ec_oct.c > + $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c > + $(OPENSSL_PATH)/crypto/ec/ec_print.c > + $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c > + $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c > + $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c > + $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c > + $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c > + $(OPENSSL_PATH)/crypto/ec/eck_prn.c > + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c > + $(OPENSSL_PATH)/crypto/ec/ecp_oct.c > + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c > + $(OPENSSL_PATH)/crypto/ec/ecx_meth.c > $(OPENSSL_PATH)/crypto/err/err.c > $(OPENSSL_PATH)/crypto/err/err_prn.c > $(OPENSSL_PATH)/crypto/evp/bio_b64.c > @@ -384,6 +421,10 @@ > $(OPENSSL_PATH)/crypto/siphash/siphash.c > $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c > $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_err.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c > $(OPENSSL_PATH)/crypto/sm3/m_sm3.c > $(OPENSSL_PATH)/crypto/sm3/sm3.c > $(OPENSSL_PATH)/crypto/sm4/sm4.c > @@ -496,6 +537,15 @@ > $(OPENSSL_PATH)/crypto/conf/conf_local.h > $(OPENSSL_PATH)/crypto/dh/dh_local.h > $(OPENSSL_PATH)/crypto/dso/dso_local.h > + $(OPENSSL_PATH)/crypto/ec/ec_local.h > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h > + $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h > + $(OPENSSL_PATH)/crypto/ec/curve448/field.h > + $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h > + $(OPENSSL_PATH)/crypto/ec/curve448/word.h > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h > $(OPENSSL_PATH)/crypto/evp/evp_local.h > $(OPENSSL_PATH)/crypto/hmac/hmac_local.h > $(OPENSSL_PATH)/crypto/lhash/lhash_local.h > diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl > b/CryptoPkg/Library/OpensslLib/process_files.pl > index 42bff05fa6..2ebfbbbca0 100755 > --- a/CryptoPkg/Library/OpensslLib/process_files.pl > +++ b/CryptoPkg/Library/OpensslLib/process_files.pl > @@ -169,7 +169,6 @@ BEGIN { > "no-dgram", > "no-dsa", > "no-dynamic-engine", > - "no-ec", > "no-ec2m", > "no-engine", > "no-err", > -- > 2.17.1 ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2021-10-12 5:38 [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Vineel Kovvuri 2021-10-12 5:38 ` [PATCH 2/2] Allow wildcards in hostname Vineel Kovvuri 2021-10-13 2:45 ` [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Yao, Jiewen @ 2021-10-17 2:49 ` Yao, Jiewen 2021-10-18 20:06 ` vineelko 2 siblings, 1 reply; 36+ messages in thread From: Yao, Jiewen @ 2021-10-17 2:49 UTC (permalink / raw) To: Vineel Kovvuri, devel@edk2.groups.io, sean.brogan@microsoft.com, bret.barkelew@microsoft.com, Michael.Turner@microsoft.com Cc: Vineel Kovvuri Hi This patch fails in the P-R - https://github.com/tianocore/edk2/pull/2073. Please double check. You are encourage to try P-R by yourself before submit the patch. Thank you Yao Jiewen > -----Original Message----- > From: Vineel Kovvuri <vineel.kovvuri@gmail.com> > Sent: Tuesday, October 12, 2021 1:38 PM > To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; > sean.brogan@microsoft.com; bret.barkelew@microsoft.com; > Michael.Turner@microsoft.com > Cc: Vineel Kovvuri <vineelko@microsoft.com> > Subject: [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher > algorithms > > This commit is a cherry pick of project mu's commit > https://github.com/microsoft/mu_tiano_plus/commit/1f3b135ddc821718a78c3 > 52316197889c5d3e0c2 > > Reconfigure OpensslLib to add elliptic curve chipher algorithms. > The only file manually changed is process_files.pl. > Running the script changes the other three files. > > BugZilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3679 > > Signed-off-by: Vineel Kovvuri <vineelko@microsoft.com> > --- > .../Library/Include/openssl/opensslconf.h | 25 ++-------- > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 50 +++++++++++++++++++ > .../Library/OpensslLib/OpensslLibCrypto.inf | 50 +++++++++++++++++++ > CryptoPkg/Library/OpensslLib/process_files.pl | 1 - > 4 files changed, 105 insertions(+), 21 deletions(-) > > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h > b/CryptoPkg/Library/Include/openssl/opensslconf.h > index b8d59aebe8..09a6641ffc 100644 > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h > @@ -55,9 +55,6 @@ extern "C" { > #ifndef OPENSSL_NO_DSA > # define OPENSSL_NO_DSA > #endif > -#ifndef OPENSSL_NO_EC > -# define OPENSSL_NO_EC > -#endif > #ifndef OPENSSL_NO_IDEA > # define OPENSSL_NO_IDEA > #endif > @@ -88,9 +85,6 @@ extern "C" { > #ifndef OPENSSL_NO_SEED > # define OPENSSL_NO_SEED > #endif > -#ifndef OPENSSL_NO_SM2 > -# define OPENSSL_NO_SM2 > -#endif > #ifndef OPENSSL_NO_SRP > # define OPENSSL_NO_SRP > #endif > @@ -154,12 +148,6 @@ extern "C" { > #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 > # define OPENSSL_NO_EC_NISTP_64_GCC_128 > #endif > -#ifndef OPENSSL_NO_ECDH > -# define OPENSSL_NO_ECDH > -#endif > -#ifndef OPENSSL_NO_ECDSA > -# define OPENSSL_NO_ECDSA > -#endif > #ifndef OPENSSL_NO_EGD > # define OPENSSL_NO_EGD > #endif > @@ -226,9 +214,6 @@ extern "C" { > #ifndef OPENSSL_NO_TESTS > # define OPENSSL_NO_TESTS > #endif > -#ifndef OPENSSL_NO_TLS1_3 > -# define OPENSSL_NO_TLS1_3 > -#endif > #ifndef OPENSSL_NO_UBSAN > # define OPENSSL_NO_UBSAN > #endif > @@ -265,11 +250,11 @@ extern "C" { > # undef DECLARE_DEPRECATED > # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > # endif > -#elif defined(__SUNPRO_C) > -#if (__SUNPRO_C >= 0x5130) > -#undef DECLARE_DEPRECATED > -#define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > -#endif > +# elif defined(__SUNPRO_C) > +# if (__SUNPRO_C >= 0x5130) > +# undef DECLARE_DEPRECATED > +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > +# endif > # endif > #endif > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > index d84bde056a..bd3d9cc90f 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > @@ -199,6 +199,43 @@ > $(OPENSSL_PATH)/crypto/dso/dso_vms.c > $(OPENSSL_PATH)/crypto/dso/dso_win32.c > $(OPENSSL_PATH)/crypto/ebcdic.c > + $(OPENSSL_PATH)/crypto/ec/curve25519.c > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c > + $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c > + $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c > + $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c > + $(OPENSSL_PATH)/crypto/ec/ec2_oct.c > + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c > + $(OPENSSL_PATH)/crypto/ec/ec_ameth.c > + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c > + $(OPENSSL_PATH)/crypto/ec/ec_check.c > + $(OPENSSL_PATH)/crypto/ec/ec_curve.c > + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c > + $(OPENSSL_PATH)/crypto/ec/ec_err.c > + $(OPENSSL_PATH)/crypto/ec/ec_key.c > + $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c > + $(OPENSSL_PATH)/crypto/ec/ec_lib.c > + $(OPENSSL_PATH)/crypto/ec/ec_mult.c > + $(OPENSSL_PATH)/crypto/ec/ec_oct.c > + $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c > + $(OPENSSL_PATH)/crypto/ec/ec_print.c > + $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c > + $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c > + $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c > + $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c > + $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c > + $(OPENSSL_PATH)/crypto/ec/eck_prn.c > + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c > + $(OPENSSL_PATH)/crypto/ec/ecp_oct.c > + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c > + $(OPENSSL_PATH)/crypto/ec/ecx_meth.c > $(OPENSSL_PATH)/crypto/err/err.c > $(OPENSSL_PATH)/crypto/err/err_prn.c > $(OPENSSL_PATH)/crypto/evp/bio_b64.c > @@ -384,6 +421,10 @@ > $(OPENSSL_PATH)/crypto/siphash/siphash.c > $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c > $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_err.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c > $(OPENSSL_PATH)/crypto/sm3/m_sm3.c > $(OPENSSL_PATH)/crypto/sm3/sm3.c > $(OPENSSL_PATH)/crypto/sm4/sm4.c > @@ -496,6 +537,15 @@ > $(OPENSSL_PATH)/crypto/conf/conf_local.h > $(OPENSSL_PATH)/crypto/dh/dh_local.h > $(OPENSSL_PATH)/crypto/dso/dso_local.h > + $(OPENSSL_PATH)/crypto/ec/ec_local.h > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h > + $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h > + $(OPENSSL_PATH)/crypto/ec/curve448/field.h > + $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h > + $(OPENSSL_PATH)/crypto/ec/curve448/word.h > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h > $(OPENSSL_PATH)/crypto/evp/evp_local.h > $(OPENSSL_PATH)/crypto/hmac/hmac_local.h > $(OPENSSL_PATH)/crypto/lhash/lhash_local.h > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > index cdeed0d073..38ccf1a5b6 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > @@ -199,6 +199,43 @@ > $(OPENSSL_PATH)/crypto/dso/dso_vms.c > $(OPENSSL_PATH)/crypto/dso/dso_win32.c > $(OPENSSL_PATH)/crypto/ebcdic.c > + $(OPENSSL_PATH)/crypto/ec/curve25519.c > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c > + $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c > + $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c > + $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c > + $(OPENSSL_PATH)/crypto/ec/ec2_oct.c > + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c > + $(OPENSSL_PATH)/crypto/ec/ec_ameth.c > + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c > + $(OPENSSL_PATH)/crypto/ec/ec_check.c > + $(OPENSSL_PATH)/crypto/ec/ec_curve.c > + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c > + $(OPENSSL_PATH)/crypto/ec/ec_err.c > + $(OPENSSL_PATH)/crypto/ec/ec_key.c > + $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c > + $(OPENSSL_PATH)/crypto/ec/ec_lib.c > + $(OPENSSL_PATH)/crypto/ec/ec_mult.c > + $(OPENSSL_PATH)/crypto/ec/ec_oct.c > + $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c > + $(OPENSSL_PATH)/crypto/ec/ec_print.c > + $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c > + $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c > + $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c > + $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c > + $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c > + $(OPENSSL_PATH)/crypto/ec/eck_prn.c > + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c > + $(OPENSSL_PATH)/crypto/ec/ecp_oct.c > + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c > + $(OPENSSL_PATH)/crypto/ec/ecx_meth.c > $(OPENSSL_PATH)/crypto/err/err.c > $(OPENSSL_PATH)/crypto/err/err_prn.c > $(OPENSSL_PATH)/crypto/evp/bio_b64.c > @@ -384,6 +421,10 @@ > $(OPENSSL_PATH)/crypto/siphash/siphash.c > $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c > $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_err.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c > $(OPENSSL_PATH)/crypto/sm3/m_sm3.c > $(OPENSSL_PATH)/crypto/sm3/sm3.c > $(OPENSSL_PATH)/crypto/sm4/sm4.c > @@ -496,6 +537,15 @@ > $(OPENSSL_PATH)/crypto/conf/conf_local.h > $(OPENSSL_PATH)/crypto/dh/dh_local.h > $(OPENSSL_PATH)/crypto/dso/dso_local.h > + $(OPENSSL_PATH)/crypto/ec/ec_local.h > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h > + $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h > + $(OPENSSL_PATH)/crypto/ec/curve448/field.h > + $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h > + $(OPENSSL_PATH)/crypto/ec/curve448/word.h > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h > $(OPENSSL_PATH)/crypto/evp/evp_local.h > $(OPENSSL_PATH)/crypto/hmac/hmac_local.h > $(OPENSSL_PATH)/crypto/lhash/lhash_local.h > diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl > b/CryptoPkg/Library/OpensslLib/process_files.pl > index 42bff05fa6..2ebfbbbca0 100755 > --- a/CryptoPkg/Library/OpensslLib/process_files.pl > +++ b/CryptoPkg/Library/OpensslLib/process_files.pl > @@ -169,7 +169,6 @@ BEGIN { > "no-dgram", > "no-dsa", > "no-dynamic-engine", > - "no-ec", > "no-ec2m", > "no-engine", > "no-err", > -- > 2.17.1 ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2021-10-17 2:49 ` Yao, Jiewen @ 2021-10-18 20:06 ` vineelko 2021-11-03 0:37 ` Yao, Jiewen 0 siblings, 1 reply; 36+ messages in thread From: vineelko @ 2021-10-18 20:06 UTC (permalink / raw) To: Yao, Jiewen, Vineel Kovvuri, devel@edk2.groups.io, Sean Brogan, Bret Barkelew, Mike Turner Cc: Jancarlo Perez Hi Jiewen, Sorry for the build break. I will fix this locally and send you the patch. Thanks, Vineel -----Original Message----- From: Yao, Jiewen <jiewen.yao@intel.com> Sent: Saturday, October 16, 2021 7:49 PM To: Vineel Kovvuri <vineel.kovvuri@gmail.com>; devel@edk2.groups.io; Sean Brogan <sean.brogan@microsoft.com>; Bret Barkelew <Bret.Barkelew@microsoft.com>; Mike Turner <Michael.Turner@microsoft.com> Cc: Vineel Kovvuri <vineelko@microsoft.com> Subject: [EXTERNAL] RE: [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Hi This patch fails in the P-R - https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fpull%2F2073&data=04%7C01%7Cvineelko%40microsoft.com%7C5d3643d0f0ec4bb48ba608d99118b6e7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637700357621360496%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=NbiiW6sHXAfHEkkL7aBbnGlZoYXbAzmkgzeqbbiuJ6Q%3D&reserved=0. Please double check. You are encourage to try P-R by yourself before submit the patch. Thank you Yao Jiewen > -----Original Message----- > From: Vineel Kovvuri <vineel.kovvuri@gmail.com> > Sent: Tuesday, October 12, 2021 1:38 PM > To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; > sean.brogan@microsoft.com; bret.barkelew@microsoft.com; > Michael.Turner@microsoft.com > Cc: Vineel Kovvuri <vineelko@microsoft.com> > Subject: [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve > chipher algorithms > > This commit is a cherry pick of project mu's commit > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith > ub.com%2Fmicrosoft%2Fmu_tiano_plus%2Fcommit%2F1f3b135ddc821718a78c3&am > p;data=04%7C01%7Cvineelko%40microsoft.com%7C5d3643d0f0ec4bb48ba608d991 > 18b6e7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637700357621360496 > %7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6I > k1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OFSVeefYJN%2Bq1BgGMKAJ0H%2B2wfX > %2Bbn%2B4rmppat62i1o%3D&reserved=0 > 52316197889c5d3e0c2 > > Reconfigure OpensslLib to add elliptic curve chipher algorithms. > The only file manually changed is process_files.pl. > Running the script changes the other three files. > > BugZilla: > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugz > illa.tianocore.org%2Fshow_bug.cgi%3Fid%3D3679&data=04%7C01%7Cvinee > lko%40microsoft.com%7C5d3643d0f0ec4bb48ba608d99118b6e7%7C72f988bf86f14 > 1af91ab2d7cd011db47%7C1%7C0%7C637700357621360496%7CUnknown%7CTWFpbGZsb > 3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D% > 7C1000&sdata=hUoZ%2F%2BTHW4aIvzk2N%2BCgtSqQ9igntGGt2vtlOgPTEKY%3D& > amp;reserved=0 > > Signed-off-by: Vineel Kovvuri <vineelko@microsoft.com> > --- > .../Library/Include/openssl/opensslconf.h | 25 ++-------- > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 50 +++++++++++++++++++ > .../Library/OpensslLib/OpensslLibCrypto.inf | 50 +++++++++++++++++++ > CryptoPkg/Library/OpensslLib/process_files.pl | 1 - > 4 files changed, 105 insertions(+), 21 deletions(-) > > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h > b/CryptoPkg/Library/Include/openssl/opensslconf.h > index b8d59aebe8..09a6641ffc 100644 > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h > @@ -55,9 +55,6 @@ extern "C" { > #ifndef OPENSSL_NO_DSA > # define OPENSSL_NO_DSA > #endif > -#ifndef OPENSSL_NO_EC > -# define OPENSSL_NO_EC > -#endif > #ifndef OPENSSL_NO_IDEA > # define OPENSSL_NO_IDEA > #endif > @@ -88,9 +85,6 @@ extern "C" { > #ifndef OPENSSL_NO_SEED > # define OPENSSL_NO_SEED > #endif > -#ifndef OPENSSL_NO_SM2 > -# define OPENSSL_NO_SM2 > -#endif > #ifndef OPENSSL_NO_SRP > # define OPENSSL_NO_SRP > #endif > @@ -154,12 +148,6 @@ extern "C" { > #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 # define > OPENSSL_NO_EC_NISTP_64_GCC_128 #endif -#ifndef OPENSSL_NO_ECDH -# > define OPENSSL_NO_ECDH -#endif -#ifndef OPENSSL_NO_ECDSA -# define > OPENSSL_NO_ECDSA -#endif #ifndef OPENSSL_NO_EGD # define > OPENSSL_NO_EGD #endif @@ -226,9 +214,6 @@ extern "C" { #ifndef > OPENSSL_NO_TESTS # define OPENSSL_NO_TESTS #endif -#ifndef > OPENSSL_NO_TLS1_3 -# define OPENSSL_NO_TLS1_3 -#endif #ifndef > OPENSSL_NO_UBSAN # define OPENSSL_NO_UBSAN #endif @@ -265,11 +250,11 > @@ extern "C" { > # undef DECLARE_DEPRECATED > # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > # endif > -#elif defined(__SUNPRO_C) > -#if (__SUNPRO_C >= 0x5130) > -#undef DECLARE_DEPRECATED > -#define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > -#endif > +# elif defined(__SUNPRO_C) > +# if (__SUNPRO_C >= 0x5130) > +# undef DECLARE_DEPRECATED > +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > +# endif > # endif > #endif > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > index d84bde056a..bd3d9cc90f 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > @@ -199,6 +199,43 @@ > $(OPENSSL_PATH)/crypto/dso/dso_vms.c > $(OPENSSL_PATH)/crypto/dso/dso_win32.c > $(OPENSSL_PATH)/crypto/ebcdic.c > + $(OPENSSL_PATH)/crypto/ec/curve25519.c > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c > + $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c > + $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c > + $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c > + $(OPENSSL_PATH)/crypto/ec/ec2_oct.c > + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c > + $(OPENSSL_PATH)/crypto/ec/ec_ameth.c > + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c > + $(OPENSSL_PATH)/crypto/ec/ec_check.c > + $(OPENSSL_PATH)/crypto/ec/ec_curve.c > + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c > + $(OPENSSL_PATH)/crypto/ec/ec_err.c > + $(OPENSSL_PATH)/crypto/ec/ec_key.c > + $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c > + $(OPENSSL_PATH)/crypto/ec/ec_lib.c > + $(OPENSSL_PATH)/crypto/ec/ec_mult.c > + $(OPENSSL_PATH)/crypto/ec/ec_oct.c > + $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c > + $(OPENSSL_PATH)/crypto/ec/ec_print.c > + $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c > + $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c > + $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c > + $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c > + $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c > + $(OPENSSL_PATH)/crypto/ec/eck_prn.c > + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c > + $(OPENSSL_PATH)/crypto/ec/ecp_oct.c > + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c > + $(OPENSSL_PATH)/crypto/ec/ecx_meth.c > $(OPENSSL_PATH)/crypto/err/err.c > $(OPENSSL_PATH)/crypto/err/err_prn.c > $(OPENSSL_PATH)/crypto/evp/bio_b64.c > @@ -384,6 +421,10 @@ > $(OPENSSL_PATH)/crypto/siphash/siphash.c > $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c > $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_err.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c > $(OPENSSL_PATH)/crypto/sm3/m_sm3.c > $(OPENSSL_PATH)/crypto/sm3/sm3.c > $(OPENSSL_PATH)/crypto/sm4/sm4.c > @@ -496,6 +537,15 @@ > $(OPENSSL_PATH)/crypto/conf/conf_local.h > $(OPENSSL_PATH)/crypto/dh/dh_local.h > $(OPENSSL_PATH)/crypto/dso/dso_local.h > + $(OPENSSL_PATH)/crypto/ec/ec_local.h > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h > + $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h > + $(OPENSSL_PATH)/crypto/ec/curve448/field.h > + $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h > + $(OPENSSL_PATH)/crypto/ec/curve448/word.h > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h > $(OPENSSL_PATH)/crypto/evp/evp_local.h > $(OPENSSL_PATH)/crypto/hmac/hmac_local.h > $(OPENSSL_PATH)/crypto/lhash/lhash_local.h > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > index cdeed0d073..38ccf1a5b6 100644 > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > @@ -199,6 +199,43 @@ > $(OPENSSL_PATH)/crypto/dso/dso_vms.c > $(OPENSSL_PATH)/crypto/dso/dso_win32.c > $(OPENSSL_PATH)/crypto/ebcdic.c > + $(OPENSSL_PATH)/crypto/ec/curve25519.c > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c > + $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c > + $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c > + $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c > + $(OPENSSL_PATH)/crypto/ec/ec2_oct.c > + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c > + $(OPENSSL_PATH)/crypto/ec/ec_ameth.c > + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c > + $(OPENSSL_PATH)/crypto/ec/ec_check.c > + $(OPENSSL_PATH)/crypto/ec/ec_curve.c > + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c > + $(OPENSSL_PATH)/crypto/ec/ec_err.c > + $(OPENSSL_PATH)/crypto/ec/ec_key.c > + $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c > + $(OPENSSL_PATH)/crypto/ec/ec_lib.c > + $(OPENSSL_PATH)/crypto/ec/ec_mult.c > + $(OPENSSL_PATH)/crypto/ec/ec_oct.c > + $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c > + $(OPENSSL_PATH)/crypto/ec/ec_print.c > + $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c > + $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c > + $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c > + $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c > + $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c > + $(OPENSSL_PATH)/crypto/ec/eck_prn.c > + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c > + $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c > + $(OPENSSL_PATH)/crypto/ec/ecp_oct.c > + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c > + $(OPENSSL_PATH)/crypto/ec/ecx_meth.c > $(OPENSSL_PATH)/crypto/err/err.c > $(OPENSSL_PATH)/crypto/err/err_prn.c > $(OPENSSL_PATH)/crypto/evp/bio_b64.c > @@ -384,6 +421,10 @@ > $(OPENSSL_PATH)/crypto/siphash/siphash.c > $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c > $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_err.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c > + $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c > $(OPENSSL_PATH)/crypto/sm3/m_sm3.c > $(OPENSSL_PATH)/crypto/sm3/sm3.c > $(OPENSSL_PATH)/crypto/sm4/sm4.c > @@ -496,6 +537,15 @@ > $(OPENSSL_PATH)/crypto/conf/conf_local.h > $(OPENSSL_PATH)/crypto/dh/dh_local.h > $(OPENSSL_PATH)/crypto/dso/dso_local.h > + $(OPENSSL_PATH)/crypto/ec/ec_local.h > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h > + $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h > + $(OPENSSL_PATH)/crypto/ec/curve448/field.h > + $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h > + $(OPENSSL_PATH)/crypto/ec/curve448/word.h > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h > $(OPENSSL_PATH)/crypto/evp/evp_local.h > $(OPENSSL_PATH)/crypto/hmac/hmac_local.h > $(OPENSSL_PATH)/crypto/lhash/lhash_local.h > diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl > b/CryptoPkg/Library/OpensslLib/process_files.pl > index 42bff05fa6..2ebfbbbca0 100755 > --- a/CryptoPkg/Library/OpensslLib/process_files.pl > +++ b/CryptoPkg/Library/OpensslLib/process_files.pl > @@ -169,7 +169,6 @@ BEGIN { > "no-dgram", > "no-dsa", > "no-dynamic-engine", > - "no-ec", > "no-ec2m", > "no-engine", > "no-err", > -- > 2.17.1 ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2021-10-18 20:06 ` vineelko @ 2021-11-03 0:37 ` Yao, Jiewen 2021-11-03 8:34 ` Vineel Kovvuri 0 siblings, 1 reply; 36+ messages in thread From: Yao, Jiewen @ 2021-11-03 0:37 UTC (permalink / raw) To: Vineel Kovvuri, Vineel Kovvuri, devel@edk2.groups.io, Sean Brogan, Bret Barkelew, Mike Turner Cc: Jancarlo Perez Hello Vineel May I know if you have send out v2? > -----Original Message----- > From: Vineel Kovvuri <vineelko@microsoft.com> > Sent: Tuesday, October 19, 2021 4:06 AM > To: Yao, Jiewen <jiewen.yao@intel.com>; Vineel Kovvuri > <vineel.kovvuri@gmail.com>; devel@edk2.groups.io; Sean Brogan > <sean.brogan@microsoft.com>; Bret Barkelew > <Bret.Barkelew@microsoft.com>; Mike Turner > <Michael.Turner@microsoft.com> > Cc: Jancarlo Perez <jpere@microsoft.com> > Subject: RE: [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher > algorithms > > Hi Jiewen, > > Sorry for the build break. I will fix this locally and send you the patch. > > Thanks, > Vineel > > -----Original Message----- > From: Yao, Jiewen <jiewen.yao@intel.com> > Sent: Saturday, October 16, 2021 7:49 PM > To: Vineel Kovvuri <vineel.kovvuri@gmail.com>; devel@edk2.groups.io; Sean > Brogan <sean.brogan@microsoft.com>; Bret Barkelew > <Bret.Barkelew@microsoft.com>; Mike Turner > <Michael.Turner@microsoft.com> > Cc: Vineel Kovvuri <vineelko@microsoft.com> > Subject: [EXTERNAL] RE: [PATCH 1/2] Reconfigure OpensslLib to add elliptic > curve chipher algorithms > > Hi > This patch fails in the P-R - > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.c > om%2Ftianocore%2Fedk2%2Fpull%2F2073&data=04%7C01%7Cvineelko%4 > 0microsoft.com%7C5d3643d0f0ec4bb48ba608d99118b6e7%7C72f988bf86f141 > af91ab2d7cd011db47%7C1%7C0%7C637700357621360496%7CUnknown%7CT > WFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV > CI6Mn0%3D%7C1000&sdata=NbiiW6sHXAfHEkkL7aBbnGlZoYXbAzmkgzeqb > biuJ6Q%3D&reserved=0. Please double check. > > You are encourage to try P-R by yourself before submit the patch. > > Thank you > Yao Jiewen > > > -----Original Message----- > > From: Vineel Kovvuri <vineel.kovvuri@gmail.com> > > Sent: Tuesday, October 12, 2021 1:38 PM > > To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; > > sean.brogan@microsoft.com; bret.barkelew@microsoft.com; > > Michael.Turner@microsoft.com > > Cc: Vineel Kovvuri <vineelko@microsoft.com> > > Subject: [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve > > chipher algorithms > > > > This commit is a cherry pick of project mu's commit > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith > > > ub.com%2Fmicrosoft%2Fmu_tiano_plus%2Fcommit%2F1f3b135ddc821718a78c > 3&am > > > p;data=04%7C01%7Cvineelko%40microsoft.com%7C5d3643d0f0ec4bb48ba608 > d991 > > > 18b6e7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637700357621 > 360496 > > %7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC > JBTiI6I > > > k1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OFSVeefYJN%2Bq1BgGMKAJ0 > H%2B2wfX > > %2Bbn%2B4rmppat62i1o%3D&reserved=0 > > 52316197889c5d3e0c2 > > > > Reconfigure OpensslLib to add elliptic curve chipher algorithms. > > The only file manually changed is process_files.pl. > > Running the script changes the other three files. > > > > BugZilla: > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugz > > > illa.tianocore.org%2Fshow_bug.cgi%3Fid%3D3679&data=04%7C01%7Cvin > ee > > > lko%40microsoft.com%7C5d3643d0f0ec4bb48ba608d99118b6e7%7C72f988bf8 > 6f14 > > > 1af91ab2d7cd011db47%7C1%7C0%7C637700357621360496%7CUnknown%7CT > WFpbGZsb > > > 3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0% > 3D% > > > 7C1000&sdata=hUoZ%2F%2BTHW4aIvzk2N%2BCgtSqQ9igntGGt2vtlOgPTE > KY%3D& > > amp;reserved=0 > > > > Signed-off-by: Vineel Kovvuri <vineelko@microsoft.com> > > --- > > .../Library/Include/openssl/opensslconf.h | 25 ++-------- > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 50 +++++++++++++++++++ > > .../Library/OpensslLib/OpensslLibCrypto.inf | 50 +++++++++++++++++++ > > CryptoPkg/Library/OpensslLib/process_files.pl | 1 - > > 4 files changed, 105 insertions(+), 21 deletions(-) > > > > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h > > b/CryptoPkg/Library/Include/openssl/opensslconf.h > > index b8d59aebe8..09a6641ffc 100644 > > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h > > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h > > @@ -55,9 +55,6 @@ extern "C" { > > #ifndef OPENSSL_NO_DSA > > # define OPENSSL_NO_DSA > > #endif > > -#ifndef OPENSSL_NO_EC > > -# define OPENSSL_NO_EC > > -#endif > > #ifndef OPENSSL_NO_IDEA > > # define OPENSSL_NO_IDEA > > #endif > > @@ -88,9 +85,6 @@ extern "C" { > > #ifndef OPENSSL_NO_SEED > > # define OPENSSL_NO_SEED > > #endif > > -#ifndef OPENSSL_NO_SM2 > > -# define OPENSSL_NO_SM2 > > -#endif > > #ifndef OPENSSL_NO_SRP > > # define OPENSSL_NO_SRP > > #endif > > @@ -154,12 +148,6 @@ extern "C" { > > #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 # define > > OPENSSL_NO_EC_NISTP_64_GCC_128 #endif -#ifndef OPENSSL_NO_ECDH -# > > define OPENSSL_NO_ECDH -#endif -#ifndef OPENSSL_NO_ECDSA -# define > > OPENSSL_NO_ECDSA -#endif #ifndef OPENSSL_NO_EGD # define > > OPENSSL_NO_EGD #endif @@ -226,9 +214,6 @@ extern "C" { #ifndef > > OPENSSL_NO_TESTS # define OPENSSL_NO_TESTS #endif -#ifndef > > OPENSSL_NO_TLS1_3 -# define OPENSSL_NO_TLS1_3 -#endif #ifndef > > OPENSSL_NO_UBSAN # define OPENSSL_NO_UBSAN #endif @@ -265,11 > +250,11 > > @@ extern "C" { > > # undef DECLARE_DEPRECATED > > # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > > # endif > > -#elif defined(__SUNPRO_C) > > -#if (__SUNPRO_C >= 0x5130) > > -#undef DECLARE_DEPRECATED > > -#define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > > -#endif > > +# elif defined(__SUNPRO_C) > > +# if (__SUNPRO_C >= 0x5130) > > +# undef DECLARE_DEPRECATED > > +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > > +# endif > > # endif > > #endif > > > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > index d84bde056a..bd3d9cc90f 100644 > > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > @@ -199,6 +199,43 @@ > > $(OPENSSL_PATH)/crypto/dso/dso_vms.c > > $(OPENSSL_PATH)/crypto/dso/dso_win32.c > > $(OPENSSL_PATH)/crypto/ebcdic.c > > + $(OPENSSL_PATH)/crypto/ec/curve25519.c > > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c > > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c > > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c > > + $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c > > + $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c > > + $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c > > + $(OPENSSL_PATH)/crypto/ec/ec2_oct.c > > + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c > > + $(OPENSSL_PATH)/crypto/ec/ec_ameth.c > > + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c > > + $(OPENSSL_PATH)/crypto/ec/ec_check.c > > + $(OPENSSL_PATH)/crypto/ec/ec_curve.c > > + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c > > + $(OPENSSL_PATH)/crypto/ec/ec_err.c > > + $(OPENSSL_PATH)/crypto/ec/ec_key.c > > + $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c > > + $(OPENSSL_PATH)/crypto/ec/ec_lib.c > > + $(OPENSSL_PATH)/crypto/ec/ec_mult.c > > + $(OPENSSL_PATH)/crypto/ec/ec_oct.c > > + $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c > > + $(OPENSSL_PATH)/crypto/ec/ec_print.c > > + $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c > > + $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c > > + $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c > > + $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c > > + $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c > > + $(OPENSSL_PATH)/crypto/ec/eck_prn.c > > + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c > > + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c > > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c > > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c > > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c > > + $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c > > + $(OPENSSL_PATH)/crypto/ec/ecp_oct.c > > + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c > > + $(OPENSSL_PATH)/crypto/ec/ecx_meth.c > > $(OPENSSL_PATH)/crypto/err/err.c > > $(OPENSSL_PATH)/crypto/err/err_prn.c > > $(OPENSSL_PATH)/crypto/evp/bio_b64.c > > @@ -384,6 +421,10 @@ > > $(OPENSSL_PATH)/crypto/siphash/siphash.c > > $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c > > $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c > > + $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c > > + $(OPENSSL_PATH)/crypto/sm2/sm2_err.c > > + $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c > > + $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c > > $(OPENSSL_PATH)/crypto/sm3/m_sm3.c > > $(OPENSSL_PATH)/crypto/sm3/sm3.c > > $(OPENSSL_PATH)/crypto/sm4/sm4.c > > @@ -496,6 +537,15 @@ > > $(OPENSSL_PATH)/crypto/conf/conf_local.h > > $(OPENSSL_PATH)/crypto/dh/dh_local.h > > $(OPENSSL_PATH)/crypto/dso/dso_local.h > > + $(OPENSSL_PATH)/crypto/ec/ec_local.h > > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h > > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h > > + $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h > > + $(OPENSSL_PATH)/crypto/ec/curve448/field.h > > + $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h > > + $(OPENSSL_PATH)/crypto/ec/curve448/word.h > > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h > > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h > > $(OPENSSL_PATH)/crypto/evp/evp_local.h > > $(OPENSSL_PATH)/crypto/hmac/hmac_local.h > > $(OPENSSL_PATH)/crypto/lhash/lhash_local.h > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > index cdeed0d073..38ccf1a5b6 100644 > > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > @@ -199,6 +199,43 @@ > > $(OPENSSL_PATH)/crypto/dso/dso_vms.c > > $(OPENSSL_PATH)/crypto/dso/dso_win32.c > > $(OPENSSL_PATH)/crypto/ebcdic.c > > + $(OPENSSL_PATH)/crypto/ec/curve25519.c > > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c > > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c > > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c > > + $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c > > + $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c > > + $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c > > + $(OPENSSL_PATH)/crypto/ec/ec2_oct.c > > + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c > > + $(OPENSSL_PATH)/crypto/ec/ec_ameth.c > > + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c > > + $(OPENSSL_PATH)/crypto/ec/ec_check.c > > + $(OPENSSL_PATH)/crypto/ec/ec_curve.c > > + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c > > + $(OPENSSL_PATH)/crypto/ec/ec_err.c > > + $(OPENSSL_PATH)/crypto/ec/ec_key.c > > + $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c > > + $(OPENSSL_PATH)/crypto/ec/ec_lib.c > > + $(OPENSSL_PATH)/crypto/ec/ec_mult.c > > + $(OPENSSL_PATH)/crypto/ec/ec_oct.c > > + $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c > > + $(OPENSSL_PATH)/crypto/ec/ec_print.c > > + $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c > > + $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c > > + $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c > > + $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c > > + $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c > > + $(OPENSSL_PATH)/crypto/ec/eck_prn.c > > + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c > > + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c > > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c > > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c > > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c > > + $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c > > + $(OPENSSL_PATH)/crypto/ec/ecp_oct.c > > + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c > > + $(OPENSSL_PATH)/crypto/ec/ecx_meth.c > > $(OPENSSL_PATH)/crypto/err/err.c > > $(OPENSSL_PATH)/crypto/err/err_prn.c > > $(OPENSSL_PATH)/crypto/evp/bio_b64.c > > @@ -384,6 +421,10 @@ > > $(OPENSSL_PATH)/crypto/siphash/siphash.c > > $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c > > $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c > > + $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c > > + $(OPENSSL_PATH)/crypto/sm2/sm2_err.c > > + $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c > > + $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c > > $(OPENSSL_PATH)/crypto/sm3/m_sm3.c > > $(OPENSSL_PATH)/crypto/sm3/sm3.c > > $(OPENSSL_PATH)/crypto/sm4/sm4.c > > @@ -496,6 +537,15 @@ > > $(OPENSSL_PATH)/crypto/conf/conf_local.h > > $(OPENSSL_PATH)/crypto/dh/dh_local.h > > $(OPENSSL_PATH)/crypto/dso/dso_local.h > > + $(OPENSSL_PATH)/crypto/ec/ec_local.h > > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h > > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h > > + $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h > > + $(OPENSSL_PATH)/crypto/ec/curve448/field.h > > + $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h > > + $(OPENSSL_PATH)/crypto/ec/curve448/word.h > > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h > > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h > > $(OPENSSL_PATH)/crypto/evp/evp_local.h > > $(OPENSSL_PATH)/crypto/hmac/hmac_local.h > > $(OPENSSL_PATH)/crypto/lhash/lhash_local.h > > diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl > > b/CryptoPkg/Library/OpensslLib/process_files.pl > > index 42bff05fa6..2ebfbbbca0 100755 > > --- a/CryptoPkg/Library/OpensslLib/process_files.pl > > +++ b/CryptoPkg/Library/OpensslLib/process_files.pl > > @@ -169,7 +169,6 @@ BEGIN { > > "no-dgram", > > "no-dsa", > > "no-dynamic-engine", > > - "no-ec", > > "no-ec2m", > > "no-engine", > > "no-err", > > -- > > 2.17.1 ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2021-11-03 0:37 ` Yao, Jiewen @ 2021-11-03 8:34 ` Vineel Kovvuri 2021-11-08 22:29 ` [edk2-devel] " Vineel Kovvuri 0 siblings, 1 reply; 36+ messages in thread From: Vineel Kovvuri @ 2021-11-03 8:34 UTC (permalink / raw) To: Yao, Jiewen Cc: Vineel Kovvuri, devel@edk2.groups.io, Sean Brogan, Bret Barkelew, Mike Turner, Jancarlo Perez [-- Attachment #1: Type: text/plain, Size: 15338 bytes --] Hi Jiewen, Thanks for checking. One of the issue is, ecc change required additional vsinstrincs to be included. If not, IA32 build will fail with __allmul undefined. So I have to include below in OVMFPKGIA32.dsc from Project Mu [LibraryClasses.IA32] NULL|MdePkg/Library/VsIntrinsicLib/VsIntrinsicLib.inf but then I am hitting a new failure when building "stuart_build -c OvmfPkg/PlatformCI/PlatformBuild.py TOOL_CHAIN_TAG=VS2019 TARGET=DEBUG -a IA32" ERROR - Linker #2001 from LINK : unresolved external symbol __ModuleEntryPoint ERROR - Linker #1120 from d:\repos\edk2\Build\OvmfIa32\DEBUG_VS2019\IA32\OvmfPkg\ResetVector\ResetVector\DEBUG\ResetVector.dll : fatal 1 unresolved externals ERROR - Compiler #1077 from NMAKE : fatal '"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29910\bin\Hostx86\x86\link.exe"' : return code '0x460' ERROR - Compiler #7000 from : Failed to execute command ERROR - EDK2 #002 from : Failed to build module Probably I am missing something. The other issue is the increased size of the OVMF firmware after enabling ec ciphers. We need some guidance in handling this as OVMF is being used by other open source projects like QEMU etc. Thanks, Vineel On Tue, Nov 2, 2021 at 5:37 PM Yao, Jiewen <jiewen.yao@intel.com> wrote: > Hello Vineel > May I know if you have send out v2? > > > -----Original Message----- > > From: Vineel Kovvuri <vineelko@microsoft.com> > > Sent: Tuesday, October 19, 2021 4:06 AM > > To: Yao, Jiewen <jiewen.yao@intel.com>; Vineel Kovvuri > > <vineel.kovvuri@gmail.com>; devel@edk2.groups.io; Sean Brogan > > <sean.brogan@microsoft.com>; Bret Barkelew > > <Bret.Barkelew@microsoft.com>; Mike Turner > > <Michael.Turner@microsoft.com> > > Cc: Jancarlo Perez <jpere@microsoft.com> > > Subject: RE: [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve > chipher > > algorithms > > > > Hi Jiewen, > > > > Sorry for the build break. I will fix this locally and send you the > patch. > > > > Thanks, > > Vineel > > > > -----Original Message----- > > From: Yao, Jiewen <jiewen.yao@intel.com> > > Sent: Saturday, October 16, 2021 7:49 PM > > To: Vineel Kovvuri <vineel.kovvuri@gmail.com>; devel@edk2.groups.io; > Sean > > Brogan <sean.brogan@microsoft.com>; Bret Barkelew > > <Bret.Barkelew@microsoft.com>; Mike Turner > > <Michael.Turner@microsoft.com> > > Cc: Vineel Kovvuri <vineelko@microsoft.com> > > Subject: [EXTERNAL] RE: [PATCH 1/2] Reconfigure OpensslLib to add > elliptic > > curve chipher algorithms > > > > Hi > > This patch fails in the P-R - > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.c > > om%2Ftianocore%2Fedk2%2Fpull%2F2073&data=04%7C01%7Cvineelko%4 > > 0microsoft.com%7C5d3643d0f0ec4bb48ba608d99118b6e7%7C72f988bf86f141 > > af91ab2d7cd011db47%7C1%7C0%7C637700357621360496%7CUnknown%7CT > > WFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV > > CI6Mn0%3D%7C1000&sdata=NbiiW6sHXAfHEkkL7aBbnGlZoYXbAzmkgzeqb > > biuJ6Q%3D&reserved=0. Please double check. > > > > You are encourage to try P-R by yourself before submit the patch. > > > > Thank you > > Yao Jiewen > > > > > -----Original Message----- > > > From: Vineel Kovvuri <vineel.kovvuri@gmail.com> > > > Sent: Tuesday, October 12, 2021 1:38 PM > > > To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; > > > sean.brogan@microsoft.com; bret.barkelew@microsoft.com; > > > Michael.Turner@microsoft.com > > > Cc: Vineel Kovvuri <vineelko@microsoft.com> > > > Subject: [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve > > > chipher algorithms > > > > > > This commit is a cherry pick of project mu's commit > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith > > > > > ub.com%2Fmicrosoft%2Fmu_tiano_plus%2Fcommit%2F1f3b135ddc821718a78c > > 3&am > > > > > p;data=04%7C01%7Cvineelko%40microsoft.com%7C5d3643d0f0ec4bb48ba608 > > d991 > > > > > 18b6e7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637700357621 > > 360496 > > > %7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC > > JBTiI6I > > > > > k1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OFSVeefYJN%2Bq1BgGMKAJ0 > > H%2B2wfX > > > %2Bbn%2B4rmppat62i1o%3D&reserved=0 > > > 52316197889c5d3e0c2 > > > > > > Reconfigure OpensslLib to add elliptic curve chipher algorithms. > > > The only file manually changed is process_files.pl. > > > Running the script changes the other three files. > > > > > > BugZilla: > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugz > > > > > illa.tianocore.org%2Fshow_bug.cgi%3Fid%3D3679&data=04%7C01%7Cvin > > ee > > > > > lko%40microsoft.com%7C5d3643d0f0ec4bb48ba608d99118b6e7%7C72f988bf8 > > 6f14 > > > > > 1af91ab2d7cd011db47%7C1%7C0%7C637700357621360496%7CUnknown%7CT > > WFpbGZsb > > > > > 3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0% > > 3D% > > > > > 7C1000&sdata=hUoZ%2F%2BTHW4aIvzk2N%2BCgtSqQ9igntGGt2vtlOgPTE > > KY%3D& > > > amp;reserved=0 > > > > > > Signed-off-by: Vineel Kovvuri <vineelko@microsoft.com> > > > --- > > > .../Library/Include/openssl/opensslconf.h | 25 ++-------- > > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 50 +++++++++++++++++++ > > > .../Library/OpensslLib/OpensslLibCrypto.inf | 50 +++++++++++++++++++ > > > CryptoPkg/Library/OpensslLib/process_files.pl | 1 - > > > 4 files changed, 105 insertions(+), 21 deletions(-) > > > > > > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h > > > b/CryptoPkg/Library/Include/openssl/opensslconf.h > > > index b8d59aebe8..09a6641ffc 100644 > > > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h > > > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h > > > @@ -55,9 +55,6 @@ extern "C" { > > > #ifndef OPENSSL_NO_DSA > > > # define OPENSSL_NO_DSA > > > #endif > > > -#ifndef OPENSSL_NO_EC > > > -# define OPENSSL_NO_EC > > > -#endif > > > #ifndef OPENSSL_NO_IDEA > > > # define OPENSSL_NO_IDEA > > > #endif > > > @@ -88,9 +85,6 @@ extern "C" { > > > #ifndef OPENSSL_NO_SEED > > > # define OPENSSL_NO_SEED > > > #endif > > > -#ifndef OPENSSL_NO_SM2 > > > -# define OPENSSL_NO_SM2 > > > -#endif > > > #ifndef OPENSSL_NO_SRP > > > # define OPENSSL_NO_SRP > > > #endif > > > @@ -154,12 +148,6 @@ extern "C" { > > > #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 # define > > > OPENSSL_NO_EC_NISTP_64_GCC_128 #endif -#ifndef OPENSSL_NO_ECDH -# > > > define OPENSSL_NO_ECDH -#endif -#ifndef OPENSSL_NO_ECDSA -# define > > > OPENSSL_NO_ECDSA -#endif #ifndef OPENSSL_NO_EGD # define > > > OPENSSL_NO_EGD #endif @@ -226,9 +214,6 @@ extern "C" { #ifndef > > > OPENSSL_NO_TESTS # define OPENSSL_NO_TESTS #endif -#ifndef > > > OPENSSL_NO_TLS1_3 -# define OPENSSL_NO_TLS1_3 -#endif #ifndef > > > OPENSSL_NO_UBSAN # define OPENSSL_NO_UBSAN #endif @@ -265,11 > > +250,11 > > > @@ extern "C" { > > > # undef DECLARE_DEPRECATED > > > # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > > > # endif > > > -#elif defined(__SUNPRO_C) > > > -#if (__SUNPRO_C >= 0x5130) > > > -#undef DECLARE_DEPRECATED > > > -#define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > > > -#endif > > > +# elif defined(__SUNPRO_C) > > > +# if (__SUNPRO_C >= 0x5130) > > > +# undef DECLARE_DEPRECATED > > > +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); > > > +# endif > > > # endif > > > #endif > > > > > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > > index d84bde056a..bd3d9cc90f 100644 > > > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > > @@ -199,6 +199,43 @@ > > > $(OPENSSL_PATH)/crypto/dso/dso_vms.c > > > $(OPENSSL_PATH)/crypto/dso/dso_win32.c > > > $(OPENSSL_PATH)/crypto/ebcdic.c > > > + $(OPENSSL_PATH)/crypto/ec/curve25519.c > > > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c > > > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c > > > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c > > > + $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c > > > + $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c > > > + $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c > > > + $(OPENSSL_PATH)/crypto/ec/ec2_oct.c > > > + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_ameth.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_check.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_curve.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_err.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_key.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_lib.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_mult.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_oct.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_print.c > > > + $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c > > > + $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c > > > + $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c > > > + $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c > > > + $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c > > > + $(OPENSSL_PATH)/crypto/ec/eck_prn.c > > > + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c > > > + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c > > > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c > > > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c > > > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c > > > + $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c > > > + $(OPENSSL_PATH)/crypto/ec/ecp_oct.c > > > + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c > > > + $(OPENSSL_PATH)/crypto/ec/ecx_meth.c > > > $(OPENSSL_PATH)/crypto/err/err.c > > > $(OPENSSL_PATH)/crypto/err/err_prn.c > > > $(OPENSSL_PATH)/crypto/evp/bio_b64.c > > > @@ -384,6 +421,10 @@ > > > $(OPENSSL_PATH)/crypto/siphash/siphash.c > > > $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c > > > $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c > > > + $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c > > > + $(OPENSSL_PATH)/crypto/sm2/sm2_err.c > > > + $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c > > > + $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c > > > $(OPENSSL_PATH)/crypto/sm3/m_sm3.c > > > $(OPENSSL_PATH)/crypto/sm3/sm3.c > > > $(OPENSSL_PATH)/crypto/sm4/sm4.c > > > @@ -496,6 +537,15 @@ > > > $(OPENSSL_PATH)/crypto/conf/conf_local.h > > > $(OPENSSL_PATH)/crypto/dh/dh_local.h > > > $(OPENSSL_PATH)/crypto/dso/dso_local.h > > > + $(OPENSSL_PATH)/crypto/ec/ec_local.h > > > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h > > > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h > > > + $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h > > > + $(OPENSSL_PATH)/crypto/ec/curve448/field.h > > > + $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h > > > + $(OPENSSL_PATH)/crypto/ec/curve448/word.h > > > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h > > > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h > > > $(OPENSSL_PATH)/crypto/evp/evp_local.h > > > $(OPENSSL_PATH)/crypto/hmac/hmac_local.h > > > $(OPENSSL_PATH)/crypto/lhash/lhash_local.h > > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > > index cdeed0d073..38ccf1a5b6 100644 > > > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > > @@ -199,6 +199,43 @@ > > > $(OPENSSL_PATH)/crypto/dso/dso_vms.c > > > $(OPENSSL_PATH)/crypto/dso/dso_win32.c > > > $(OPENSSL_PATH)/crypto/ebcdic.c > > > + $(OPENSSL_PATH)/crypto/ec/curve25519.c > > > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c > > > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c > > > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c > > > + $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c > > > + $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c > > > + $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c > > > + $(OPENSSL_PATH)/crypto/ec/ec2_oct.c > > > + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_ameth.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_check.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_curve.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_err.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_key.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_lib.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_mult.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_oct.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c > > > + $(OPENSSL_PATH)/crypto/ec/ec_print.c > > > + $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c > > > + $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c > > > + $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c > > > + $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c > > > + $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c > > > + $(OPENSSL_PATH)/crypto/ec/eck_prn.c > > > + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c > > > + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c > > > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c > > > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c > > > + $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c > > > + $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c > > > + $(OPENSSL_PATH)/crypto/ec/ecp_oct.c > > > + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c > > > + $(OPENSSL_PATH)/crypto/ec/ecx_meth.c > > > $(OPENSSL_PATH)/crypto/err/err.c > > > $(OPENSSL_PATH)/crypto/err/err_prn.c > > > $(OPENSSL_PATH)/crypto/evp/bio_b64.c > > > @@ -384,6 +421,10 @@ > > > $(OPENSSL_PATH)/crypto/siphash/siphash.c > > > $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c > > > $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c > > > + $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c > > > + $(OPENSSL_PATH)/crypto/sm2/sm2_err.c > > > + $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c > > > + $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c > > > $(OPENSSL_PATH)/crypto/sm3/m_sm3.c > > > $(OPENSSL_PATH)/crypto/sm3/sm3.c > > > $(OPENSSL_PATH)/crypto/sm4/sm4.c > > > @@ -496,6 +537,15 @@ > > > $(OPENSSL_PATH)/crypto/conf/conf_local.h > > > $(OPENSSL_PATH)/crypto/dh/dh_local.h > > > $(OPENSSL_PATH)/crypto/dso/dso_local.h > > > + $(OPENSSL_PATH)/crypto/ec/ec_local.h > > > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h > > > + $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h > > > + $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h > > > + $(OPENSSL_PATH)/crypto/ec/curve448/field.h > > > + $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h > > > + $(OPENSSL_PATH)/crypto/ec/curve448/word.h > > > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h > > > + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h > > > $(OPENSSL_PATH)/crypto/evp/evp_local.h > > > $(OPENSSL_PATH)/crypto/hmac/hmac_local.h > > > $(OPENSSL_PATH)/crypto/lhash/lhash_local.h > > > diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl > > > b/CryptoPkg/Library/OpensslLib/process_files.pl > > > index 42bff05fa6..2ebfbbbca0 100755 > > > --- a/CryptoPkg/Library/OpensslLib/process_files.pl > > > +++ b/CryptoPkg/Library/OpensslLib/process_files.pl > > > @@ -169,7 +169,6 @@ BEGIN { > > > "no-dgram", > > > "no-dsa", > > > "no-dynamic-engine", > > > - "no-ec", > > > "no-ec2m", > > > "no-engine", > > > "no-err", > > > -- > > > 2.17.1 > > [-- Attachment #2: Type: text/html, Size: 21824 bytes --] ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2021-11-03 8:34 ` Vineel Kovvuri @ 2021-11-08 22:29 ` Vineel Kovvuri 2021-11-09 8:06 ` Yao, Jiewen 2021-11-09 8:55 ` Gerd Hoffmann 0 siblings, 2 replies; 36+ messages in thread From: Vineel Kovvuri @ 2021-11-08 22:29 UTC (permalink / raw) To: Vineel Kovvuri, devel [-- Attachment #1.1: Type: text/plain, Size: 1137 bytes --] Hi Folks, We are able to resolve the __ModuleEntryPoint error and was able to run below build configurations locally. * Windows_VS2019 - Passed * EmulatorPkg_Win_VS2019 - Passed * OvmfPkg_Win_VS2019 - Passed * Ubuntu_GCC5 - Passed * ArmVirtPkg_Ubuntu_GCC5 - Passed * EmulatorPkg_Ubuntu_GCC5 - Passed * OvmfPkg_Ubuntu_GCC5 – Failed * INFO - GenFv: ERROR 3000: Invalid * INFO - the required fv image size 0xcb2ac0 exceeds the set fv image size 0xc00000 Is it okay to increase the fv image size if so need some guidance with respected to that as it may effect other projects like QEMU etc. Any inputs here are much appreciated For Reference: https://github.com/vineelkovvuri/edk2/pull/2 ( https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fvineelkovvuri%2Fedk2%2Fpull%2F2&data=04%7C01%7Cvineelko%40microsoft.com%7C39a86fd17084443454fa08d9a2dc1185%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637719888367133870%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Mj7FG%2FZvbQska6c6tGj9Z0xgcenZSX3COrPoL4Pe1k0%3D&reserved=0 ) [-- Attachment #1.2: Type: text/html, Size: 3244 bytes --] [-- Attachment #2: 0001-ECC-Fixes.patch --] [-- Type: application/octet-stream, Size: 9317 bytes --] From 0533837d64939b47379572c1c2bae08acad6a569 Mon Sep 17 00:00:00 2001 From: Vineel Kovvuri <vineelko@microsoft.com> Date: Sat, 16 Oct 2021 22:36:58 -0700 Subject: [PATCH 1/3] ECC Fixes Signed-off-by: Vineel Kovvuri <vineelko@microsoft.com> --- .../Library/Include/openssl/opensslconf.h | 23 ++------- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 50 +++++++++++++++++++ .../Library/OpensslLib/OpensslLibCrypto.inf | 50 +++++++++++++++++++ CryptoPkg/Library/OpensslLib/process_files.pl | 1 - 4 files changed, 104 insertions(+), 20 deletions(-) diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h index b8d59aebe8..e097de7797 100644 --- a/CryptoPkg/Library/Include/openssl/opensslconf.h +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h @@ -55,9 +55,6 @@ extern "C" { #ifndef OPENSSL_NO_DSA # define OPENSSL_NO_DSA #endif -#ifndef OPENSSL_NO_EC -# define OPENSSL_NO_EC -#endif #ifndef OPENSSL_NO_IDEA # define OPENSSL_NO_IDEA #endif @@ -88,9 +85,6 @@ extern "C" { #ifndef OPENSSL_NO_SEED # define OPENSSL_NO_SEED #endif -#ifndef OPENSSL_NO_SM2 -# define OPENSSL_NO_SM2 -#endif #ifndef OPENSSL_NO_SRP # define OPENSSL_NO_SRP #endif @@ -154,12 +148,6 @@ extern "C" { #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 # define OPENSSL_NO_EC_NISTP_64_GCC_128 #endif -#ifndef OPENSSL_NO_ECDH -# define OPENSSL_NO_ECDH -#endif -#ifndef OPENSSL_NO_ECDSA -# define OPENSSL_NO_ECDSA -#endif #ifndef OPENSSL_NO_EGD # define OPENSSL_NO_EGD #endif @@ -226,9 +214,6 @@ extern "C" { #ifndef OPENSSL_NO_TESTS # define OPENSSL_NO_TESTS #endif -#ifndef OPENSSL_NO_TLS1_3 -# define OPENSSL_NO_TLS1_3 -#endif #ifndef OPENSSL_NO_UBSAN # define OPENSSL_NO_UBSAN #endif @@ -265,11 +250,11 @@ extern "C" { # undef DECLARE_DEPRECATED # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); # endif -#elif defined(__SUNPRO_C) -#if (__SUNPRO_C >= 0x5130) -#undef DECLARE_DEPRECATED +# elif defined(__SUNPRO_C) +# if (__SUNPRO_C >= 0x5130) +# undef DECLARE_DEPRECATED #define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); -#endif +# endif # endif #endif diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index d84bde056a..bd3d9cc90f 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -199,6 +199,43 @@ $(OPENSSL_PATH)/crypto/dso/dso_vms.c $(OPENSSL_PATH)/crypto/dso/dso_win32.c $(OPENSSL_PATH)/crypto/ebcdic.c + $(OPENSSL_PATH)/crypto/ec/curve25519.c + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c + $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c + $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c + $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c + $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c + $(OPENSSL_PATH)/crypto/ec/ec2_oct.c + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c + $(OPENSSL_PATH)/crypto/ec/ec_ameth.c + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c + $(OPENSSL_PATH)/crypto/ec/ec_check.c + $(OPENSSL_PATH)/crypto/ec/ec_curve.c + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c + $(OPENSSL_PATH)/crypto/ec/ec_err.c + $(OPENSSL_PATH)/crypto/ec/ec_key.c + $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c + $(OPENSSL_PATH)/crypto/ec/ec_lib.c + $(OPENSSL_PATH)/crypto/ec/ec_mult.c + $(OPENSSL_PATH)/crypto/ec/ec_oct.c + $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c + $(OPENSSL_PATH)/crypto/ec/ec_print.c + $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c + $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c + $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c + $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c + $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c + $(OPENSSL_PATH)/crypto/ec/eck_prn.c + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c + $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c + $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c + $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c + $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c + $(OPENSSL_PATH)/crypto/ec/ecp_oct.c + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c + $(OPENSSL_PATH)/crypto/ec/ecx_meth.c $(OPENSSL_PATH)/crypto/err/err.c $(OPENSSL_PATH)/crypto/err/err_prn.c $(OPENSSL_PATH)/crypto/evp/bio_b64.c @@ -384,6 +421,10 @@ $(OPENSSL_PATH)/crypto/siphash/siphash.c $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c + $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c + $(OPENSSL_PATH)/crypto/sm2/sm2_err.c + $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c + $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c $(OPENSSL_PATH)/crypto/sm3/m_sm3.c $(OPENSSL_PATH)/crypto/sm3/sm3.c $(OPENSSL_PATH)/crypto/sm4/sm4.c @@ -496,6 +537,15 @@ $(OPENSSL_PATH)/crypto/conf/conf_local.h $(OPENSSL_PATH)/crypto/dh/dh_local.h $(OPENSSL_PATH)/crypto/dso/dso_local.h + $(OPENSSL_PATH)/crypto/ec/ec_local.h + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h + $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h + $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h + $(OPENSSL_PATH)/crypto/ec/curve448/field.h + $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h + $(OPENSSL_PATH)/crypto/ec/curve448/word.h + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h $(OPENSSL_PATH)/crypto/evp/evp_local.h $(OPENSSL_PATH)/crypto/hmac/hmac_local.h $(OPENSSL_PATH)/crypto/lhash/lhash_local.h diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf index cdeed0d073..38ccf1a5b6 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -199,6 +199,43 @@ $(OPENSSL_PATH)/crypto/dso/dso_vms.c $(OPENSSL_PATH)/crypto/dso/dso_win32.c $(OPENSSL_PATH)/crypto/ebcdic.c + $(OPENSSL_PATH)/crypto/ec/curve25519.c + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c + $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c + $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c + $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c + $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c + $(OPENSSL_PATH)/crypto/ec/ec2_oct.c + $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c + $(OPENSSL_PATH)/crypto/ec/ec_ameth.c + $(OPENSSL_PATH)/crypto/ec/ec_asn1.c + $(OPENSSL_PATH)/crypto/ec/ec_check.c + $(OPENSSL_PATH)/crypto/ec/ec_curve.c + $(OPENSSL_PATH)/crypto/ec/ec_cvt.c + $(OPENSSL_PATH)/crypto/ec/ec_err.c + $(OPENSSL_PATH)/crypto/ec/ec_key.c + $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c + $(OPENSSL_PATH)/crypto/ec/ec_lib.c + $(OPENSSL_PATH)/crypto/ec/ec_mult.c + $(OPENSSL_PATH)/crypto/ec/ec_oct.c + $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c + $(OPENSSL_PATH)/crypto/ec/ec_print.c + $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c + $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c + $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c + $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c + $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c + $(OPENSSL_PATH)/crypto/ec/eck_prn.c + $(OPENSSL_PATH)/crypto/ec/ecp_mont.c + $(OPENSSL_PATH)/crypto/ec/ecp_nist.c + $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c + $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c + $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c + $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c + $(OPENSSL_PATH)/crypto/ec/ecp_oct.c + $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c + $(OPENSSL_PATH)/crypto/ec/ecx_meth.c $(OPENSSL_PATH)/crypto/err/err.c $(OPENSSL_PATH)/crypto/err/err_prn.c $(OPENSSL_PATH)/crypto/evp/bio_b64.c @@ -384,6 +421,10 @@ $(OPENSSL_PATH)/crypto/siphash/siphash.c $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c + $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c + $(OPENSSL_PATH)/crypto/sm2/sm2_err.c + $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c + $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c $(OPENSSL_PATH)/crypto/sm3/m_sm3.c $(OPENSSL_PATH)/crypto/sm3/sm3.c $(OPENSSL_PATH)/crypto/sm4/sm4.c @@ -496,6 +537,15 @@ $(OPENSSL_PATH)/crypto/conf/conf_local.h $(OPENSSL_PATH)/crypto/dh/dh_local.h $(OPENSSL_PATH)/crypto/dso/dso_local.h + $(OPENSSL_PATH)/crypto/ec/ec_local.h + $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h + $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h + $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h + $(OPENSSL_PATH)/crypto/ec/curve448/field.h + $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h + $(OPENSSL_PATH)/crypto/ec/curve448/word.h + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h + $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h $(OPENSSL_PATH)/crypto/evp/evp_local.h $(OPENSSL_PATH)/crypto/hmac/hmac_local.h $(OPENSSL_PATH)/crypto/lhash/lhash_local.h diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl index 42bff05fa6..2ebfbbbca0 100755 --- a/CryptoPkg/Library/OpensslLib/process_files.pl +++ b/CryptoPkg/Library/OpensslLib/process_files.pl @@ -169,7 +169,6 @@ BEGIN { "no-dgram", "no-dsa", "no-dynamic-engine", - "no-ec", "no-ec2m", "no-engine", "no-err", -- 2.31.0.vfs.0.1 [-- Attachment #3: 0002-Port-VsIntrinsicLib-from-Project-Mu.patch --] [-- Type: application/octet-stream, Size: 7906 bytes --] From 23788c199dd9f615b03d0730ab68c5411f56bf87 Mon Sep 17 00:00:00 2001 From: Vineel Kovvuri <vineelko@microsoft.com> Date: Sat, 6 Nov 2021 01:00:26 -0700 Subject: [PATCH 2/3] Port VsIntrinsicLib from Project Mu Signed-off-by: Vineel Kovvuri <vineelko@microsoft.com> --- MdePkg/Library/VsIntrinsicLib/IA32/Llmul.asm | 98 +++++++++++++++++++ MdePkg/Library/VsIntrinsicLib/IA32/Llshr.asm | 79 +++++++++++++++ .../Library/VsIntrinsicLib/VsIntrinsicLib.inf | 38 +++++++ .../Library/VsIntrinsicLib/VsIntrinsicLib.uni | 17 ++++ 4 files changed, 232 insertions(+) create mode 100644 MdePkg/Library/VsIntrinsicLib/IA32/Llmul.asm create mode 100644 MdePkg/Library/VsIntrinsicLib/IA32/Llshr.asm create mode 100644 MdePkg/Library/VsIntrinsicLib/VsIntrinsicLib.inf create mode 100644 MdePkg/Library/VsIntrinsicLib/VsIntrinsicLib.uni diff --git a/MdePkg/Library/VsIntrinsicLib/IA32/Llmul.asm b/MdePkg/Library/VsIntrinsicLib/IA32/Llmul.asm new file mode 100644 index 0000000000..190392da1b --- /dev/null +++ b/MdePkg/Library/VsIntrinsicLib/IA32/Llmul.asm @@ -0,0 +1,98 @@ +;*** +;llmul.asm - long multiply routine +; +; Copyright (c) Microsoft Corporation. All rights reserved. +; SPDX-License-Identifier: BSD-2-Clause-Patent +; +;Purpose: +; Defines long multiply routine +; Both signed and unsigned routines are the same, since multiply's +; work out the same in 2's complement +; creates the following routine: +; __allmul +; +;Original Implemenation: MSVC 14.12.25827 +; +;******************************************************************************* + .686 + .model flat,C + .code + + +;*** +;llmul - long multiply routine +; +;Purpose: +; Does a long multiply (same for signed/unsigned) +; Parameters are not changed. +; +;Entry: +; Parameters are passed on the stack: +; 1st pushed: multiplier (QWORD) +; 2nd pushed: multiplicand (QWORD) +; +;Exit: +; EDX:EAX - product of multiplier and multiplicand +; NOTE: parameters are removed from the stack +; +;Uses: +; ECX +; +;Exceptions: +; +;******************************************************************************* +_allmul PROC NEAR + +A EQU [esp + 4] ; stack address of a +B EQU [esp + 12] ; stack address of b + +HIGH_PART EQU [4] ; +LOW_PART EQU [0] + +; +; AHI, BHI : upper 32 bits of A and B +; ALO, BLO : lower 32 bits of A and B +; +; ALO * BLO +; ALO * BHI +; + BLO * AHI +; --------------------- +; + + mov eax,HIGH_PART(A) + mov ecx,HIGH_PART(B) + or ecx,eax ;test for both high dwords zero. + mov ecx,LOW_PART(B) + jnz short hard ;both are zero, just mult ALO and BLO + + mov eax,LOW_PART(A) + mul ecx + + ret 16 ; callee restores the stack + +hard: + push ebx + +; must redefine A and B since esp has been altered + +A2 EQU [esp + 8] ; stack address of a +B2 EQU [esp + 16] ; stack address of b + + mul ecx ;eax has AHI, ecx has BLO, so AHI * BLO + mov ebx,eax ;save result + + mov eax,LOW_PART(A2) + mul dword ptr HIGH_PART(B2) ;ALO * BHI + add ebx,eax ;ebx = ((ALO * BHI) + (AHI * BLO)) + + mov eax,LOW_PART(A2);ecx = BLO + mul ecx ;so edx:eax = ALO*BLO + add edx,ebx ;now edx has all the LO*HI stuff + + pop ebx + + ret 16 ; callee restores the stack + +_allmul ENDP + + end diff --git a/MdePkg/Library/VsIntrinsicLib/IA32/Llshr.asm b/MdePkg/Library/VsIntrinsicLib/IA32/Llshr.asm new file mode 100644 index 0000000000..81c5240c16 --- /dev/null +++ b/MdePkg/Library/VsIntrinsicLib/IA32/Llshr.asm @@ -0,0 +1,79 @@ + title llshr - long shift right +;*** +;llshr.asm - long shift right +; +; Copyright (c) Microsoft Corporation. All rights reserved. +; SPDX-License-Identifier: BSD-2-Clause-Patent +; +;Purpose: +; define signed long shift right routine +; __allshr +; +;Original Implemenation: MSVC 14.12.25827 +; +;******************************************************************************* + .686 + .model flat,C + .code + + + +;*** +;llshr - long shift right +; +;Purpose: +; Does a signed Long Shift Right +; Shifts a long right any number of bits. +; +;Entry: +; EDX:EAX - long value to be shifted +; CL - number of bits to shift by +; +;Exit: +; EDX:EAX - shifted value +; +;Uses: +; CL is destroyed. +; +;Exceptions: +; +;******************************************************************************* +_allshr PROC NEAR + +; +; Handle shifts of 64 bits or more (if shifting 64 bits or more, the result +; depends only on the high order bit of edx). +; + cmp cl,64 + jae short RETSIGN + +; +; Handle shifts of between 0 and 31 bits +; + cmp cl, 32 + jae short MORE32 + shrd eax,edx,cl + sar edx,cl + ret + +; +; Handle shifts of between 32 and 63 bits +; +MORE32: + mov eax,edx + sar edx,31 + and cl,31 + sar eax,cl + ret + +; +; Return double precision 0 or -1, depending on the sign of edx +; +RETSIGN: + sar edx,31 + mov eax,edx + ret + +_allshr ENDP + + end diff --git a/MdePkg/Library/VsIntrinsicLib/VsIntrinsicLib.inf b/MdePkg/Library/VsIntrinsicLib/VsIntrinsicLib.inf new file mode 100644 index 0000000000..d55bfcbd22 --- /dev/null +++ b/MdePkg/Library/VsIntrinsicLib/VsIntrinsicLib.inf @@ -0,0 +1,38 @@ +## @file +# Visual Studio 2017 C compiler intrinsic Library implementation. +# +# Since the C compiler does very aggressive full program optimizations there are cases +# where some small number of compiler inserted functions can not be avoided. +# To handle that case this NULL library can be injected into all 32bit modules +# so that the link time dependency is met and the modules compile. +# +# The routines are based on src delivered with the visual studio product. it is +# critical that calling convention, stack usage, register usage, etc is in line +# with what the compiler expects as there is no way to influence the behaviors +# for compiler inserted functions. +# +# Copyright (c) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = VsIntrinsicLib + MODULE_UNI_FILE = VsIntrinsicLib.uni + FILE_GUID = ed449fc0-3265-40ed-91b8-435b8df0aa5f + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = NULL + +# +# VALID_ARCHITECTURES = IA32 +# + +[Sources] + +[Sources.Ia32] + IA32/Llmul.asm + IA32/Llshr.asm + +[Packages] + MdePkg/MdePkg.dec diff --git a/MdePkg/Library/VsIntrinsicLib/VsIntrinsicLib.uni b/MdePkg/Library/VsIntrinsicLib/VsIntrinsicLib.uni new file mode 100644 index 0000000000..c4513808fd --- /dev/null +++ b/MdePkg/Library/VsIntrinsicLib/VsIntrinsicLib.uni @@ -0,0 +1,17 @@ +// /** @file +// VsIntrinsic Library implementation. +// +// VsIntrinsic Library implementation. +// +// +// +//Copyright (c) Microsoft Corporation. All rights reserved. +//SPDX-License-Identifier: BSD-2-Clause-Patent +// +//**/ + + +#string STR_MODULE_ABSTRACT #language en-US "VsIntrinsic Library implementation" + +#string STR_MODULE_DESCRIPTION #language en-US "VsIntrinsic Library implementation" + -- 2.31.0.vfs.0.1 [-- Attachment #4: 0003-Reference-VsIntrinsicLib.patch --] [-- Type: application/octet-stream, Size: 3785 bytes --] From 799b36c6560c1a3fd5f9b30856ff61c002694e4c Mon Sep 17 00:00:00 2001 From: Vineel Kovvuri <vineelko@microsoft.com> Date: Sat, 6 Nov 2021 01:01:13 -0700 Subject: [PATCH 3/3] Reference VsIntrinsicLib Signed-off-by: Vineel Kovvuri <vineelko@microsoft.com> --- CryptoPkg/CryptoPkg.dsc | 3 +++ EmulatorPkg/EmulatorPkg.dsc | 3 +++ MdePkg/MdePkg.ci.yaml | 2 +- MdePkg/MdePkg.dsc | 4 ++++ OvmfPkg/OvmfPkgIa32.dsc | 5 +++++ OvmfPkg/OvmfPkgIa32X64.dsc | 5 +++++ 6 files changed, 21 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 0aa72ed878..9a01554f19 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -67,6 +67,9 @@ HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf +[LibraryClasses.IA32] + NULL|MdePkg/Library/VsIntrinsicLib/VsIntrinsicLib.inf + [LibraryClasses.ARM, LibraryClasses.AARCH64] # # It is not possible to prevent the ARM compiler for generic intrinsic functions. diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc index 554c13ddb5..483ee0d036 100644 --- a/EmulatorPkg/EmulatorPkg.dsc +++ b/EmulatorPkg/EmulatorPkg.dsc @@ -138,6 +138,9 @@ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif +[LibraryClasses.IA32] + NULL|MdePkg/Library/VsIntrinsicLib/VsIntrinsicLib.inf + [LibraryClasses.common.SEC] PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.inf PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf diff --git a/MdePkg/MdePkg.ci.yaml b/MdePkg/MdePkg.ci.yaml index 3ea8eec331..b339686433 100644 --- a/MdePkg/MdePkg.ci.yaml +++ b/MdePkg/MdePkg.ci.yaml @@ -54,7 +54,7 @@ ## options defined ci/Plugin/DscCompleteCheck "DscCompleteCheck": { - "IgnoreInf": [""], + "IgnoreInf": ["MdePkg/Library/VsIntrinsicLib/VsIntrinsicLib.inf"], "DscPath": "MdePkg.dsc" }, diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc index a94959169b..3a4b9d093e 100644 --- a/MdePkg/MdePkg.dsc +++ b/MdePkg/MdePkg.dsc @@ -176,6 +176,10 @@ MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf +[Components.IA32] + # For VS2017 support link the VsIntrinsicLib into all 32 bit modules + MdePkg/Library/VsIntrinsicLib/VsIntrinsicLib.inf + [Components.EBC] MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 6a5be97c05..f52d48d83a 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -240,6 +240,11 @@ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf !endif +!if $(TOOL_CHAIN_TAG) == "VS2019" +[LibraryClasses.IA32.UEFI_DRIVER] + NULL|MdePkg/Library/VsIntrinsicLib/VsIntrinsicLib.inf +!endif + [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 71227d1b70..a53555240e 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -244,6 +244,11 @@ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf !endif +!if $(TOOL_CHAIN_TAG) == "VS2019" +[LibraryClasses.IA32.UEFI_DRIVER] + NULL|MdePkg/Library/VsIntrinsicLib/VsIntrinsicLib.inf +!endif + [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf -- 2.31.0.vfs.0.1 ^ permalink raw reply related [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2021-11-08 22:29 ` [edk2-devel] " Vineel Kovvuri @ 2021-11-09 8:06 ` Yao, Jiewen 2021-11-09 8:58 ` Gerd Hoffmann 2021-11-09 8:55 ` Gerd Hoffmann 1 sibling, 1 reply; 36+ messages in thread From: Yao, Jiewen @ 2021-11-09 8:06 UTC (permalink / raw) To: devel@edk2.groups.io, vineelko@microsoft.com, Vineel Kovvuri [-- Attachment #1: Type: text/plain, Size: 2308 bytes --] Some options for your consideration. 1. Enlarge OVMF size * I have seen discussion to 8M to 16M, but it seems not concluded. 2. Remove unnecessary algo in openssl config * Do you really want to enable all those algorithms? Such as SM2? Maybe revisit them again to see if they are really needed. I could see it might break other platform potentially. * Do you have any evaluation on binary size difference before or after your patch ? Please provide the data to help other people make decision. 3. Provide 2 profiles – with ECC and without ECC. * As such, we can let platform decide which one it wants to take, if there is significant size difference. * This would be the best way to keep the compatibility. Thank you Yao Jiewen From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Vineel Kovvuri via groups.io Sent: Tuesday, November 9, 2021 6:30 AM To: Vineel Kovvuri <vineel.kovvuri@gmail.com>; devel@edk2.groups.io Subject: Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Hi Folks, We are able to resolve the __ModuleEntryPoint error and was able to run below build configurations locally. * Windows_VS2019 - Passed * EmulatorPkg_Win_VS2019 - Passed * OvmfPkg_Win_VS2019 - Passed * Ubuntu_GCC5 - Passed * ArmVirtPkg_Ubuntu_GCC5 - Passed * EmulatorPkg_Ubuntu_GCC5 - Passed * OvmfPkg_Ubuntu_GCC5 – Failed * INFO - GenFv: ERROR 3000: Invalid * INFO - the required fv image size 0xcb2ac0 exceeds the set fv image size 0xc00000 Is it okay to increase the fv image size if so need some guidance with respected to that as it may effect other projects like QEMU etc. Any inputs here are much appreciated For Reference: https://github.com/vineelkovvuri/edk2/pull/2<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fvineelkovvuri%2Fedk2%2Fpull%2F2&data=04%7C01%7Cvineelko%40microsoft.com%7C39a86fd17084443454fa08d9a2dc1185%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637719888367133870%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Mj7FG%2FZvbQska6c6tGj9Z0xgcenZSX3COrPoL4Pe1k0%3D&reserved=0> [-- Attachment #2: Type: text/html, Size: 10785 bytes --] ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2021-11-09 8:06 ` Yao, Jiewen @ 2021-11-09 8:58 ` Gerd Hoffmann 2021-11-10 16:18 ` Vineel Kovvuri 0 siblings, 1 reply; 36+ messages in thread From: Gerd Hoffmann @ 2021-11-09 8:58 UTC (permalink / raw) To: devel, jiewen.yao; +Cc: vineelko@microsoft.com, Vineel Kovvuri > 2. Remove unnecessary algo in openssl config > * Do you really want to enable all those algorithms? Such as SM2? Maybe revisit them again to see if they are really needed. I could see it might break other platform potentially. Enabling only those algorithms which are actually used by tianocore certainly makes sense ... > 3. Provide 2 profiles – with ECC and without ECC. ... and if it gets down the size enough would be better than yet another compile time option. take care, Gerd ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2021-11-09 8:58 ` Gerd Hoffmann @ 2021-11-10 16:18 ` Vineel Kovvuri 2021-11-11 13:05 ` Gerd Hoffmann 0 siblings, 1 reply; 36+ messages in thread From: Vineel Kovvuri @ 2021-11-10 16:18 UTC (permalink / raw) To: Gerd Hoffmann; +Cc: devel, Yao, Jiewen, vineelko@microsoft.com [-- Attachment #1: Type: text/plain, Size: 3731 bytes --] Hi All, Sorry, my bad for not providing the details. Below is the build configuration. Passing: stuart_build -c OvmfPkg/PlatformCI/PlatformBuild.py TOOL_CHAIN_TAG=GCC5 TARGET=NOOPT -a IA32,X64 Failing: stuart_build -c OvmfPkg/PlatformCI/PlatformBuild.py TOOL_CHAIN_TAG=GCC5 TARGET=NOOPT -a IA32,X64 BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1 The failure is happening while generating DXEFV.FVINFO - Generating DXEFV FV INFO - ##### ['GenFv', '-F', 'FALSE', '-a', '/home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/DXEFV.inf', '-o', '/home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/DXEFV.Fv', '-i', '/home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/DXEFV.inf'] INFO - Return Value = 2 INFO - GenFv: ERROR 3000: Invalid INFO - the required fv image size 0xcb2ac0 exceeds the set fv image size 0xc00000 The difference I see without ecc change and with the change is the increase in file sizes for below ffs files,(other .ffs files remained unchanged) Without ecc change: 794742 /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F80697E9-7FD6-4665-8646-88E33EF71DFCSecurityStubDxe/F80697E9-7FD6-4665-8646-88E33EF71DFC.ffs 653470 /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F0E6A44F-7195-41c3-AC64-54F202CD0A21SecureBootConfigDxe/F0E6A44F-7195-41c3-AC64-54F202CD0A21.ffs 1174654 /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/3aceb0c0-3c72-11e4-9a56-74d435052646TlsDxe/3aceb0c0-3c72-11e4-9a56-74d435052646.ffs 872594 /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/23A089B3-EED5-4ac5-B2AB-43E3298C2343VariableSmm/23A089B3-EED5-4ac5-B2AB-43E3298C2343.ffs With ecc change: 1058678 /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F80697E9-7FD6-4665-8646-88E33EF71DFCSecurityStubDxe/F80697E9-7FD6-4665-8646-88E33EF71DFC.ffs 917214 /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F0E6A44F-7195-41c3-AC64-54F202CD0A21SecureBootConfigDxe/F0E6A44F-7195-41c3-AC64-54F202CD0A21.ffs 1470718 /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/3aceb0c0-3c72-11e4-9a56-74d435052646TlsDxe/3aceb0c0-3c72-11e4-9a56-74d435052646.ffs 1134738 /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/23A089B3-EED5-4ac5-B2AB-43E3298C2343VariableSmm/23A089B3-EED5-4ac5-B2AB-43E3298C2343.ffs Below is the size of DXEFV.Fv in successful build(without ecc change) ubuntu@ubuntuubuntu:~/src/edk2$ ls -l /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/DXEFV.Fv -rw-rw-r-- 1 ubuntu ubuntu 12582912(0xC0000) Nov 9 19:18 /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/DXEFV.Fv We haven't looked at porting to OpenSSL 3.0. I am wondering, removing existing ciphers might impact other platforms. Could you please suggest any less intrusive options without impacting other platforms. I am new to EDK and what compile time options are you referring to? Please let me know if any other information is needed from the build. Thanks in advance, Vineel On Tue, Nov 9, 2021 at 12:58 AM Gerd Hoffmann <kraxel@redhat.com> wrote: > > 2. Remove unnecessary algo in openssl config > > * Do you really want to enable all those algorithms? Such as SM2? > Maybe revisit them again to see if they are really needed. I could see it > might break other platform potentially. > > Enabling only those algorithms which are actually used by tianocore > certainly makes sense ... > > > 3. Provide 2 profiles – with ECC and without ECC. > > ... and if it gets down the size enough would be better than yet another > compile time option. > > take care, > Gerd > > [-- Attachment #2: Type: text/html, Size: 4382 bytes --] ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2021-11-10 16:18 ` Vineel Kovvuri @ 2021-11-11 13:05 ` Gerd Hoffmann 2021-11-11 13:26 ` Yao, Jiewen 0 siblings, 1 reply; 36+ messages in thread From: Gerd Hoffmann @ 2021-11-11 13:05 UTC (permalink / raw) To: Vineel Kovvuri; +Cc: devel, Yao, Jiewen, vineelko@microsoft.com Hi, > The difference I see without ecc change and with the change is the increase > in file sizes for below ffs files,(other .ffs files remained unchanged) > > Without ecc change: > 794742 > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F80697E9-7FD6-4665-8646-88E33EF71DFCSecurityStubDxe/F80697E9-7FD6-4665-8646-88E33EF71DFC.ffs > 653470 > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F0E6A44F-7195-41c3-AC64-54F202CD0A21SecureBootConfigDxe/F0E6A44F-7195-41c3-AC64-54F202CD0A21.ffs > 1174654 > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/3aceb0c0-3c72-11e4-9a56-74d435052646TlsDxe/3aceb0c0-3c72-11e4-9a56-74d435052646.ffs > 872594 > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/23A089B3-EED5-4ac5-B2AB-43E3298C2343VariableSmm/23A089B3-EED5-4ac5-B2AB-43E3298C2343.ffs > > With ecc change: > 1058678 > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F80697E9-7FD6-4665-8646-88E33EF71DFCSecurityStubDxe/F80697E9-7FD6-4665-8646-88E33EF71DFC.ffs > 917214 > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F0E6A44F-7195-41c3-AC64-54F202CD0A21SecureBootConfigDxe/F0E6A44F-7195-41c3-AC64-54F202CD0A21.ffs > 1470718 > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/3aceb0c0-3c72-11e4-9a56-74d435052646TlsDxe/3aceb0c0-3c72-11e4-9a56-74d435052646.ffs > 1134738 > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/23A089B3-EED5-4ac5-B2AB-43E3298C2343VariableSmm/23A089B3-EED5-4ac5-B2AB-43E3298C2343.ffs Uh. So each driver which needs openssl has its own copy of the library? I wasn't aware of that, but yes, given we don't have dynamic linking this makes sense and also easily explains why we see such a big jump in size. > I am wondering, removing existing ciphers might impact other platforms. > Could you please suggest any less intrusive options without impacting > other platforms. I was thinking more about reviewing the chipers added. Pick the most commonly used ones instead of just adding them all for example. > I am new to EDK and what compile time options are you referring to? Please > let me know if any other information is needed from the build. Compile time option would be a new "-D OPENSSL_ENABLE_ECC" switch. But I think Jiewen meant something else with "2 profiles": We could create two OpensslLib variants. One full-featured build with ecc enabled which TlsDxe could use (assuming better TLS support is your use case). And one less-featured variant for VariableSmm + SecureBootConfigDxe + SecurityStubDxe. That way we have the ecc code only once not four times in the firmware build. Possibly the less-featured could be stripped down even more when it doesn't need to support TLS any more. I'm also wondering why SecurityStubDxe needs OpensslLib ... take care & HTH, Gerd ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2021-11-11 13:05 ` Gerd Hoffmann @ 2021-11-11 13:26 ` Yao, Jiewen 2021-11-18 18:40 ` Vineel Kovvuri 0 siblings, 1 reply; 36+ messages in thread From: Yao, Jiewen @ 2021-11-11 13:26 UTC (permalink / raw) To: Gerd Hoffmann, Vineel Kovvuri Cc: devel@edk2.groups.io, vineelko@microsoft.com Sorry, I don't mean: one platform uses 2 different configuration. That might be worse, because we lose the benefit on compression. Ideally, no matter how many *same* copies you have, the compression algo will handle it and make only *one* copy. If you have two *different* copies, then compression also may finally make *two* different copy. I don't have data. I just feel it might be worse. I mean two platform can choose 2 different configuration. But eventually, one platform should select one of them consistently, such as using only one CryptoDxe.inf. In this case, you need carefully remove all unneeded algo. For example, do you really need SM2 ? Do you really need EdDSA ? Do you really need ECX ? Thank you Yao Jiewen > -----Original Message----- > From: Gerd Hoffmann <kraxel@redhat.com> > Sent: Thursday, November 11, 2021 9:06 PM > To: Vineel Kovvuri <vineel.kovvuri@gmail.com> > Cc: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; > vineelko@microsoft.com > Subject: Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic > curve chipher algorithms > > Hi, > > > The difference I see without ecc change and with the change is the increase > > in file sizes for below ffs files,(other .ffs files remained unchanged) > > > > Without ecc change: > > 794742 > > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F80697E9- > 7FD6-4665-8646-88E33EF71DFCSecurityStubDxe/F80697E9-7FD6-4665-8646- > 88E33EF71DFC.ffs > > 653470 > > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F0E6A44F- > 7195-41c3-AC64-54F202CD0A21SecureBootConfigDxe/F0E6A44F-7195-41c3- > AC64-54F202CD0A21.ffs > > 1174654 > > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/3aceb0c0- > 3c72-11e4-9a56-74d435052646TlsDxe/3aceb0c0-3c72-11e4-9a56- > 74d435052646.ffs > > 872594 > > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/23A089B3- > EED5-4ac5-B2AB-43E3298C2343VariableSmm/23A089B3-EED5-4ac5-B2AB- > 43E3298C2343.ffs > > > > With ecc change: > > 1058678 > > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F80697E9- > 7FD6-4665-8646-88E33EF71DFCSecurityStubDxe/F80697E9-7FD6-4665-8646- > 88E33EF71DFC.ffs > > 917214 > > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F0E6A44F- > 7195-41c3-AC64-54F202CD0A21SecureBootConfigDxe/F0E6A44F-7195-41c3- > AC64-54F202CD0A21.ffs > > 1470718 > > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/3aceb0c0- > 3c72-11e4-9a56-74d435052646TlsDxe/3aceb0c0-3c72-11e4-9a56- > 74d435052646.ffs > > 1134738 > > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/23A089B3- > EED5-4ac5-B2AB-43E3298C2343VariableSmm/23A089B3-EED5-4ac5-B2AB- > 43E3298C2343.ffs > > Uh. So each driver which needs openssl has its own copy of the library? > > I wasn't aware of that, but yes, given we don't have dynamic linking > this makes sense and also easily explains why we see such a big jump in > size. > > > I am wondering, removing existing ciphers might impact other platforms. > > Could you please suggest any less intrusive options without impacting > > other platforms. > > I was thinking more about reviewing the chipers added. Pick the most > commonly used ones instead of just adding them all for example. > > > I am new to EDK and what compile time options are you referring to? Please > > let me know if any other information is needed from the build. > > Compile time option would be a new "-D OPENSSL_ENABLE_ECC" switch. > > But I think Jiewen meant something else with "2 profiles": > > We could create two OpensslLib variants. One full-featured build with > ecc enabled which TlsDxe could use (assuming better TLS support is your > use case). And one less-featured variant for VariableSmm + > SecureBootConfigDxe + SecurityStubDxe. > > That way we have the ecc code only once not four times in the firmware > build. Possibly the less-featured could be stripped down even more when > it doesn't need to support TLS any more. > > I'm also wondering why SecurityStubDxe needs OpensslLib ... > > take care & HTH, > Gerd ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2021-11-11 13:26 ` Yao, Jiewen @ 2021-11-18 18:40 ` Vineel Kovvuri 2022-02-23 2:32 ` yi1 li 0 siblings, 1 reply; 36+ messages in thread From: Vineel Kovvuri @ 2021-11-18 18:40 UTC (permalink / raw) To: Yao, Jiewen, harshit.n.g Cc: Gerd Hoffmann, devel@edk2.groups.io, vineelko@microsoft.com [-- Attachment #1: Type: text/plain, Size: 4727 bytes --] Hi Folks, Sorry for the delay in my response. Thanks for the inputs. My bad for not understanding what Jiewen was referring to, I think he is suggesting to remove the unused algorithms with in the ECC cipher. Not removing already available ciphers. Totally makes sense but it would involve more testing against each private bios with the narrowed list of algorithms. +Harshit from Intel for context Thanks, Vineel On Thu, Nov 11, 2021 at 5:26 AM Yao, Jiewen <jiewen.yao@intel.com> wrote: > Sorry, I don't mean: one platform uses 2 different configuration. > > That might be worse, because we lose the benefit on compression. > Ideally, no matter how many *same* copies you have, the compression algo > will handle it and make only *one* copy. If you have two *different* > copies, then compression also may finally make *two* different copy. > I don't have data. I just feel it might be worse. > > I mean two platform can choose 2 different configuration. But eventually, > one platform should select one of them consistently, such as using only one > CryptoDxe.inf. > > In this case, you need carefully remove all unneeded algo. > For example, do you really need SM2 ? > Do you really need EdDSA ? > Do you really need ECX ? > > Thank you > Yao Jiewen > > > > -----Original Message----- > > From: Gerd Hoffmann <kraxel@redhat.com> > > Sent: Thursday, November 11, 2021 9:06 PM > > To: Vineel Kovvuri <vineel.kovvuri@gmail.com> > > Cc: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; > > vineelko@microsoft.com > > Subject: Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add > elliptic > > curve chipher algorithms > > > > Hi, > > > > > The difference I see without ecc change and with the change is the > increase > > > in file sizes for below ffs files,(other .ffs files remained unchanged) > > > > > > Without ecc change: > > > 794742 > > > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F80697E9- > > 7FD6-4665-8646-88E33EF71DFCSecurityStubDxe/F80697E9-7FD6-4665-8646- > > 88E33EF71DFC.ffs > > > 653470 > > > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F0E6A44F- > > 7195-41c3-AC64-54F202CD0A21SecureBootConfigDxe/F0E6A44F-7195-41c3- > > AC64-54F202CD0A21.ffs > > > 1174654 > > > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/3aceb0c0- > > 3c72-11e4-9a56-74d435052646TlsDxe/3aceb0c0-3c72-11e4-9a56- > > 74d435052646.ffs > > > 872594 > > > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/23A089B3- > > EED5-4ac5-B2AB-43E3298C2343VariableSmm/23A089B3-EED5-4ac5-B2AB- > > 43E3298C2343.ffs > > > > > > With ecc change: > > > 1058678 > > > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F80697E9- > > 7FD6-4665-8646-88E33EF71DFCSecurityStubDxe/F80697E9-7FD6-4665-8646- > > 88E33EF71DFC.ffs > > > 917214 > > > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/F0E6A44F- > > 7195-41c3-AC64-54F202CD0A21SecureBootConfigDxe/F0E6A44F-7195-41c3- > > AC64-54F202CD0A21.ffs > > > 1470718 > > > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/3aceb0c0- > > 3c72-11e4-9a56-74d435052646TlsDxe/3aceb0c0-3c72-11e4-9a56- > > 74d435052646.ffs > > > 1134738 > > > /home/ubuntu/src/edk2/Build/Ovmf3264/NOOPT_GCC5/FV/Ffs/23A089B3- > > EED5-4ac5-B2AB-43E3298C2343VariableSmm/23A089B3-EED5-4ac5-B2AB- > > 43E3298C2343.ffs > > > > Uh. So each driver which needs openssl has its own copy of the library? > > > > I wasn't aware of that, but yes, given we don't have dynamic linking > > this makes sense and also easily explains why we see such a big jump in > > size. > > > > > I am wondering, removing existing ciphers might impact other platforms. > > > Could you please suggest any less intrusive options without impacting > > > other platforms. > > > > I was thinking more about reviewing the chipers added. Pick the most > > commonly used ones instead of just adding them all for example. > > > > > I am new to EDK and what compile time options are you referring to? > Please > > > let me know if any other information is needed from the build. > > > > Compile time option would be a new "-D OPENSSL_ENABLE_ECC" switch. > > > > But I think Jiewen meant something else with "2 profiles": > > > > We could create two OpensslLib variants. One full-featured build with > > ecc enabled which TlsDxe could use (assuming better TLS support is your > > use case). And one less-featured variant for VariableSmm + > > SecureBootConfigDxe + SecurityStubDxe. > > > > That way we have the ecc code only once not four times in the firmware > > build. Possibly the less-featured could be stripped down even more when > > it doesn't need to support TLS any more. > > > > I'm also wondering why SecurityStubDxe needs OpensslLib ... > > > > take care & HTH, > > Gerd > > [-- Attachment #2: Type: text/html, Size: 6264 bytes --] ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2021-11-18 18:40 ` Vineel Kovvuri @ 2022-02-23 2:32 ` yi1 li 2022-02-23 2:46 ` Vineel Kovvuri 0 siblings, 1 reply; 36+ messages in thread From: yi1 li @ 2022-02-23 2:32 UTC (permalink / raw) To: Vineel Kovvuri, devel [-- Attachment #1: Type: text/plain, Size: 1407 bytes --] Hi Vineel, Are you still working on this issue? I'm glad to see that edk2 will enable EC and other crypto features and would like some advice. I found from the previous discussion that there are only some issues with Ovmf binary size left, Have you tried enlarging the size of DXEFV in OvmfPkgIa32X64.fdf, I think this is the most direct way to solve this problem. Such like: diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index 097fd428d5..1de0aad9f4 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -62,10 +62,10 @@ FV = SECFV [FD.MEMFD] BaseAddress = $(MEMFD_BASE_ADDRESS) -Size = 0xD00000 +Size = 0xE00000 ErasePolarity = 1 BlockSize = 0x10000 -NumBlocks = 0xD0 +NumBlocks = 0xE0 0x000000|0x006000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize @@ -83,7 +83,7 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.P gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvSize FV = PEIFV -0x100000|0xC00000 +0x100000|0xD00000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize FV = DXEFV Please cc me if there is any other progress, my team and I will provide support as far as possible. Thanks! [-- Attachment #2: Type: text/html, Size: 1894 bytes --] ^ permalink raw reply related [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-02-23 2:32 ` yi1 li @ 2022-02-23 2:46 ` Vineel Kovvuri 2022-02-23 2:54 ` yi1 li 0 siblings, 1 reply; 36+ messages in thread From: Vineel Kovvuri @ 2022-02-23 2:46 UTC (permalink / raw) To: devel@edk2.groups.io, yi1.li@intel.com, Vineel Kovvuri [-- Attachment #1: Type: text/plain, Size: 1903 bytes --] Hi, Thanks for providing the inputs here. Really appreciated. I will try to resume the work(had to put it aside due to other priorities). Please expect the patch by EOW. Thanks, Vineel From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of yi1 li via groups.io Sent: Tuesday, February 22, 2022 6:33 PM To: Vineel Kovvuri <vineel.kovvuri@gmail.com>; devel@edk2.groups.io Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Hi Vineel, Are you still working on this issue? I'm glad to see that edk2 will enable EC and other crypto features and would like some advice. I found from the previous discussion that there are only some issues with Ovmf binary size left, Have you tried enlarging the size of DXEFV in OvmfPkgIa32X64.fdf, I think this is the most direct way to solve this problem. Such like: diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index 097fd428d5..1de0aad9f4 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -62,10 +62,10 @@ FV = SECFV [FD.MEMFD] BaseAddress = $(MEMFD_BASE_ADDRESS) -Size = 0xD00000 +Size = 0xE00000 ErasePolarity = 1 BlockSize = 0x10000 -NumBlocks = 0xD0 +NumBlocks = 0xE0 0x000000|0x006000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize @@ -83,7 +83,7 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.P gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvSize FV = PEIFV -0x100000|0xC00000 +0x100000|0xD00000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize FV = DXEFV Please cc me if there is any other progress, my team and I will provide support as far as possible. Thanks! [-- Attachment #2: Type: text/html, Size: 5666 bytes --] ^ permalink raw reply related [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-02-23 2:46 ` Vineel Kovvuri @ 2022-02-23 2:54 ` yi1 li 2022-02-24 6:51 ` Vineel Kovvuri 0 siblings, 1 reply; 36+ messages in thread From: yi1 li @ 2022-02-23 2:54 UTC (permalink / raw) To: Kovvuri, Vineel, devel@edk2.groups.io, Vineel Kovvuri [-- Attachment #1: Type: text/plain, Size: 2264 bytes --] Good news, Thanks for your work. Thanks! Yi Li From: Vineel Kovvuri <vineelko@microsoft.com> Sent: Wednesday, February 23, 2022 10:46 AM To: devel@edk2.groups.io; Li, Yi1 <yi1.li@intel.com>; Vineel Kovvuri <vineel.kovvuri@gmail.com> Subject: RE: [EXTERNAL] Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Hi, Thanks for providing the inputs here. Really appreciated. I will try to resume the work(had to put it aside due to other priorities). Please expect the patch by EOW. Thanks, Vineel From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of yi1 li via groups.io Sent: Tuesday, February 22, 2022 6:33 PM To: Vineel Kovvuri <vineel.kovvuri@gmail.com>; devel@edk2.groups.io Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Hi Vineel, Are you still working on this issue? I'm glad to see that edk2 will enable EC and other crypto features and would like some advice. I found from the previous discussion that there are only some issues with Ovmf binary size left, Have you tried enlarging the size of DXEFV in OvmfPkgIa32X64.fdf, I think this is the most direct way to solve this problem. Such like: diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index 097fd428d5..1de0aad9f4 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -62,10 +62,10 @@ FV = SECFV [FD.MEMFD] BaseAddress = $(MEMFD_BASE_ADDRESS) -Size = 0xD00000 +Size = 0xE00000 ErasePolarity = 1 BlockSize = 0x10000 -NumBlocks = 0xD0 +NumBlocks = 0xE0 0x000000|0x006000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize @@ -83,7 +83,7 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.P gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvSize FV = PEIFV -0x100000|0xC00000 +0x100000|0xD00000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize FV = DXEFV Please cc me if there is any other progress, my team and I will provide support as far as possible. Thanks! [-- Attachment #2: Type: text/html, Size: 6758 bytes --] ^ permalink raw reply related [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-02-23 2:54 ` yi1 li @ 2022-02-24 6:51 ` Vineel Kovvuri 2022-02-24 8:20 ` yi1 li 0 siblings, 1 reply; 36+ messages in thread From: Vineel Kovvuri @ 2022-02-24 6:51 UTC (permalink / raw) To: yi1 li, devel [-- Attachment #1: Type: text/plain, Size: 713 bytes --] Hi Yi Li, I have posted the recent patch set to enable ECC ciphers in OpenSSLLib to the bug https://bugzilla.tianocore.org/show_bug.cgi?id=3679 I have ran the entire OVMF Azure pipeline locally and confirm that the code gets build without any issue. Thanks for the inputs after enlarging DXEFV the build succeeded. I am new to EDK build and to the overall process so please review the patch set and provide your comments. I am happy to address them. Once reviewed I can add it to the proposed feature to the release planning wiki 0001-Crypto-Enable-ECC-ciphers.patch 0002-Port-VsIntrinsicLib-from-Project-Mu.patch 0003-Reference-VsIntrinsicLib.patch 0004-Increase-FV-size.patch Thanks, Vineel [-- Attachment #2: Type: text/html, Size: 901 bytes --] ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-02-24 6:51 ` Vineel Kovvuri @ 2022-02-24 8:20 ` yi1 li 2022-02-25 17:51 ` Vineel Kovvuri 0 siblings, 1 reply; 36+ messages in thread From: yi1 li @ 2022-02-24 8:20 UTC (permalink / raw) To: Kovvuri, Vineel, devel@edk2.groups.io [-- Attachment #1: Type: text/plain, Size: 2731 bytes --] Hi Vineel, Code is good to me, just some BKM for edk2 upstream: 1. It's a little strange that there are submodule changes in the patch 0004, maybe you forget to run git submodule update: diff --git a/BaseTools/Source/C/BrotliCompress/brotli b/BaseTools/Source/C/BrotliCompress/brotli index f4153a09f8..666c3280cc 160000 --- a/BaseTools/Source/C/BrotliCompress/brotli +++ b/BaseTools/Source/C/BrotliCompress/brotli 1. Good commit titles and comments can get feedback from the community more quickly and more accurately, refer: https://github.com/tianocore/tianocore.github.io/wiki/Commit-Message-Format, And CC Maintainers about changed pkg in commit will remind relevant people to review the code as soon as possible, you can find them at: https://github.com/tianocore/edk2/blob/master/Maintainers.txt, A demo: CryptoPkg: Enable ECC ciphers REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3679 Reconfigure OpenSSLLib to add elliptic curve ciphers # detail info Cc: Vineel Kovvuri <vineelko@microsoft.com> Cc: # Maintainers or other people you want to Cc Signed-off-by: Vineel Kovvuri <vineelko@microsoft.com> 1. According to 2, it is best to split the changes of different PKGs, such in patch 0003. 1. Extra spaces or tabs can cause formatting errors in CI, make sure there are no unnecessary changes in the patch. Such: #ifndef OSSL_CRYPTO_DSO_CONF_H -#define OSSL_CRYPTO_DSO_CONF_H -#define DSO_NONE -#define DSO_EXTENSION ".so" +# define OSSL_CRYPTO_DSO_CONF_H +# define DSO_NONE +# define DSO_EXTENSION ".so" #endif You can submit PR to edk2 mater branch directly to check for CI bugs(will not be reviewed or merged). Thanks! Yi Li From: vineelko via groups.io <vineelko=microsoft.com@groups.io> Sent: Thursday, February 24, 2022 2:51 PM To: Li, Yi1 <yi1.li@intel.com>; devel@edk2.groups.io Subject: Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Hi Yi Li, I have posted the recent patch set to enable ECC ciphers in OpenSSLLib to the bug https://bugzilla.tianocore.org/show_bug.cgi?id=3679 I have ran the entire OVMF Azure pipeline locally and confirm that the code gets build without any issue. Thanks for the inputs after enlarging DXEFV the build succeeded. I am new to EDK build and to the overall process so please review the patch set and provide your comments. I am happy to address them. Once reviewed I can add it to the proposed feature to the release planning wiki 0001-Crypto-Enable-ECC-ciphers.patch 0002-Port-VsIntrinsicLib-from-Project-Mu.patch 0003-Reference-VsIntrinsicLib.patch 0004-Increase-FV-size.patch Thanks, Vineel [-- Attachment #2: Type: text/html, Size: 10848 bytes --] ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-02-24 8:20 ` yi1 li @ 2022-02-25 17:51 ` Vineel Kovvuri 2022-02-26 15:54 ` yi1 li ` (2 more replies) 0 siblings, 3 replies; 36+ messages in thread From: Vineel Kovvuri @ 2022-02-25 17:51 UTC (permalink / raw) To: yi1 li, devel [-- Attachment #1: Type: text/plain, Size: 463 bytes --] Huge Thanks for "You can submit PR to edk2 mater branch directly to check for CI bugs(will not be reviewed or merged)." I am fixing them. Regarding the style(extra spaces and tabs), It is actually coming from openssl when we run CryptoPkg/Library/OpensslLib/process_files.pl Not sure if there a way to exclude some of the files from checking the style? Sample PR against EDK2 master: https://github.com/tianocore/edk2/pull/2546/files Thanks, Vineel [-- Attachment #2: Type: text/html, Size: 503 bytes --] ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-02-25 17:51 ` Vineel Kovvuri @ 2022-02-26 15:54 ` yi1 li 2022-02-28 8:24 ` yi1 li 2022-03-03 6:30 ` Vineel Kovvuri 2 siblings, 0 replies; 36+ messages in thread From: yi1 li @ 2022-02-26 15:54 UTC (permalink / raw) To: Kovvuri, Vineel, devel@edk2.groups.io [-- Attachment #1: Type: text/plain, Size: 1091 bytes --] Well done! And Edk2 has code style tools internal, use this cmd to fix it: pip install -r pip-requirements.txt git ls-files CryptoPkg*.c CryptoPkg*.h | .\.pytool\Plugin\UncrustifyCheck\mu-uncrustify-release_extdep\Windows-x86\uncrustify.exe -c .\.pytool\Plugin\UncrustifyCheck\uncrustify.cfg -F - --replace --no-backup --if-changed Thank you! Yi Li From: vineelko via groups.io <vineelko=microsoft.com@groups.io> Sent: Saturday, February 26, 2022 1:52 AM To: Li, Yi1 <yi1.li@intel.com>; devel@edk2.groups.io Subject: Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Huge Thanks for "You can submit PR to edk2 mater branch directly to check for CI bugs(will not be reviewed or merged)." I am fixing them. Regarding the style(extra spaces and tabs), It is actually coming from openssl when we run CryptoPkg/Library/OpensslLib/process_files.pl Not sure if there a way to exclude some of the files from checking the style? Sample PR against EDK2 master: https://github.com/tianocore/edk2/pull/2546/files Thanks, Vineel [-- Attachment #2: Type: text/html, Size: 3729 bytes --] ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-02-25 17:51 ` Vineel Kovvuri 2022-02-26 15:54 ` yi1 li @ 2022-02-28 8:24 ` yi1 li 2022-03-01 14:04 ` Gerd Hoffmann 2022-03-03 6:30 ` Vineel Kovvuri 2 siblings, 1 reply; 36+ messages in thread From: yi1 li @ 2022-02-28 8:24 UTC (permalink / raw) To: Kovvuri, Vineel, devel@edk2.groups.io [-- Attachment #1.1: Type: text/plain, Size: 1708 bytes --] Hi Vineel, I noticed that there are some CI errors still in PR, 1. The VsIntrinscicLib is only used in OpenSSL related lib, putting it only in the CryptoPkg would make more sense and simplify the review process. 1. A BKM: NULL LibraryClass means that its internal API will not be called by external modules, the correct usage of a library is to give it a name and use it in other modules, And this link will be more clear: https://edk2.groups.io/g/devel/topic/what_is_a_null_library/80192232?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,20,80192232, This is also the root cause of the remaining CI errors. 1. I drafted a demo patch and it passed the CI test, Seems we only need three patch: CryptoPkg: Reconfigure OpensslLib to add elliptic curve cipher algori… CryptoPkg: Add instrinsics to support building ECC on IA32 windows OvmfPkg: Increase DXEFV size to accommodate ECC ciphers related changes FYR. Thanks! Yi Li From: vineelko via groups.io <vineelko=microsoft.com@groups.io> Sent: Saturday, February 26, 2022 1:52 AM To: Li, Yi1 <yi1.li@intel.com>; devel@edk2.groups.io Subject: Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Huge Thanks for "You can submit PR to edk2 mater branch directly to check for CI bugs(will not be reviewed or merged)." I am fixing them. Regarding the style(extra spaces and tabs), It is actually coming from openssl when we run CryptoPkg/Library/OpensslLib/process_files.pl Not sure if there a way to exclude some of the files from checking the style? Sample PR against EDK2 master: https://github.com/tianocore/edk2/pull/2546/files Thanks, Vineel [-- Attachment #1.2: Type: text/html, Size: 6791 bytes --] [-- Attachment #2: 0001-CryptoPkg-Add-instrinsics-to-support-building-ECC-on.patch --] [-- Type: application/octet-stream, Size: 6342 bytes --] From d4622c67ae10557ac379f1e388175869c2e86f85 Mon Sep 17 00:00:00 2001 From: yi1 li <yi1.li@intel.com> Date: Mon, 28 Feb 2022 14:54:05 +0800 Subject: [PATCH 1/1] CryptoPkg: Add instrinsics to support building ECC on IA32 windows REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3679 This dependency is needed to build openssl lib with ECC ciphers under IA32 Windows and adds implementation for _allmul and _allshr instrinsics. It is taken from Project Mu: microsoft/mu_basecore@b55b341 Signed-off-by: yi1 li <yi1.li@intel.com> --- .../Library/IntrinsicLib/Ia32/MathLlmul.asm | 98 +++++++++++++++++++ .../Library/IntrinsicLib/Ia32/MathLlshr.asm | 78 +++++++++++++++ .../Library/IntrinsicLib/IntrinsicLib.inf | 2 + 3 files changed, 178 insertions(+) create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathLlmul.asm create mode 100644 CryptoPkg/Library/IntrinsicLib/Ia32/MathLlshr.asm diff --git a/CryptoPkg/Library/IntrinsicLib/Ia32/MathLlmul.asm b/CryptoPkg/Library/IntrinsicLib/Ia32/MathLlmul.asm new file mode 100644 index 000000000000..341ea8a7bc0d --- /dev/null +++ b/CryptoPkg/Library/IntrinsicLib/Ia32/MathLlmul.asm @@ -0,0 +1,98 @@ +;*** +;llmul.asm - long multiply routine +; +; Copyright (c) Microsoft Corporation. All rights reserved. +; SPDX-License-Identifier: BSD-2-Clause-Patent +; +;Purpose: +; Defines long multiply routine +; Both signed and unsigned routines are the same, since multiply's +; work out the same in 2's complement +; creates the following routine: +; __allmul +; +;Original Implemenation: MSVC 14.12.25827 +; +;******************************************************************************* + .686 + .model flat,C + .code + + +;*** +;llmul - long multiply routine +; +;Purpose: +; Does a long multiply (same for signed/unsigned) +; Parameters are not changed. +; +;Entry: +; Parameters are passed on the stack: +; 1st pushed: multiplier (QWORD) +; 2nd pushed: multiplicand (QWORD) +; +;Exit: +; EDX:EAX - product of multiplier and multiplicand +; NOTE: parameters are removed from the stack +; +;Uses: +; ECX +; +;Exceptions: +; +;******************************************************************************* +_allmul PROC NEAR + +A EQU [esp + 4] ; stack address of a +B EQU [esp + 12] ; stack address of b + +HIGH_PART EQU [4] ; +LOW_PART EQU [0] + +; +; AHI, BHI : upper 32 bits of A and B +; ALO, BLO : lower 32 bits of A and B +; +; ALO * BLO +; ALO * BHI +; + BLO * AHI +; --------------------- +; + + mov eax,HIGH_PART(A) + mov ecx,HIGH_PART(B) + or ecx,eax ;test for both high dwords zero. + mov ecx,LOW_PART(B) + jnz short hard ;both are zero, just mult ALO and BLO + + mov eax,LOW_PART(A) + mul ecx + + ret 16 ; callee restores the stack + +hard: + push ebx + +; must redefine A and B since esp has been altered + +A2 EQU [esp + 8] ; stack address of a +B2 EQU [esp + 16] ; stack address of b + + mul ecx ;eax has AHI, ecx has BLO, so AHI * BLO + mov ebx,eax ;save result + + mov eax,LOW_PART(A2) + mul dword ptr HIGH_PART(B2) ;ALO * BHI + add ebx,eax ;ebx = ((ALO * BHI) + (AHI * BLO)) + + mov eax,LOW_PART(A2);ecx = BLO + mul ecx ;so edx:eax = ALO*BLO + add edx,ebx ;now edx has all the LO*HI stuff + + pop ebx + + ret 16 ; callee restores the stack + +_allmul ENDP + + end diff --git a/CryptoPkg/Library/IntrinsicLib/Ia32/MathLlshr.asm b/CryptoPkg/Library/IntrinsicLib/Ia32/MathLlshr.asm new file mode 100644 index 000000000000..ab8294580f16 --- /dev/null +++ b/CryptoPkg/Library/IntrinsicLib/Ia32/MathLlshr.asm @@ -0,0 +1,78 @@ +;*** +;llshr.asm - long shift right +; +; Copyright (c) Microsoft Corporation. All rights reserved. +; SPDX-License-Identifier: BSD-2-Clause-Patent +; +;Purpose: +; define signed long shift right routine +; __allshr +; +;Original Implemenation: MSVC 14.12.25827 +; +;******************************************************************************* + .686 + .model flat,C + .code + + + +;*** +;llshr - long shift right +; +;Purpose: +; Does a signed Long Shift Right +; Shifts a long right any number of bits. +; +;Entry: +; EDX:EAX - long value to be shifted +; CL - number of bits to shift by +; +;Exit: +; EDX:EAX - shifted value +; +;Uses: +; CL is destroyed. +; +;Exceptions: +; +;******************************************************************************* +_allshr PROC NEAR + +; +; Handle shifts of 64 bits or more (if shifting 64 bits or more, the result +; depends only on the high order bit of edx). +; + cmp cl,64 + jae short RETSIGN + +; +; Handle shifts of between 0 and 31 bits +; + cmp cl, 32 + jae short MORE32 + shrd eax,edx,cl + sar edx,cl + ret + +; +; Handle shifts of between 32 and 63 bits +; +MORE32: + mov eax,edx + sar edx,31 + and cl,31 + sar eax,cl + ret + +; +; Return double precision 0 or -1, depending on the sign of edx +; +RETSIGN: + sar edx,31 + mov eax,edx + ret + +_allshr ENDP + + end diff --git a/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf b/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf index fcbb93316cf7..86e74b57b109 100644 --- a/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf +++ b/CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf @@ -30,6 +30,8 @@ Ia32/MathLShiftS64.c | MSFT Ia32/MathRShiftU64.c | MSFT Ia32/MathFtol.c | MSFT + Ia32/MathLlmul.asm | MSFT + Ia32/MathLlshr.asm | MSFT Ia32/MathLShiftS64.c | INTEL Ia32/MathRShiftU64.c | INTEL -- 2.33.0.windows.2 ^ permalink raw reply related [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-02-28 8:24 ` yi1 li @ 2022-03-01 14:04 ` Gerd Hoffmann 2022-03-01 17:38 ` Sean 2022-03-02 4:23 ` yi1 li 0 siblings, 2 replies; 36+ messages in thread From: Gerd Hoffmann @ 2022-03-01 14:04 UTC (permalink / raw) To: devel, yi1.li; +Cc: Kovvuri, Vineel, jiewen.yao > CryptoPkg: Add instrinsics to support building ECC on IA32 windows See also https://edk2.groups.io/g/devel/message/87130 & followups. git branch here: https://github.com/kraxel/edk2/commits/intrinsics > OvmfPkg: Increase DXEFV size to accommodate ECC ciphers related changes Changing flash size breaks backward compatibility, so this is a problem. openssl3 porting runs into this too, not solved yet. Jiewen (Cc'ed) suggested to look into using CryptoPkg/Driver instead of linking openssl as Library, so we have only one copy of the code. Not investigated yet. Also: what do you need ecc support for? take care, Gerd ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-03-01 14:04 ` Gerd Hoffmann @ 2022-03-01 17:38 ` Sean 2022-03-02 4:23 ` yi1 li 1 sibling, 0 replies; 36+ messages in thread From: Sean @ 2022-03-01 17:38 UTC (permalink / raw) To: devel, kraxel, yi1.li; +Cc: Kovvuri, Vineel, jiewen.yao On 3/1/2022 6:04 AM, Gerd Hoffmann wrote: >> CryptoPkg: Add instrinsics to support building ECC on IA32 windows > > See also https://edk2.groups.io/g/devel/message/87130 & followups. > git branch here: https://github.com/kraxel/edk2/commits/intrinsics > >> OvmfPkg: Increase DXEFV size to accommodate ECC ciphers related changes > > Changing flash size breaks backward compatibility, so this is a problem. > openssl3 porting runs into this too, not solved yet. > > Jiewen (Cc'ed) suggested to look into using CryptoPkg/Driver instead of > linking openssl as Library, so we have only one copy of the code. Not > investigated yet. > > Also: what do you need ecc support for? TLS requirements for modern endpoints/services are "generally" moving to ECC. > > take care, > Gerd > > > > > > ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-03-01 14:04 ` Gerd Hoffmann 2022-03-01 17:38 ` Sean @ 2022-03-02 4:23 ` yi1 li 2022-03-02 6:59 ` Yao, Jiewen 2022-03-02 7:58 ` Gerd Hoffmann 1 sibling, 2 replies; 36+ messages in thread From: yi1 li @ 2022-03-02 4:23 UTC (permalink / raw) To: Gerd Hoffmann, devel@edk2.groups.io Cc: Kovvuri, Vineel, Yao, Jiewen, Luo, Heng Thanks for your information, 1.See also https://edk2.groups.io/g/devel/message/87130 & followups. git branch here: https://github.com/kraxel/edk2/commits/intrinsics It's good to me, make code more clear. 2. Jiewen (Cc'ed) suggested to look into using CryptoPkg/Driver instead of linking openssl as Library, so we have only one copy of the code. Not investigated yet. Does it means OvmfPkg will use CryptDxe instead of BaseCryptoLib and OpensslLib directly? Sounds will be a big change. Or a separate ECC Driver such CryptEcDxe and still use BaseCryptoLib and OpensslLib? I would like to point out that once we close macro OPENSSL_NO_EC, The size of Openssllib will inevitably increase due to some enabled feature and exceed limit of Ovmf, Such in x509_vry.c: static int check_curve(X509 *cert) { #ifndef OPENSSL_NO_EC EVP_PKEY *pkey = X509_get0_pubkey(cert); /* Unsupported or malformed key */ if (pkey == NULL) return -1; if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { int ret; ret = EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY(pkey)); return ret < 0 ? ret : !ret; } #endif 3. Also: what do you need ecc support for? WPA3 needs ECC's support, and I think Vineel's work will be the foundation. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3828 Thanks! Yi Li -----Original Message----- From: Gerd Hoffmann <kraxel@redhat.com> Sent: Tuesday, March 1, 2022 10:05 PM To: devel@edk2.groups.io; Li, Yi1 <yi1.li@intel.com> Cc: Kovvuri, Vineel <vineelko@microsoft.com>; Yao, Jiewen <jiewen.yao@intel.com> Subject: Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms > CryptoPkg: Add instrinsics to support building ECC on IA32 windows See also https://edk2.groups.io/g/devel/message/87130 & followups. git branch here: https://github.com/kraxel/edk2/commits/intrinsics > OvmfPkg: Increase DXEFV size to accommodate ECC ciphers related > changes Changing flash size breaks backward compatibility, so this is a problem. openssl3 porting runs into this too, not solved yet. Jiewen (Cc'ed) suggested to look into using CryptoPkg/Driver instead of linking openssl as Library, so we have only one copy of the code. Not investigated yet. Also: what do you need ecc support for? take care, Gerd ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-03-02 4:23 ` yi1 li @ 2022-03-02 6:59 ` Yao, Jiewen 2022-03-02 7:42 ` Gerd Hoffmann 2022-03-02 7:58 ` Gerd Hoffmann 1 sibling, 1 reply; 36+ messages in thread From: Yao, Jiewen @ 2022-03-02 6:59 UTC (permalink / raw) To: Li, Yi1, Gerd Hoffmann, devel@edk2.groups.io; +Cc: Kovvuri, Vineel, Luo, Heng I think another option to pursue is to how to control the openssl configuration from module or platform level. E.g. what if platform-A has enough size and wants to use ECC, while platform-B has size constrain and wants to disable ECC ? We can let platform choose if ECC is needed or not? I hope so. Thank you Yao Jiewen > -----Original Message----- > From: Li, Yi1 <yi1.li@intel.com> > Sent: Wednesday, March 2, 2022 12:24 PM > To: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io > Cc: Kovvuri, Vineel <vineelko@microsoft.com>; Yao, Jiewen > <jiewen.yao@intel.com>; Luo, Heng <heng.luo@intel.com> > Subject: RE: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic > curve chipher algorithms > > Thanks for your information, > > 1.See also https://edk2.groups.io/g/devel/message/87130 & followups. > git branch here: https://github.com/kraxel/edk2/commits/intrinsics > > It's good to me, make code more clear. > > 2. Jiewen (Cc'ed) suggested to look into using CryptoPkg/Driver instead of > linking openssl as Library, so we have only one copy of the code. Not > investigated yet. > > Does it means OvmfPkg will use CryptDxe instead of BaseCryptoLib and > OpensslLib directly? Sounds will be a big change. > Or a separate ECC Driver such CryptEcDxe and still use BaseCryptoLib and > OpensslLib? > I would like to point out that once we close macro OPENSSL_NO_EC, The size of > Openssllib will inevitably increase due to some enabled feature and exceed limit > of Ovmf, > Such in x509_vry.c: > static int check_curve(X509 *cert) > { > #ifndef OPENSSL_NO_EC > EVP_PKEY *pkey = X509_get0_pubkey(cert); > > /* Unsupported or malformed key */ > if (pkey == NULL) > return -1; > > if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { > int ret; > > ret = > EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY(pkey)); > return ret < 0 ? ret : !ret; > } > #endif > > 3. Also: what do you need ecc support for? > > WPA3 needs ECC's support, and I think Vineel's work will be the foundation. > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3828 > > Thanks! > Yi Li > -----Original Message----- > From: Gerd Hoffmann <kraxel@redhat.com> > Sent: Tuesday, March 1, 2022 10:05 PM > To: devel@edk2.groups.io; Li, Yi1 <yi1.li@intel.com> > Cc: Kovvuri, Vineel <vineelko@microsoft.com>; Yao, Jiewen > <jiewen.yao@intel.com> > Subject: Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic > curve chipher algorithms > > > CryptoPkg: Add instrinsics to support building ECC on IA32 windows > > See also https://edk2.groups.io/g/devel/message/87130 & followups. > git branch here: https://github.com/kraxel/edk2/commits/intrinsics > > > OvmfPkg: Increase DXEFV size to accommodate ECC ciphers related > > changes > > Changing flash size breaks backward compatibility, so this is a problem. > openssl3 porting runs into this too, not solved yet. > > Jiewen (Cc'ed) suggested to look into using CryptoPkg/Driver instead of linking > openssl as Library, so we have only one copy of the code. Not investigated yet. > > Also: what do you need ecc support for? > > take care, > Gerd ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-03-02 6:59 ` Yao, Jiewen @ 2022-03-02 7:42 ` Gerd Hoffmann 2022-03-02 11:56 ` Yao, Jiewen 0 siblings, 1 reply; 36+ messages in thread From: Gerd Hoffmann @ 2022-03-02 7:42 UTC (permalink / raw) To: Yao, Jiewen; +Cc: Li, Yi1, devel@edk2.groups.io, Kovvuri, Vineel, Luo, Heng On Wed, Mar 02, 2022 at 06:59:48AM +0000, Yao, Jiewen wrote: > I think another option to pursue is to how to control the openssl configuration from module or platform level. > > E.g. what if platform-A has enough size and wants to use ECC, while platform-B has size constrain and wants to disable ECC ? > > We can let platform choose if ECC is needed or not? I hope so. Not so easy. Would require to put the way openssl is integrated upside down. Today openssl is configured and the results (header files etc) are committed to the repo, so the openssl config is the same for everybody. Also I expect there is no way around ecc long-term. WPA3 was mentioned elsewhere in the thread. For TLS it will most likely be a requirement too at some point in the future. With TLS 1.2 it is possible to choose ciphers not requiring ECC, for TLS 1.3 ECC is mandatory though. So I doubt making ECC optional is worth the trouble. take care, Gerd ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-03-02 7:42 ` Gerd Hoffmann @ 2022-03-02 11:56 ` Yao, Jiewen 2022-03-03 8:43 ` yi1 li 0 siblings, 1 reply; 36+ messages in thread From: Yao, Jiewen @ 2022-03-02 11:56 UTC (permalink / raw) To: Gerd Hoffmann; +Cc: Li, Yi1, devel@edk2.groups.io, Kovvuri, Vineel, Luo, Heng >From requirement perspective, I am thinking more broadly than just ECC. Looking at https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/Include/openssl/opensslconf.h today, we disabled lots of thing, ECDH, ECDSA, TLS1_3, which might be potential useful. While the algorithm we used today such as FFDHE, MD5, SHA1, might be not useful. Even for ECC, some platform may need normal ECDH/ECDSA. However, some platform may or might not need EdDSA or X-Curve DH. I am not sure if we really need to enable all of them in previous patch set. SM3 and SM2 are another category. It might be useful for one particular segment, but not useful for others. For example, a SMx-compliant only platform may only requires SM2/SM3 (no RSA/ECC), which a NIST-compliant only platform might not required SMx. If a platform does have flash size constrain, why it cannot do customization? Why we enforce every platform, from an embedded system to a server use the same default configuration ? openssl exposes a config file, other crypto lib (mbedtls, wolfssl) also does same thing, such as https://github.com/ARMmbed/mbedtls/blob/development/include/mbedtls/mbedtls_config.h, https://github.com/wolfSSL/wolfssl/tree/master/examples/configs Why we cannot allow a platform override such configuration ? I am not saying we must do it. But I believe it is worth to revisit, to see if any platform has such need, before draw the conclusion so quick. Thank you Yao Jiewen > -----Original Message----- > From: Gerd Hoffmann <kraxel@redhat.com> > Sent: Wednesday, March 2, 2022 3:42 PM > To: Yao, Jiewen <jiewen.yao@intel.com> > Cc: Li, Yi1 <yi1.li@intel.com>; devel@edk2.groups.io; Kovvuri, Vineel > <vineelko@microsoft.com>; Luo, Heng <heng.luo@intel.com> > Subject: Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic > curve chipher algorithms > > On Wed, Mar 02, 2022 at 06:59:48AM +0000, Yao, Jiewen wrote: > > I think another option to pursue is to how to control the openssl configuration > from module or platform level. > > > > E.g. what if platform-A has enough size and wants to use ECC, while platform- > B has size constrain and wants to disable ECC ? > > > > We can let platform choose if ECC is needed or not? I hope so. > > Not so easy. Would require to put the way openssl is integrated upside > down. Today openssl is configured and the results (header files etc) > are committed to the repo, so the openssl config is the same for > everybody. > > Also I expect there is no way around ecc long-term. WPA3 was mentioned > elsewhere in the thread. For TLS it will most likely be a requirement > too at some point in the future. With TLS 1.2 it is possible to choose > ciphers not requiring ECC, for TLS 1.3 ECC is mandatory though. > > So I doubt making ECC optional is worth the trouble. > > take care, > Gerd ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-03-02 11:56 ` Yao, Jiewen @ 2022-03-03 8:43 ` yi1 li 2022-03-03 10:05 ` Yao, Jiewen 0 siblings, 1 reply; 36+ messages in thread From: yi1 li @ 2022-03-03 8:43 UTC (permalink / raw) To: Yao, Jiewen, Gerd Hoffmann Cc: devel@edk2.groups.io, Kovvuri, Vineel, Luo, Heng Agree with that and I think the first issue is OPENSSL_NO_* be not cover every file related to some feature in openssl (like ec). Once those macro defines can cover everything, we can put all files in OpensslLib.inf [Source], and control macro defines in opensslconf.h by PCDs to do customization. Openssl community feels ok to it and that's exactly what they do, like asn1, just not covering all features. https://github.com/openssl/openssl/issues/17801 I am glad to push it forward, but, it seems will be a long time and platform needs to support WPA3 as soon as possible. I'm thinking about whether we can use a new OpensslEclib.inf to enable ECC firstly to meet customer needs? Thanks! Yi Li -----Original Message----- From: Yao, Jiewen <jiewen.yao@intel.com> Sent: Wednesday, March 2, 2022 7:57 PM To: Gerd Hoffmann <kraxel@redhat.com> Cc: Li, Yi1 <yi1.li@intel.com>; devel@edk2.groups.io; Kovvuri, Vineel <vineelko@microsoft.com>; Luo, Heng <heng.luo@intel.com> Subject: RE: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms >From requirement perspective, I am thinking more broadly than just ECC. Looking at https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/Include/openssl/opensslconf.h today, we disabled lots of thing, ECDH, ECDSA, TLS1_3, which might be potential useful. While the algorithm we used today such as FFDHE, MD5, SHA1, might be not useful. Even for ECC, some platform may need normal ECDH/ECDSA. However, some platform may or might not need EdDSA or X-Curve DH. I am not sure if we really need to enable all of them in previous patch set. SM3 and SM2 are another category. It might be useful for one particular segment, but not useful for others. For example, a SMx-compliant only platform may only requires SM2/SM3 (no RSA/ECC), which a NIST-compliant only platform might not required SMx. If a platform does have flash size constrain, why it cannot do customization? Why we enforce every platform, from an embedded system to a server use the same default configuration ? openssl exposes a config file, other crypto lib (mbedtls, wolfssl) also does same thing, such as https://github.com/ARMmbed/mbedtls/blob/development/include/mbedtls/mbedtls_config.h, https://github.com/wolfSSL/wolfssl/tree/master/examples/configs Why we cannot allow a platform override such configuration ? I am not saying we must do it. But I believe it is worth to revisit, to see if any platform has such need, before draw the conclusion so quick. Thank you Yao Jiewen > -----Original Message----- > From: Gerd Hoffmann <kraxel@redhat.com> > Sent: Wednesday, March 2, 2022 3:42 PM > To: Yao, Jiewen <jiewen.yao@intel.com> > Cc: Li, Yi1 <yi1.li@intel.com>; devel@edk2.groups.io; Kovvuri, Vineel > <vineelko@microsoft.com>; Luo, Heng <heng.luo@intel.com> > Subject: Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add > elliptic curve chipher algorithms > > On Wed, Mar 02, 2022 at 06:59:48AM +0000, Yao, Jiewen wrote: > > I think another option to pursue is to how to control the openssl > > configuration > from module or platform level. > > > > E.g. what if platform-A has enough size and wants to use ECC, while > > platform- > B has size constrain and wants to disable ECC ? > > > > We can let platform choose if ECC is needed or not? I hope so. > > Not so easy. Would require to put the way openssl is integrated > upside down. Today openssl is configured and the results (header > files etc) are committed to the repo, so the openssl config is the > same for everybody. > > Also I expect there is no way around ecc long-term. WPA3 was > mentioned elsewhere in the thread. For TLS it will most likely be a > requirement too at some point in the future. With TLS 1.2 it is > possible to choose ciphers not requiring ECC, for TLS 1.3 ECC is mandatory though. > > So I doubt making ECC optional is worth the trouble. > > take care, > Gerd ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-03-03 8:43 ` yi1 li @ 2022-03-03 10:05 ` Yao, Jiewen 2022-03-04 2:15 ` Vineel Kovvuri 0 siblings, 1 reply; 36+ messages in thread From: Yao, Jiewen @ 2022-03-03 10:05 UTC (permalink / raw) To: Li, Yi1, Gerd Hoffmann; +Cc: devel@edk2.groups.io, Kovvuri, Vineel, Luo, Heng I don't like OpensslEclib, it seems a workaround. We already have 5 INF under BaseCryptLib. It is complicated enough. And I am not sure how OpensslEclib can resolve size issue... > -----Original Message----- > From: Li, Yi1 <yi1.li@intel.com> > Sent: Thursday, March 3, 2022 4:43 PM > To: Yao, Jiewen <jiewen.yao@intel.com>; Gerd Hoffmann <kraxel@redhat.com> > Cc: devel@edk2.groups.io; Kovvuri, Vineel <vineelko@microsoft.com>; Luo, > Heng <heng.luo@intel.com> > Subject: RE: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic > curve chipher algorithms > > Agree with that and I think the first issue is OPENSSL_NO_* be not cover every > file related to some feature in openssl (like ec). > Once those macro defines can cover everything, we can put all files in > OpensslLib.inf [Source], > and control macro defines in opensslconf.h by PCDs to do customization. > Openssl community feels ok to it and that's exactly what they do, like asn1, just > not covering all features. > https://github.com/openssl/openssl/issues/17801 > > I am glad to push it forward, but, it seems will be a long time and platform needs > to support WPA3 as soon as possible. > I'm thinking about whether we can use a new OpensslEclib.inf to enable ECC > firstly to meet customer needs? > > Thanks! > Yi Li > -----Original Message----- > From: Yao, Jiewen <jiewen.yao@intel.com> > Sent: Wednesday, March 2, 2022 7:57 PM > To: Gerd Hoffmann <kraxel@redhat.com> > Cc: Li, Yi1 <yi1.li@intel.com>; devel@edk2.groups.io; Kovvuri, Vineel > <vineelko@microsoft.com>; Luo, Heng <heng.luo@intel.com> > Subject: RE: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic > curve chipher algorithms > > From requirement perspective, I am thinking more broadly than just ECC. > > Looking at > https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/Include/op > enssl/opensslconf.h today, we disabled lots of thing, ECDH, ECDSA, TLS1_3, > which might be potential useful. While the algorithm we used today such as > FFDHE, MD5, SHA1, might be not useful. > > Even for ECC, some platform may need normal ECDH/ECDSA. However, some > platform may or might not need EdDSA or X-Curve DH. I am not sure if we really > need to enable all of them in previous patch set. > > SM3 and SM2 are another category. It might be useful for one particular > segment, but not useful for others. For example, a SMx-compliant only platform > may only requires SM2/SM3 (no RSA/ECC), which a NIST-compliant only > platform might not required SMx. > > > If a platform does have flash size constrain, why it cannot do customization? > Why we enforce every platform, from an embedded system to a server use the > same default configuration ? > > openssl exposes a config file, other crypto lib (mbedtls, wolfssl) also does same > thing, such as > https://github.com/ARMmbed/mbedtls/blob/development/include/mbedtls/mb > edtls_config.h, > https://github.com/wolfSSL/wolfssl/tree/master/examples/configs > Why we cannot allow a platform override such configuration ? > > I am not saying we must do it. But I believe it is worth to revisit, to see if any > platform has such need, before draw the conclusion so quick. > > Thank you > Yao Jiewen > > > > -----Original Message----- > > From: Gerd Hoffmann <kraxel@redhat.com> > > Sent: Wednesday, March 2, 2022 3:42 PM > > To: Yao, Jiewen <jiewen.yao@intel.com> > > Cc: Li, Yi1 <yi1.li@intel.com>; devel@edk2.groups.io; Kovvuri, Vineel > > <vineelko@microsoft.com>; Luo, Heng <heng.luo@intel.com> > > Subject: Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add > > elliptic curve chipher algorithms > > > > On Wed, Mar 02, 2022 at 06:59:48AM +0000, Yao, Jiewen wrote: > > > I think another option to pursue is to how to control the openssl > > > configuration > > from module or platform level. > > > > > > E.g. what if platform-A has enough size and wants to use ECC, while > > > platform- > > B has size constrain and wants to disable ECC ? > > > > > > We can let platform choose if ECC is needed or not? I hope so. > > > > Not so easy. Would require to put the way openssl is integrated > > upside down. Today openssl is configured and the results (header > > files etc) are committed to the repo, so the openssl config is the > > same for everybody. > > > > Also I expect there is no way around ecc long-term. WPA3 was > > mentioned elsewhere in the thread. For TLS it will most likely be a > > requirement too at some point in the future. With TLS 1.2 it is > > possible to choose ciphers not requiring ECC, for TLS 1.3 ECC is mandatory > though. > > > > So I doubt making ECC optional is worth the trouble. > > > > take care, > > Gerd ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-03-03 10:05 ` Yao, Jiewen @ 2022-03-04 2:15 ` Vineel Kovvuri 0 siblings, 0 replies; 36+ messages in thread From: Vineel Kovvuri @ 2022-03-04 2:15 UTC (permalink / raw) To: Yao, Jiewen, devel [-- Attachment #1: Type: text/plain, Size: 521 bytes --] Apologies, I am afraid as I may not be able to incorporate/address all the concerns expressed in the thread due to lack of my understanding in this space. But I have created a new PR which addresses Yi Li concerns about constraining the changes only to CryptoPkg. EDK2: PR to enable ECC Ciphers in OpenSSL(Increase DXEFV) - Mar 3 - Iteration 1 by vineelko · Pull Request #2583 · tianocore/edk2 (github.com) ( https://github.com/tianocore/edk2/pull/2583 ) I appreciate your time and feedback. Thanks, Vineel [-- Attachment #2: Type: text/html, Size: 575 bytes --] ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-03-02 4:23 ` yi1 li 2022-03-02 6:59 ` Yao, Jiewen @ 2022-03-02 7:58 ` Gerd Hoffmann 1 sibling, 0 replies; 36+ messages in thread From: Gerd Hoffmann @ 2022-03-02 7:58 UTC (permalink / raw) To: devel, yi1.li; +Cc: Kovvuri, Vineel, Yao, Jiewen, Luo, Heng Hi, > 2. Jiewen (Cc'ed) suggested to look into using CryptoPkg/Driver instead of linking openssl as Library, so we have only one copy of the code. Not investigated yet. > > Does it means OvmfPkg will use CryptDxe instead of BaseCryptoLib and OpensslLib directly? Sounds will be a big change. Havn't checked yet how much of a change that would be. Looks like CryptoPkg/Library/BaseCryptLibOnProtocolPpi is a drop-in replacement for CryptoPkg/Library/BaseCryptLib, which will call EDKII_CRYPTO_PROTOCOL provided by CryptoPkg/Driver instead of linking in the crypto bits from openssl. Apparently there isn't something simliar for OpensslLib though. > Or a separate ECC Driver such CryptEcDxe and still use BaseCryptoLib and OpensslLib? Would probably make sense to just add ecc support to the existing CryptoPkg/Driver. take care, Gerd ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-02-25 17:51 ` Vineel Kovvuri 2022-02-26 15:54 ` yi1 li 2022-02-28 8:24 ` yi1 li @ 2022-03-03 6:30 ` Vineel Kovvuri 2022-03-03 6:37 ` Vineel Kovvuri 2 siblings, 1 reply; 36+ messages in thread From: Vineel Kovvuri @ 2022-03-03 6:30 UTC (permalink / raw) To: Vineel Kovvuri, devel [-- Attachment #1: Type: text/plain, Size: 940 bytes --] Hi Yi Li, I am able to incorporate all your feedback regarding commit hygiene. Also able to validate them by firing an sample PR against EDK2 master https://github.com/tianocore/edk2/pull/2550/checks All of the checks passed expected 3 which seems to be infrastructure related. I would need your teams help in taking a look at them if its caused by my commits. Broken down the commits per area owner and CC'ed them. 0001-CryptoPkg-Reconfigure-OpensslLib-to-add-elliptic-cur.patch 0002-CryptoPkg-Reference-to-VsIntrincsicLib-to-build-Open.patch 0003-MdePkg-Add-VsIntrincsicLib-to-support-building-OpenS.patch 0004-EmulatorPkg-Reference-to-VsIntrincsicLib-to-build-Op.patch 0005-OvmfPkg-Reference-to-VsIntrincsicLib-to-build-OpenSS.patch 0006-OvmfPkg-Increase-DXEFV-size-to-accommodate-ECC-ciphe.patch Updated the bug https://bugzilla.tianocore.org/show_bug.cgi?id=3679 with the patch set. Thanks for your help, Vineel [-- Attachment #2: Type: text/html, Size: 1264 bytes --] ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2022-03-03 6:30 ` Vineel Kovvuri @ 2022-03-03 6:37 ` Vineel Kovvuri 0 siblings, 0 replies; 36+ messages in thread From: Vineel Kovvuri @ 2022-03-03 6:37 UTC (permalink / raw) To: Vineel Kovvuri, devel [-- Attachment #1: Type: text/plain, Size: 144 bytes --] Sorry I missed the earlier feedback from You/Gerd/Jiewen and replied quickly with my updated patch set. I will try to look at them. -Vineel [-- Attachment #2: Type: text/html, Size: 152 bytes --] ^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms 2021-11-08 22:29 ` [edk2-devel] " Vineel Kovvuri 2021-11-09 8:06 ` Yao, Jiewen @ 2021-11-09 8:55 ` Gerd Hoffmann 1 sibling, 0 replies; 36+ messages in thread From: Gerd Hoffmann @ 2021-11-09 8:55 UTC (permalink / raw) To: devel, vineelko; +Cc: Vineel Kovvuri Hi, > * OvmfPkg_Win_VS2019 - Passed > * OvmfPkg_Ubuntu_GCC5 – Failed > * INFO - GenFv: ERROR 3000: Invalid > * INFO - the required fv image size 0xcb2ac0 exceeds the set fv image size 0xc00000 Wow. That is a quite significant increase. Is this the OVMF_IA32X64_FULL_NOOPT build? That one is disabled on windows already, probably because turning off compiler optimizations increases the build size too much. We could do the same for ubuntu as short-term solution. Long-term we probably need options to build 8M and 16M OVMF binaries. While being at it: have you by chance also looked at switching tianocore over to openssl 3.0? take care, Gerd ^ permalink raw reply [flat|nested] 36+ messages in thread
end of thread, other threads:[~2022-03-04 2:15 UTC | newest] Thread overview: 36+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-10-12 5:38 [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Vineel Kovvuri 2021-10-12 5:38 ` [PATCH 2/2] Allow wildcards in hostname Vineel Kovvuri 2021-10-13 2:50 ` Yao, Jiewen 2021-10-13 2:45 ` [PATCH 1/2] Reconfigure OpensslLib to add elliptic curve chipher algorithms Yao, Jiewen 2021-10-17 2:49 ` Yao, Jiewen 2021-10-18 20:06 ` vineelko 2021-11-03 0:37 ` Yao, Jiewen 2021-11-03 8:34 ` Vineel Kovvuri 2021-11-08 22:29 ` [edk2-devel] " Vineel Kovvuri 2021-11-09 8:06 ` Yao, Jiewen 2021-11-09 8:58 ` Gerd Hoffmann 2021-11-10 16:18 ` Vineel Kovvuri 2021-11-11 13:05 ` Gerd Hoffmann 2021-11-11 13:26 ` Yao, Jiewen 2021-11-18 18:40 ` Vineel Kovvuri 2022-02-23 2:32 ` yi1 li 2022-02-23 2:46 ` Vineel Kovvuri 2022-02-23 2:54 ` yi1 li 2022-02-24 6:51 ` Vineel Kovvuri 2022-02-24 8:20 ` yi1 li 2022-02-25 17:51 ` Vineel Kovvuri 2022-02-26 15:54 ` yi1 li 2022-02-28 8:24 ` yi1 li 2022-03-01 14:04 ` Gerd Hoffmann 2022-03-01 17:38 ` Sean 2022-03-02 4:23 ` yi1 li 2022-03-02 6:59 ` Yao, Jiewen 2022-03-02 7:42 ` Gerd Hoffmann 2022-03-02 11:56 ` Yao, Jiewen 2022-03-03 8:43 ` yi1 li 2022-03-03 10:05 ` Yao, Jiewen 2022-03-04 2:15 ` Vineel Kovvuri 2022-03-02 7:58 ` Gerd Hoffmann 2022-03-03 6:30 ` Vineel Kovvuri 2022-03-03 6:37 ` Vineel Kovvuri 2021-11-09 8:55 ` Gerd Hoffmann
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox